Skip to content

chore: bump new assets controller to v2.1.0#40439

Merged
salimtb merged 4 commits intomainfrom
chore/bump-new-assets-controller
Feb 26, 2026
Merged

chore: bump new assets controller to v2.1.0#40439
salimtb merged 4 commits intomainfrom
chore/bump-new-assets-controller

Conversation

@salimtb
Copy link
Contributor

@salimtb salimtb commented Feb 26, 2026
edited by cursor bot
Loading

Description

bump assets controller to v2.1.0

Open in GitHub Codespaces

Changelog

CHANGELOG entry: bump assets controller to v2.1.0

Related issues

Fixes:

Manual testing steps

  1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Note

Medium Risk
Upgrades a core dependency (@metamask/assets-controller) and adjusts initialization/configuration behavior, which could change asset fetching/balances at runtime. Also updates LavaMoat allowlists; misconfigurations could surface as build/runtime module access errors.

Overview
Bumps @metamask/assets-controller from 2.0.0 to 2.1.0 (and related transitive deps), updating lockfile entries and LavaMoat policies to allow new package paths (notably @metamask/client-controller and p-limit) and revised @metamask/core-backend usage.

Changes AssetsController initialization to disable stakedBalanceDataSourceConfig.enabled by default (and updates tests accordingly), and updates the aggregated balance selector to pass selectedCurrency (defaulting to usd) into the AssetsController aggregation state.

Written by Cursor Bugbot for commit 6dad8c0. This will update automatically on new commits. Configure here.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 26, 2026

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@socket-security
Copy link

socket-security bot commented Feb 26, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​metamask/​assets-controller@​2.0.0 ⏵ 2.1.07510080 +195 +2100

View full report

@salimtb
Copy link
Contributor Author

salimtb commented Feb 26, 2026

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

metamaskbot commented Feb 26, 2026

Policies updated.
👀 Please review the diff for suspicious new powers.

🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

👀 lavamoat/browserify/beta/policy.json changes differ from main/policy.json policy changes
👀 lavamoat/browserify/experimental/policy.json changes differ from main/policy.json policy changes
👀 lavamoat/browserify/flask/policy.json changes differ from main/policy.json policy changes
👀 lavamoat/webpack/mv2/beta/policy.json changes differ from mv2/main/policy.json policy changes
👀 lavamoat/webpack/mv2/experimental/policy.json changes differ from mv2/main/policy.json policy changes
👀 lavamoat/webpack/mv2/flask/policy.json changes differ from mv2/main/policy.json policy changes
✅ lavamoat/webpack/mv3/beta/policy.json changes match mv3/main/policy.json policy changes
✅ lavamoat/webpack/mv3/experimental/policy.json changes match mv3/main/policy.json policy changes
✅ lavamoat/webpack/mv3/flask/policy.json changes match mv3/main/policy.json policy changes

@metamaskbotv2
Copy link
Contributor

metamaskbotv2 bot commented Feb 26, 2026

✨ Files requiring CODEOWNER review ✨

📜 @MetaMask/policy-reviewers (9 files, +95 -79)
  • 📁 lavamoat/
    • 📁 browserify/
      • 📁 beta/
        • 📄 policy.json +14 -17
      • 📁 experimental/
        • 📄 policy.json +14 -17
      • 📁 flask/
        • 📄 policy.json +14 -17
      • 📁 main/
        • 📄 policy.json +14 -17
    • 📁 build-system/
      • 📄 policy.json +3 -3
    • 📁 webpack/
      • 📁 mv2/
        • 📁 beta/
          • 📄 policy.json +9 -2
        • 📁 experimental/
          • 📄 policy.json +9 -2
        • 📁 flask/
          • 📄 policy.json +9 -2
        • 📁 main/
          • 📄 policy.json +9 -2

Tip

Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers.

@github-actions github-actions bot added size-S and removed size-XS labels Feb 26, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 26, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@salimtb salimtb marked this pull request as ready for review February 26, 2026 15:19
@salimtb salimtb requested a review from a team as a code owner February 26, 2026 15:19
Prithpal-Sooriya
Prithpal-Sooriya reviewed Feb 26, 2026
View reviewed changes
lavamoat/browserify/beta/policy.json
"@metamask/utils": true
}
},
"@metamask/assets-controller>@metamask/client-controller": {
Copy link
Contributor

@Prithpal-Sooriya Prithpal-Sooriya Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh interesting, new controller - not seen this one yet 👀

Prithpal-Sooriya
Prithpal-Sooriya reviewed Feb 26, 2026
View reviewed changes
bergarces
bergarces approved these changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@bergarces bergarces left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expected changes to policies due to the introduction of p-limit package in core.

Prithpal-Sooriya
Prithpal-Sooriya reviewed Feb 26, 2026
View reviewed changes
@salimtb salimtb added this pull request to the merge queue Feb 26, 2026
Merged via the queue into main with commit ad1d8bd Feb 26, 2026
336 of 345 checks passed
@salimtb salimtb deleted the chore/bump-new-assets-controller branch February 26, 2026 16:21
@github-actions github-actions bot locked and limited conversation to collaborators Feb 26, 2026
@metamaskbot metamaskbot added the release-13.21.0 Issue or pull request that will be included in release 13.21.0 label Feb 26, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bergarces bergarces bergarces approved these changes

@Prithpal-Sooriya Prithpal-Sooriya Prithpal-Sooriya approved these changes

Assignees

No one assigned

Labels

release-13.21.0 Issue or pull request that will be included in release 13.21.0 size-S team-assets

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@salimtb @metamaskbot @bergarces @Prithpal-Sooriya