Merge remote-tracking branch 'origin/main' into chore/remove-webpack-benchmark

Author: DDDDDanica

.github/workflows/publish-prerelease.yml

@@ -123,6 +123,7 @@ jobs:
       MERGE_BASE_COMMIT_HASH: '' # placeholder so that we have autocomplete and logs
       CLOUDFRONT_REPO_URL: ${{ vars.AWS_CLOUDFRONT_URL }}/${{ github.event.repository.name }}
       HOST_URL: ${{ vars.AWS_CLOUDFRONT_URL }}/${{ github.event.repository.name }}/${{ inputs.builds-from-run }}
+      SENTRY_DSN_PERFORMANCE: ${{ vars.SENTRY_DSN_PERFORMANCE }}
       BENCHMARK_WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id || github.run_id }}
       BUILDS_FROM_SHA: ${{ inputs.builds-from-sha }}
       BUILDS_FROM_RUN: ${{ inputs.builds-from-run }}

.github/workflows/run-benchmarks.yml

@@ -154,6 +154,7 @@ jobs:
       REPOSITORY: ${{ github.event.repository.name }}
       PR_NUMBER: ${{ github.event.pull_request.number || 'none' }}
       HEAD_COMMIT_HASH: ${{ github.event.pull_request.head.sha || github.sha }}
+      # Job env mirrors matrix job; step `if:` uses env.SENTRY_DSN_PERFORMANCE (same as send-to-sentry’s process.env).
       SENTRY_DSN_PERFORMANCE: ${{ vars.SENTRY_DSN_PERFORMANCE }}
       BENCHMARK_BROWSER_LOADS: '10'
       BENCHMARK_PAGE_LOADS: '10'

.storybook/main.js

@@ -77,6 +77,7 @@ module.exports = {
           loader: 'postcss-loader',
           options: {
             postcssOptions: {
+              config: false,
               plugins: ['tailwindcss', 'autoprefixer'],
             },
           },

.yarn/patches/@metamask-assets-controllers-npm-104.2.0-c375051533.patch

@@ -0,0 +1,44 @@
+diff --git a/dist/MultichainAssetsController/MultichainAssetsController.cjs b/dist/MultichainAssetsController/MultichainAssetsController.cjs
+index 0f74ce9c3200043c7c8fd121218e41790c55cc0e..973fcb342657ac4898b55bc82e7e89fb99373bd7 100644
+--- a/dist/MultichainAssetsController/MultichainAssetsController.cjs
++++ b/dist/MultichainAssetsController/MultichainAssetsController.cjs
+@@ -503,33 +503,25 @@ async function _MultichainAssetsController_filterBlockaidSpamTokensOnAdd(assets)
+     if (Object.keys(tokensByChain).length === 0) {
+         return [...assets];
+     }
+-    const keptTokenAssets = new Set();
++    const rejectedAssets = new Set();
+     for (const [chainName, tokenEntries] of Object.entries(tokensByChain)) {
+         const batchOutcomes = await __classPrivateFieldGet(this, _MultichainAssetsController_instances, "m", _MultichainAssetsController_runBatchedBulkTokenScans).call(this, chainName, tokenEntries);
+         for (const outcome of batchOutcomes) {
+             if (outcome.status === 'rejected') {
++                // Fail-open: if API fails, allow all tokens in this batch through
+                 continue;
+             }
+             for (const entry of outcome.entries) {
+                 const scanned = outcome.response[entry.address];
++                // Reject only if we have a definitive malicious result
+                 if (scanned?.result_type &&
+-                    scanned.result_type !== phishing_controller_1.TokenScanResultType.Malicious) {
+-                    keptTokenAssets.add(entry.asset);
++                    scanned.result_type === phishing_controller_1.TokenScanResultType.Malicious) {
++                    rejectedAssets.add(entry.asset);
+                 }
+             }
+         }
+     }
+-    return assets.filter((asset) => {
+-        try {
+-            if ((0, utils_1.parseCaipAssetType)(asset).assetNamespace === 'token') {
+-                return keptTokenAssets.has(asset);
+-            }
+-        }
+-        catch {
+-            return false;
+-        }
+-        return true;
+-    });
++    return assets.filter((asset) => !rejectedAssets.has(asset));
+ }, _MultichainAssetsController_findMaliciousTokensAmong = 
+ /**
+  * SPL `token:` assets in state that Blockaid marks malicious (failed batches skipped).