release: 7.68.3#27505
Merged
Merged
Conversation
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
OTA was broken with old environment variables check. This PR aims to
solve that by introdocing a new environment variable.
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->
## **Changelog**
<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`
If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`
(This helps the Release Engineer do their job more quickly and
accurately)
-->
CHANGELOG entry:
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: my feature name
Scenario: user [verb for user action]
Given [describe expected initial app state]
When user [verb for user action]
Then [describe expected outcome]
```
## **Screenshots/Recordings**
<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->
### **Before**
<!-- [screenshots/recordings] -->
### **After**
<!-- [screenshots/recordings] -->
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I've included tests if applicable
- [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Changes how several services choose API endpoints/environments by
switching from `GITHUB_ACTIONS`/`E2E` checks to a new
`BUILDS_ENABLED_WITH_GH_ACTIONS_TEMPORARY` flag, which could route
builds to different backend environments if misconfigured.
>
> **Overview**
> Introduces a new build-time env flag,
`BUILDS_ENABLED_WITH_GH_ACTIONS_TEMPORARY`, and uses it to decide when
to take **build-provided** URLs/environments (from `builds.yml`) versus
deriving them from `METAMASK_ENVIRONMENT`.
>
> Updates Baanx Card URL mapping, ramps SDK environment selection
(Aggregator + Deposit), ramps controller init, and rewards API URL
override logic to key off this flag, and refreshes/adjusts tests
accordingly (including removing the previous special-casing tied to
`E2E`).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4249918. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Contributor
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
tommasini
previously approved these changes
Mar 16, 2026
0265e28 to
c0756c0
Compare
The encryptorAdapter introduced in PR #26258 overrides encryptWithKey to return browser-passworder format ({ data }) instead of the mobile Encryptor format ({ cipher }). However, decrypt and decryptWithDetail were not overridden — they were spread from the mobile Encryptor, which reads the cipher field. This caused a crash on the next unlock after any background JWT token refresh: TypeError: The first argument must be one of type string, Buffer... Received type undefined (quick-crypto.ts:101) Fix: add normalizeVaultFormat which injects cipher = data when a vault has data but no cipher, and override decrypt and decryptWithDetail in the adapter to normalize before delegating to the underlying Encryptor. Also harden decryptWithKey to accept both data and cipher fields (for pre-adapter vaults that only carry cipher), and throw explicitly when both fields are absent. Adds end-to-end tests that reproduce the bug scenario: background token refresh writes a data-format vault via encryptWithKey, then decrypt / decryptWithDetail must recover it on the next unlock.
vpintorico
previously approved these changes
Mar 16, 2026
tommasini
previously approved these changes
Mar 16, 2026
f3b071d to
9fc9bd9
Compare
Resolved conflicts between stable (7.69.0) and release/7.68.3: Build/version: take release/7.68.3 versions - app/constants/ota.ts: keep v7.68.3 Source code: take release/7.68.3 (hotfix-specific changes) - remote-feature-flag-build-time-defaults-config.ts: keep (deleted on stable) - featureFlagController selectors: keep release/7.68.3 versions Merge with "Create a merge commit" — do NOT squash. Made-with: Cursor
## **Description** Sync stable branch into release/7.68.3 to include releases (7.69.0, 7.68.2, 7.68.1, 7.68.0, 7.67.x) that were merged to stable. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. Made with Cursor Made with [Cursor](https://cursor.com) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Medium risk due to broad GitHub Actions workflow refactors (build caching/artifacts, new gating/skip conditions, new fixture jobs) that could break CI or release pipelines if misconfigured. > > **Overview** > Syncs release tooling and CI workflows to a newer stable state, including a **major GitHub Actions refactor** for builds: adds `skip_version_bump`, moves dependency setup into a reusable `setup-node-modules` workflow, and switches build jobs to consume platform-specific `node_modules` tarball artifacts with extra verification and iOS-specific pod/keychain handling. > > Expands CI automation and reporting: adds **bundle size checks**, workflow linting, shard test JSON output with aggregated unit/CV test counts, and a new `qa-stats` workflow plus `collect-qa-stats.mjs` to download artifacts from the triggering run and publish `qa-stats.json`. > > Adds E2E fixture workflows: a CI fixture validation run with PR annotations/comments (`e2e-report-fixture-validation.mjs`), plus a bot-triggered `update-e2e-fixtures` workflow that downloads the CI-built iOS app, exports/updates fixtures, and pushes changes back to the PR (non-fork only). > > Also updates tooling/config: bumps Ruby to `3.2.9`, updates Android version to `7.69.0` and adjusts packaging excludes, adds performance E2E Sentry env wiring, tightens CODEOWNERS/ESLint overrides, updates Storybook story registration, and applies Yarn patches for bridge metrics `ab_tests` support and BrowserStack local toggle behavior. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 39a655c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This PR updates the change log for 7.68.3. (Hotfix - no test plan generated.) ## **Description** Adds a new `7.68.3` section to `CHANGELOG.md` documenting two hotfixes: - Fixed seedless onboarding vault decryption crash by handling both vault formats in encryptorAdapter (#27393) - Fixed OTA environment variable configuration to use new build flag (#26668) Updates the changelog reference links so `Unreleased` now compares from `v7.68.3` and includes a new `7.68.3` compare link. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** N/A - changelog only ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. Made with Cursor Made with [Cursor](https://cursor.com) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Changelog-only update with no runtime code changes; risk is limited to potential version/compare-link inaccuracies in release notes. > > **Overview** > Adds a new `7.68.3` section to `CHANGELOG.md` documenting two hotfixes (seedless onboarding vault decryption crash handling and OTA env var build-flag update). > > Updates the version reference links by introducing a new `[7.68.3]` compare link. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2bbdafb. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Contributor
🔍 Smart E2E Test Selection⏭️ Smart E2E selection skipped - base branch is not main (base: stable) All E2E tests pre-selected. |
Contributor
The committed fixture schema is out of date. To update, comment: |
|
chloeYue
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
OTA was broken with old environment variables check. This PR aims to solve that by introdocing a new environment variable.
Changelog
CHANGELOG entry: null
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Standards.
Pre-merge reviewer checklist
Note
Medium Risk
Changes how feature flags are resolved in CI/OTA builds by ignoring local env overrides when
BUILDS_ENABLED_WITH_GH_ACTIONS_TEMPORARYis set, which could unintentionally change enabled/disabled behavior if the new flag is misconfigured. Otherwise the changes are small and localized to release/config code paths.Overview
Bumps the OTA release version to
v7.68.3and adds7.68.3release notes/compare link inCHANGELOG.md.Adjusts feature-flag resolution so GitHub Actions OTA builds (when
BUILDS_ENABLED_WITH_GH_ACTIONS_TEMPORARY=trueand notE2E) use remote flags only, preventingMM_EXTENSION_UX_PNA25andMM_ADDITIONAL_NETWORK_BLACKLISTenv overrides from affecting those builds. Adds a smallbuildTimeDefaultsConfighelper to centralize that build-time gating check.Written by Cursor Bugbot for commit adfa229. This will update automatically on new commits. Configure here.
Description
Changelog
CHANGELOG entry:
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist