Bump @metamask/scure-bip39 from 2.1.0 to 2.1.1

[dependabot]

Bumps @metamask/scure-bip39 from 2.1.0 to 2.1.1.

Release notes

Sourced from @​metamask/scure-bip39's releases.

2.1.1

Added

• Add node.engines field indicating minimum Node.js version 16 to package manifest (#21)

Changed

• Bump @noble/hashes from ~1.1.1 to ~1.3.2 (#20)
• Bump @scure/base from ~1.1.0 to ~1.1.3 (#20)

Changelog

Sourced from @​metamask/scure-bip39's changelog.

[2.1.1]

Added

• Add node.engines field indicating minimum Node.js version 16 to package manifest (#21)

Changed

• Bump @noble/hashes from ~1.1.1 to ~1.3.2 (#20)
• Bump @scure/base from ~1.1.0 to ~1.1.3 (#20)

Commits

• 8d4b2d2 2.1.1 (#24)
• f4b3729 ci: run on ubuntu-latest (22.04) instead of ubuntu-20.04 (#22)
• b706ff0 devDeps: bump and unpin mocha, prettier, typescript (#23)
• 03d5763 deps: @​noble/hashes@~1.1.0->~1.3.2 (#20)
• cb66d97 Indicate supported Node.js versions; update node versions in CI (#21)
• d451024 add yarn.lock v1 (#19)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[legobeat]

@dependabot recreate

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[legobeat]

Not sure why this is happening now (failing test for KeyringController):

/home/runner/work/core/core/node_modules/@noble/hashes/utils.js:171
    throw new Error('crypto.getRandomValues must be defined');
          ^

Error: crypto.getRandomValues must be defined
    at randomBytes (/home/runner/work/core/core/node_modules/@noble/hashes/src/utils.ts:214:9)
    at Object.generateMnemonic (/home/runner/work/core/core/node_modules/@metamask/scure-bip39/dist/index.js:41:54)
    at HdKeyring.generateRandomMnemonic (/home/runner/work/core/core/node_modules/@metamask/eth-hd-keyring/index.js:37:34)
    at KeyringController.addNewKeyring (/home/runner/work/core/core/node_modules/@metamask/eth-keyring-controller/src/KeyringController.ts:601:15)
    at KeyringController._KeyringController_createFirstKeyTree (/home/runner/work/core/core/node_modules/@metamask/eth-keyring-controller/src/KeyringController.ts:930:21)
    at KeyringController.createNewVaultAndKeychain (/home/runner/work/core/core/node_modules/@metamask/eth-keyring-controller/src/KeyringController.ts:117:5)

[mcmire]

@mikesposito Would you happen to have any insight here since you've worked on KeyringController? Have you seen this before?

[mcmire]

Hmm... could this change in @noble/hashes cause the problem somehow? paulmillr/noble-hashes@412a108#diff-cc63f119b1879db255abe3dbb493232f19c026790a1514a05a135ef618fdaa23

[mcmire]

Okay, I managed to find the issue. It looks like there is a dependency update downstream. In addition to upgrading @metamask/scure-bip39, this PR also upgrades @noble/hashes from 1.1.5 to 1.3.2.

In @noble/hashes 1.1.5, @noble/hashes/crypto only supported Node. It returned an object { node, web }, where web always always undefined and node resolved to all of the imports from the crypto library. In 1.3.2, however, @noble/hashes/crypto supports either Node or web. It does this by accessing crypto from globalThis.

However, globalThis.crypto seems to be undefined in Jest tests. I believe this is due to long-standing behavior in Jest where globals need to be manually copied into the Node sandbox (jest-environment-node) that all tests are run in. A similar issue happened with the global fetch function which was patched in Jest 28, and I suspect the Jest team has not done the same thing for crypto.

That said, in the past we've encountered a similar problem with TextEncoder, ArrayBuffer, etc. in assets-controllers tests, and the way we solved it then was to make an extension of the JSDom environment where we manually insert the globals into the sandbox that we want to be available: https://github.com/MetaMask/core/blob/5ff1505aa4833f7b6c9055cc734c18be2401b661/packages/assets-controllers/jest.environment.js. We may be able to do a similar thing here, except for jest-environment-node instead of jest-environment-jsdom.

Another, simpler way we could solve this is to pop a jest.spyOn(globalThis, 'crypto') in a beforeEach at the top of KeyringController.test.ts and provide a mock implementation for getRandomValues.

[legobeat]

@dependabot recreate

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[mcmire]

@noble/hashes will use Web Crypto API within a Node context. Specifically, this file will get loaded thanks to this line in package.json.

Unfortunately, that's not happening in the tests, and this file gets loaded instead, which attempts to read global.crypto instead of require('crypto').webcrypto. I'm not 100% sure on this, but I believe that's happening because of the way we've configured TypeScript: we're using a moduleResolution of node, i.e. "classic" mode, which means that TypeScript skips the "exports" field in package.json.

[mcmire]

Tests should work now!