973.0.0

@metamask/json-rpc-engine 10.5.0

Added

• Export assertExpectedHooks utility (#8747)

972.0.0

@metamask/money-account-balance-service 1.0.0

Added

• Add VaultConfigNotAvailableError and VaultConfigValidationError error classes for typed consumer error handling (#8742)
• Add LENS_ABI constant for the Arctic Architecture Lens contract (#8742)

Changed

• BREAKING: MoneyAccountBalanceService no longer accepts vault config via constructor. Vault config is now read from RemoteFeatureFlagController state. Add @metamask/remote-feature-flag-controller as a dependency and permit RemoteFeatureFlagController:getStateaction and RemoteFeatureFlagController:stateChange event on the service's messenger. Service methods throw VaultConfigNotAvailableError until a valid config is available. (#8742)
• BREAKING: VaultConfig fields have changed — vaultAddress → boringVault, vaultChainId → chainId; underlyingTokenAddress and underlyingTokenDecimals removed; lensAddress and tellerAddress added (#8742)
• BREAKING: MusdEquivalentValueResponse shape has changed — musdSHFvdBalance, exchangeRate, and musdEquivalentValue replaced by a single balanceOfInAssets field (#8742)
• Monad (0x8f) added to VEDA_API_NETWORK_NAMES (#8742)
• Bump @metamask/messenger from ^1.1.1 to ^1.2.0 (#8632)
• Bump @metamask/network-controller from ^30.0.1 to ^30.1.0 (#8636)

971.0.0

@metamask/chain-agnostic-permission 1.6.0

Added

• Add Eip1193Compatible property in KnownSessionProperties enum to support EIP-1193-style connections established through connect-evm (#8731)
• Set sessionProperties: { 'eip1193-compatible': true } in getCaip25PermissionFromLegacyPermissions so that legacy EIP-1193 permission requests are tagged as EIP-1193-compatible (#8731)

Changed

• Bump @metamask/permission-controller from ^12.2.1 to ^13.1.0 (#8317, #8661, #8722)
• Bump @metamask/controller-utils from ^11.19.0 to ^11.20.0 (#8344)

@metamask/multichain-api-middleware 3.1.0

Changed

• Bump @metamask/chain-agnostic-permission from ^1.5.0 to ^1.6.0 (#8749)
• Bump @metamask/multichain-transactions-controller from ^7.0.4 to ^7.1.0 (#8665)
• Bump @metamask/accounts-controller from ^37.2.0 to ^38.0.0 (#8665)
• Bump @metamask/permission-controller from ^13.0.0 to ^13.1.0 (#8722)
• Bump @metamask/json-rpc-engine from ^10.3.0 to ^10.4.0 (#8746)

970.0.0

@metamask/json-rpc-engine 10.4.0

Added

• Add legacy createOriginMiddleware utility (#8734)

969.0.0

@metamask/transaction-pay-controller 22.1.0

Fixed

• Fix transaction with accountOverride and targeting Arbitrum USDC (#8724)
  • Deliver the Relay-acquired token to transaction.txParams.from (the delegator that executes the inner delegation), not request.from.
  • Gate the Arbitrum-USDC → Hypercore quote rewrite on transaction.type === TransactionType.perpsDeposit.

968.0.0

@metamask/assets-controller 7.0.0

Added

• RPC token detection now uses the same endpoint as TokenListController (token.api.cx.metamask.io/tokens/{chainId}) instead of the v3 tokens.api.cx.metamask.io/v3/chains/.../assets host, with no client-side first cap and a shared TanStack Query cache (#8727)
  • Mirrors TokenListController.getTokensURL exactly: same query parameters (occurrenceFloor, includeNativeAssets=false, includeTokenFees=false, includeAssetType=false, includeERC20Permit=false, includeStorage=false, includeRwaData=true), per-chain occurrence floor (1 on Linea / MegaETH / Tempo mainnets, 3 elsewhere), and the Linea-mainnet aggregator filter (lineaTeam-flagged or ≥ 3 aggregators).
  • Detection now also picks up iconUrl and aggregators returned by the API; previously only address/symbol/name/decimals/occurrences were forwarded into TokenListEntry.
  • The previous client-side first=25 cap is removed; the API still bounds responses server-side via occurrenceFloor, but the long tail past the previous 25-token slice is now visible to detection.
  • TokensApiClient accepts an optional queryClient (compatible with ApiPlatformClient.queryClient); when provided it caches/dedupes per-chain list responses with a 5 min staleTime and 1 h gcTime under the ['assets-controller','rpc-detection','token-list',{chainId}] key, so concurrent detector polls across accounts/instances coalesce into a single network request.
  • RpcDataSource accepts a new optional queryClient option which it forwards to TokensApiClient. AssetsController defaults this to its existing queryApiClient.queryClient, so consumers get the full list and shared cache automatically.

Changed

• BREAKING: AssetsController now requires two additional messenger events from NetworkController: NetworkController:networkAdded and NetworkController:networkRemoved (#8727)
  • Consumers building restricted controller messengers must include both events in their allowed event set, otherwise TypeScript/action constraint checks will fail.
• Bump @metamask/account-tree-controller from ^7.2.0 to ^7.3.0 (#8722)
• Bump @metamask/keyring-controller from ^25.4.0 to ^25.5.0 (#8722)
• Bump @metamask/permission-controller from ^13.0.0 to ^13.1.0 (#8722)
• Bump @metamask/transaction-controller from ^65.1.0 to ^65.2.0 (#8722)

Fixed

• TokenDataSource no longer drops user-imported EVM custom asset metadata when the V3 Tokens API returns the asset ID lower-cased (#8727)
  • State stores customAssets checksummed (via normalizeAssetId), but the API can echo it lower-cased; the spam-filter bypass now compares lower-cased on both sides so customs reliably skip the MIN_TOKEN_OCCURRENCES filter and assetsInfo is populated for them.
• RpcDataSource no longer overwrites richer native token metadata with a minimal stub on every balance refresh (#8727)
  • Previously, each balance fetch emitted { type: 'native', symbol: chainStatus.nativeCurrency, name: chainStatus.nativeCurrency, decimals: 18 } for native assets, which clobbered fields like image, description, occurrences, and aggregators enriched by the price/info API and renamed e.g. "Avalanche" to "AVAX".
  • Native token metadata now mirrors the existing ERC-20 behavior: prefer existing metadata in state when present, and only emit the stub when no metadata is in state yet (e.g. first sighting of the asset). The fallback in the balance-fetch error path is gated the same way.

@metamask/bridge-controller 72.0.1

Changed

• Bump @metamask/assets-controller from ^6.4.0 to ^7.0.0 (#8738)

@metamask/transaction-pay-controller 22.0.2

Changed

• Bump @metamask/assets-controller from ^6.4.0 to ^7.0.0 (#8738)
• Bump @metamask/bridge-controller from ^72.0.0 to ^72.0.1 (#8738)

967.0.0

@metamask/bridge-controller 72.0.0

Added

• BREAKING: Add support for BatchSell quotes (#8711)
  • change quoteRequest's type from QuoteRequest to QuoteRequest[]
  • allow callers to update specific quote requests within a batch by adding 2 optional parameters to updateBridgeQuoteRequest: quoteRequestIndex and quoteRequestCount
  • export isValidBatchSellQuoteRequest request validator
  • fetch multiple swap quotes through a single SSE stream and append quoteRequestIndex to link each one to its originating quoteRequest
  • implement selectBatchSellQuotes selector which returns the recommended quote for each batched quote, and their aggregated fees and received amounts
  • trace BatchSell quote fetch operations in Sentry using label Batch Sell Quotes Fetched

Changed

• Bump @metamask/gas-fee-controller from ^26.1.1 to ^26.2.0 (#8722)
• Bump @metamask/transaction-controller from ^65.1.0 to ^65.2.0 (#8722)

@metamask/bridge-status-controller 71.1.1

Changed

• Bump @metamask/bridge-controller from ^71.0.0 to ^72.0.0 (#8706, #8721, #8737)
• Bump @metamask/transaction-controller from ^65.0.0 to ^65.2.0 (#8691, #8722)
• Bump @metamask/accounts-controller from ^37.2.0 to ^38.0.0 (#8665)
• Bump @metamask/messenger from ^1.1.1 to ^1.2.0 (#8632)
• Bump @metamask/keyring-controller from ^25.2.0 to ^25.5.0 (#8634, #8665, #8722)
• Bump @metamask/network-controller from ^30.0.1 to ^30.1.0 (#8636)
• Bump @metamask/gas-fee-controller from ^26.1.1 to ^26.2.0 (#8722)

Fixed

• When submitIntent records bridge history keyed by orderUid, pass originalTransactionId at the top level to #addTxToHistory so getInitialHistoryItem links the history item to the synthetic TransactionController entry instead of incorrectly using orderUid (#8655)

@metamask/transaction-pay-controller 22.0.1

Changed

• Bump @metamask/bridge-controller from ^71.1.1 to ^72.0.0 (#8737)

966.0.0

@metamask/transaction-pay-controller 22.0.0

Changed

• BREAKING: Re-parse required tokens when asset state changes (#8714)
  • Adds AssetsControllerStateChangeEvent, CurrencyRateStateChange, TokenRatesControllerStateChangeEvent, and TokensControllerStateChangeEvent to AllowedEvents.
  • Consumers must grant these events when creating the controller messenger.
• Bump @metamask/gas-fee-controller from ^26.1.1 to ^26.2.0 (#8722)
• Bump @metamask/transaction-controller from ^65.1.0 to ^65.2.0 (#8722)

Fixed

• Fix fiat strategy never being selected by routing fiat payment method through getStrategyOrder and allowing quote retrieval when no crypto payment token is set (#8720)

965.0.0

@metamask/passkey-controller 2.0.1

Changed

• PasskeyController verifies registration and authentication responses with requireUserVerification: true, so the WebAuthn user verification (UV) flag must be set; assertions with user presence only no longer pass verification (#8696)

Fixed

• generateAuthenticationOptions now sets userVerification: 'required' so client WebAuthn requests align with server-side verification requirements and do not fail on authenticators that skip UV when set to 'preferred' (#8696)

964.0.0

@metamask/account-tree-controller 7.3.0

Added

• Expose missing public AccountTreeController methods through its messenger (#8716)
  • The following actions are now available:
    • AccountTreeController:init
    • AccountTreeController:reinit
  • Corresponding action types are available as well.

Changed

• Bump @metamask/keyring-controller from ^25.4.0 to ^25.5.0 (#8722)
• Bump @metamask/multichain-account-service from ^8.0.1 to ^9.0.0 (#8722)

@metamask/gas-fee-controller 26.2.0

Added

• Expose missing public GasFeeController methods through its messenger (#8699)
  • The following actions are now available:
    • GasFeeController:enableNonRPCGasFeeApis
    • GasFeeController:disableNonRPCGasFeeApis
  • Corresponding action types are available as well.

Changed

• Bump @metamask/messenger from ^1.1.0 to ^1.2.0 (#8373, #8632)
• Add missing @metamask/messenger dependency (#8318, #8364)
• Bump @metamask/controller-utils from ^11.19.0 to ^11.20.0 (#8344)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)
• Bump @metamask/network-controller from ^30.0.1 to ^30.1.0 (#8636)

@metamask/keyring-controller 25.5.0

Added

• Expose missing public KeyringController methods through its messenger (#8674)
  • The following actions are now available:
    • KeyringController:changePassword,
    • KeyringController:exportAccount,
    • KeyringController:exportEncryptionKey,
    • KeyringController:getAccountKeyringType,
    • KeyringController:importAccountWithStrategy,
    • KeyringController:setLocked,
    • KeyringController:submitEncryptionKey,
    • KeyringController:submitPassword,
    • KeyringController:verifyPassword,
  • Corresponding action types are available as well.

@metamask/money-account-controller 0.3.0

Added

• Expose missing MoneyAccountController:init action through its messenger (#8718)
  • Corresponding action type is available as well.

Changed

• Bump @metamask/keyring-controller from ^25.4.0 to ^25.5.0 (#8722)

@metamask/multichain-account-service 9.0.0

Added

• Expose missing MultichainAccountService:init action through its messenger (#8717)
  • Corresponding action type is available as well.
• Filter out KeyringController locked errors from sentry reporting (#8619)

Changed

• BREAKING: Replace KeyringController:withKeyring with KeyringController:withKeyringV2 for the EVM account provider (#8491)
• Bump @metamask/accounts-controller from ^37.1.1 to ^38.0.0 (#8363, #8665)
• Bump @metamask/keyring-controller from ^25.1.1 to ^25.5.0 (#8363, #8634, #8665, #8722)
• Bump @metamask/messenger from ^1.0.0 to ^1.2.0 (#8364, #8373, #8632)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)
• Bump @metamask/account-api from ^1.0.0 to ^1.0.4 (#8464, #8647)
• Bump @metamask/eth-snap-keyring from ^19.0.0 to ^22.0.1 (#8464, #8584, #8647)
• Bump @metamask/keyring-api from ^21.6.0 to ^23.1.0 (#8464, #8647)
• Bump @metamask/keyring-internal-api from ^10.0.0 to ^11.0.1 (#8464, #8584, #8647)
• Bump @metamask/keyring-snap-client from ^8.2.0 to ^9.0.2 (#8464, #8647)
• Bump @metamask/keyring-utils from ^3.1.0 to ^3.2.1 (#8703)

@metamask/permission-controller 13.1.0

Added

• Expose missing public PermissionController methods through its messenger (#8675)
  • The following actions are now available:
    • PermissionController:acceptPermissionsRequest,
    • PermissionController:rejectPermissionsRequest,
    • PermissionController:revokePermission,
    • PermissionController:updatePermissionsByCaveat,
    • PermissionController:getPermission
  • Corresponding action types are available as well.

@metamask/transaction-controller 65.2.0

Added

• Expose missing public TransactionController methods through its messenger (#8690)
  • The following actions are now available:
    • TransactionController:updateSecurityAlertResponse
    • TransactionController:updatePreviousGasParams
    • TransactionController:updateRequiredTransactionIds
    • TransactionController:updateSelectedGasFeeToken
    • TransactionController:updateTransactionGasFees
  • Corresponding action types are available as well.

Changed

• Bump @metamask/gas-fee-controller from ^26.1.1 to ^26.2.0 (#8722)