@metamask/eth-json-rpc-middleware - npm Package Versions

[15.2.0]

Added

• Add a way to pass an RPC service to createFetchMiddleware (#357)
  • The new, recommended function signature is now createFetchMiddleware({ rpcService: AbstractRpcService; options?: { originHttpHeaderKey?: string; } }), where AbstractRpcService matches the same interface from @metamask/network-controller
  • This allows us to support automatic failover to a secondary node when the network goes down

Changed

• Bump @metamask/utils to ^11.1.0 (#358)

Deprecated

• Deprecate passing an RPC endpoint to createFetchMiddleware (#357)
  • See recommended function signature above
  • The existing signature createFetchMiddleware({ btoa: typeof btoa; fetch: typeof fetch; rpcUrl: string; originHttpHeaderKey?: string; }) will be removed in a future major version
• Deprecate PayloadWithOrigin type (#357)
  • There is no replacement for this type; it will be removed in a future major version.

[15.1.2]

Changed

• Fix validation of primary type for signTypedDataV3 and signTypedDataV4 (#353)
  • It was updated to handle undefined input

[15.1.1]

Changed

• Bump @metamask/eth-block-tracker from ^11.0.3 to ^11.0.4 (#351)
• Bump @metamask/eth-json-rpc-provider from ^4.1.5 to ^4.1.7 (#351)
• Bump @metamask/eth-sig-util from ^7.0.3 to ^8.1.2 (#351)
• Bump @metamask/json-rpc-engine from ^10.0.0 to ^10.0.2 (#351)
• Bump @metamask/rpc-errors from ^7.0.0 to ^7.0.2 (#351)
• Bump @metamask/utils from ^9.1.0 to ^11.0.1 (#351)

[15.1.0]

Changed

• Improved validation of primary type for signTypedDataV3 and signTypedDataV4 (#350)

[15.0.1]

Changed

• Bump @metamask/eth-block-tracker from ^11.0.1 to ^11.0.3 (#347)

[15.0.0]

Changed

• BREAKING: Update @metamask/rpc-errors from ^6.3.1 to ^7.0.0 (#342)
• BREAKING: Update @metamask/json-rpc-engine from ^9.0.2 to ^10.0.0 (#342)
• Bump @metamask/eth-json-rpc-provider from ^4.1.1 to ^4.1.5 (#342)

Removed

• BREAKING: Remove eth_sign support (#320)
  • The functions ethSign and processEthSignMessage have been removed

[14.0.2]

Fixed

• Allow the string "cosmos" in the "verifyingContract" field of EIP-712 signatures (#333)
  • This change was made to support Ethermint's EIP-712 implementation, which was broken by validation added in v14.0.0

[14.0.1]

Fixed

• Request validation should not throw if verifyingContract is not defined in typed signature (#328)

[14.0.0]

Changed

• BREAKING: Adapt to EIP-1193 provider changes by replacing the deprecated sendAsync method with the request method (#317)
  • BREAKING: Refactor providerAsMiddleware and middleware functions retryOnEmpty, block-ref to use the request method.
• Bump @metamask/eth-block-tracker from ^10.0.0 to ^11.0.1 (#323)
• Bump @metamask/eth-json-rpc-provider from ^4.0.0 to ^4.1.1 (#323, #317)
• Bump @metamask/eth-sig-util from ^7.0.0 to ^7.0.3 (#323)
• Bump @metamask/json-rpc-engine from ^9.0.0 to ^9.0.2 (#323)
• Bump @metamask/rpc-errors from ^6.0.0 to ^6.3.1 (#323)
• Bump @metamask/utils from ^8.1.0 to ^9.1.0 (#323)

Security

• BREAKING: Typed signature validation only replaces 0X prefix with 0x, and contract address normalization is removed for decimal and octal values (#318)
  • Threat actors have been manipulating eth_signTypedData_v4 fields to cause failures in blockaid's detectors.
  • Extension crashes with an error when performing Malicious permit with a non-0x prefixed integer address.
  • This fixes an issue where the key value row or petname component disappears if a signed address is prefixed by "0X" instead of "0x".