Skip to content

release: 13.26.0#41456

Merged
chloeYue merged 130 commits into
stablefrom
release/13.26.0
Apr 10, 2026
Merged

release: 13.26.0#41456
chloeYue merged 130 commits into
stablefrom
release/13.26.0

Conversation

@metamaskbot

@metamaskbot metamaskbot commented Apr 2, 2026

Copy link
Copy Markdown
Collaborator

🚀 v13.26.0 Testing & Release Quality Process

Hi Team,
As part of our new MetaMask Release Quality Process, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment.


📋 Key Processes

Testing Strategy

  • Developer Teams:
    Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows.
  • QA Team:
    Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing.
  • Customer Success Team:
    Validate new functionalities and provide feedback to support release monitoring.

GitHub Signoff

  • Each team must sign off on the Release Candidate (RC) via GitHub by the end of the validation timeline (Tuesday EOD PT).
  • Ensure all tests outlined in the Testing Plan are executed, and any identified issues are addressed.

Issue Resolution

  • Resolve all Release Blockers (Sev0 and Sev1) by Tuesday EOD PT.
  • For unresolved blockers, PRs may be reverted, or feature flags disabled to maintain release quality and timelines.

Cherry-Picking Criteria

  • Only critical fixes meeting outlined criteria will be cherry-picked.
  • Developers must ensure these fixes are thoroughly reviewed, tested, and merged by Tuesday EOD PT.

🗓️ Timeline and Milestones

  1. Today (Friday): Begin Release Candidate validation.
  2. Tuesday EOD PT: Finalize RC with all fixes and cherry-picks.
  3. Wednesday: Buffer day for final checks.
  4. Thursday: Submit release to app stores and begin rollout to 1% of users.
  5. Monday: Scale deployment to 10%.
  6. Tuesday: Full rollout to 100%.

✅ Signoff Checklist

Each team is responsible for signing off via GitHub. Use the checkbox below to track signoff completion:

Team sign-off checklist

  • Accounts
  • Assets
  • Bots Team
  • Confirmations
  • Core Extension UX
  • Core Platform
  • Design System
  • Earn
  • Engagement
  • Extension Platform
  • LavaMoat
  • Networks
  • Onboarding
  • Perps
  • Product Safety
  • Swaps and Bridge
  • Transactions
  • Wallet Integrations

This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀

Feel free to reach out if you have questions or need clarification.

Many thanks in advance

Reference

metamaskbot and others added 30 commits March 26, 2026 19:03
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
Upgrades `brace-expansion` from `5.0.3` to `5.0.5` in the lockfile to
resolve a moderate-severity ReDoS advisory [GHSA-f886-m6hf-6m8v]. Also
picks up incidental patch bumps to `brace-expansion` v1 and v2.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41284?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Lockfile-only dependency bumps; main risk is unexpected tooling/build
behavior changes from the updated transitive package versions.
> 
> **Overview**
> Updates `yarn.lock` to bump `brace-expansion` across supported ranges
(`^1.1.7`, `^2.0.1`, `^5.0.2`) to newer patch versions (notably `5.0.3`
→ `5.0.5`), refreshing the associated resolved tarballs and checksums to
pick up the security advisory fix.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
08903ce. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
release: sync stable to main for version 13.25.0
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41297?quickstart=1)

Resolution to resolve node-forge audit issue.

<img width="865" height="856" alt="image"
src="https://github.com/user-attachments/assets/5d0485c6-50af-4596-9de2-d35de0c0ccc8"
/>


## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk dependency-only change: bumps `node-forge` via Yarn
`resolutions`, which could affect transitive crypto/PKI behavior but has
no direct code changes.
> 
> **Overview**
> Resolves a security/audit finding by forcing `node-forge` to `^1.4.0`
via `package.json` `resolutions`.
> 
> Updates `yarn.lock` accordingly to pull `node-forge@1.4.0` (previously
`1.3.2`).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f108bf9. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

The Bridge API's /getTokens/popular and /getTokens/search endpoints now
return an isVerified property on token records. This PR surfaces that
signal in the Bridge asset picker by rendering a verified badge (the
VerifiedFilled icon) next to the token symbol for any token where
isVerified is true.
## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: feat: add asset verified badge in swaps asset picker

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/SWAPS-4220


## **Manual testing steps**

1. Open the Bridge page (`portfolio.metamask.io` or the extension's
Bridge tab).
2. Click the source token selector to open the asset picker.
3. Scroll through the popular tokens list — tokens with `isVerified:
true` from the API should display a blue verified checkmark badge
(VerifiedFilled icon) inline next to their symbol.
4. Type a token name or address in the search field and confirm that
verified tokens in the search results also display the badge.
5. Confirm that tokens without `isVerified` (or with `isVerified:
false`) show no badge next to their symbol.
6. Repeat steps 2–5 for the destination token selector.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<img width="468" height="500" alt="image"
src="https://github.com/user-attachments/assets/80256b2c-efe7-4938-90c8-979b36ddae88"
/>

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] 've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk UI/data-shaping change that threads a new optional
`isVerified` field from the Bridge API through token normalization and
renders an icon when true; main risk is minor mismatches with API/schema
assumptions affecting display only.
> 
> **Overview**
> Surfaces the Bridge API’s new optional `isVerified` token field
end-to-end and displays a **Verified** badge in the Bridge asset picker
when `isVerified === true`.
> 
> Updates token validation/types (`BridgeAssetV2Schema`) and
normalization (`toBridgeToken`) to carry `isVerified` (with
`tokenMetadata` able to override), and adds/updates unit tests and
snapshots to cover pass-through behavior and conditional badge
rendering.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
10722d8. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

In case there is error in simulation result static data should not be
show, rather error should be shown.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. Submit batched transaction with an approval
2. If simulation fails no static data should be displayed

## **Screenshots/Recordings**
TODO

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk UI-logic change gated to `SimulationErrorCode.Reverted`, with
new unit tests covering the intended rendering behavior.
> 
> **Overview**
> When simulation results include an error, `SimulationDetails` now
**suppresses static balance-change rows for
`SimulationErrorCode.Reverted`** and shows the reverted warning content
instead.
> 
> For other errors (e.g., `ChainNotSupported`), static rows can still
render when provided. Tests were added to assert both behaviors.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
dbc17bf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…match alert icon color (#41196)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Send flow - update field color for sending to contract alert to match
alert icon color.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/CONF-1099

## **Manual testing steps**

1. Start send to a contract address
2. Check styling of error displayed

## **Screenshots/Recordings**
<img width="804" height="736" alt="Screenshot 2026-03-25 at 6 48 26 PM"
src="https://github.com/user-attachments/assets/a1b92ce2-9feb-4567-a9b9-03ba7db44c53"
/>

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk UI-only change in the send recipient input that adjusts error
vs warning styling; no changes to validation logic or transaction
behavior.
> 
> **Overview**
> Updates the send flow `RecipientInput` to distinguish
*acknowledgeable* recipient validation issues (e.g., sending to a
contract) from hard errors.
> 
> The recipient `TextField` now only sets `error` for blocking errors,
and applies a warning border class (`!border-warning-default`) when
`recipientErrorAllowAcknowledge` is present so the field color matches
the warning/alert state.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a658062. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: George Marshall <george.marshall@consensys.net>
Co-authored-by: georgewrmarshall <georgewrmarshall@users.noreply.github.com>
…41187)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Update more specs to use FixtureBuilderV2. Specially focused on:
- ppom specs
- send specs
- shield specs

Left some out of scope, if require bigger changes in builder, to not
grow the PR

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41187?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. All specs should continue to pass

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<img width="3091" height="1541" alt="image"
src="https://github.com/user-attachments/assets/fcb1a32d-dc48-42d9-98f5-0068b5d2d187"
/>


### **After**


<img width="3092" height="1541" alt="image"
src="https://github.com/user-attachments/assets/58637a4c-6973-466a-b02e-5e481b33480e"
/>


## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: changes are confined to E2E test infrastructure and specs,
but touch many tests and fixture defaults so failures may surface as
test flakiness or altered expectations.
> 
> **Overview**
> Migrates a large set of E2E specs (PPOM/Blockaid, send flows, shield,
smart transactions, multichain, network) from legacy `FixtureBuilder` to
`FixtureBuilderV2`, updating network selection (`NETWORK_CLIENT_ID`),
permission setup (explicit `chainIds`/localhost dapp), and login/balance
expectations to match the new fixtures.
> 
> Extends `FixtureBuilderV2` with multichain rates helpers
(`withMultichainAssetsRatesController`, `withMultichainRatesController`,
plus `withConversionRates`/`withCurrencyRates`) and updates docs
accordingly; adjusts the default fixture to seed Polygon balance,
blocklists `polygon-mainnet.infura.io` in E2E mocks, and adds a
`TransactionConfirmation.clickBackButton()` helper while removing an
unused `reviewTransaction` flow.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
28213b4. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…for the chosen token` (#41239)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Sometimes the BAT Token doesn't appear in the token list when we search
for it. We seed the token list controller with that token, but not the
storage service.

Solution: Seed the same BAT entry in the TokenListController
StorageService to avoid miss-match and flakiness

<img width="1050" height="812" alt="image"
src="https://github.com/user-attachments/assets/1f93327e-7a16-4339-b33a-2968740f22aa"
/>


[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41239?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry:

## **Related issues**

Fixes:

## **Manual testing steps**

1. Check ci

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: changes are limited to E2E test setup/waits and fixture
seeding, with no production logic impact.
> 
> **Overview**
> Improves E2E test determinism by replacing a fixed delay in
`dapp-viewed.spec.ts` with `HomePage.waitForNonEvmAccountsLoaded()`
before asserting `DappViewed` metrics properties.
> 
> Stabilizes the token search E2E by reusing a shared BSC BAT token-list
entry, keying caches by `CHAIN_IDS.BSC`, seeding token list data into
StorageService via `withTokenListControllerStorageServiceData`, and
removing the custom `login(..., { validateBalance: false })` invocation.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ede4536. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Replace the default `QueryClient` with a custom `QueryClient` from
`createUIQueryClient`. This establishes the query client required for
using the `BaseDataService` pattern from the core repo, which handles
cache syncing. Existing UI-only queries should work as they did
previously.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41183?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

https://consensyssoftware.atlassian.net/browse/WPC-445


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Replaces the app-wide React Query client with a custom client that
bridges to background messaging, which could impact caching/query
behavior across the UI if misconfigured. Also introduces new dependency
and LavaMoat policy entries that affect build/runtime module access.
> 
> **Overview**
> Replaces the default TanStack `QueryClient` with a
`createUIQueryClient` instance wired to the background via
`submitRequestToBackground`/`subscribeToMessengerEvent`, enabling cache
syncing for data services that follow the `BaseDataService` pattern.
> 
> Adds a `DATA_SERVICES` registry (currently empty) and updates
dependencies/lockfile plus LavaMoat policies to allow
`@metamask/react-data-query` (and its TanStack Query deps) in
browserify/webpack builds.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
94d0a55. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41232?quickstart=1)

Addresses references to `RatesController` by creating migration
selectors and by putting calls to the controller behind a feature flag.

Adds comments to reference uses of `allDetectedTokens` still in the
code.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2851

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes how fiat currency and non-EVM rates are sourced when the
assets unify state flag is enabled, which can affect pricing displays
and Snap `getCurrencyRate` responses. Guarding
`multichainRatesController` start/stop behind the flag reduces risk but
could surface edge cases if state is incomplete during migration.
> 
> **Overview**
> Adds migration selectors `getRatesControllerRates` and
`getRatesControllerFiatCurrency` that, when *assets unify state* is
enabled, derive non-EVM native asset rates from
`assetsInfo`/`assetsPrice` and switch fiat currency to
`selectedCurrency` (with new unit tests).
> 
> Routes Snap `getCurrencyRate` to these new selectors and centralizes
the feature-flag check in `MetaMaskController` via
`#isAssetsUnifyStateEnabled`, also skipping `MultichainRatesController`
startup/subscriptions and stop calls when the unified state path is
active.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f9cb1d2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

This PR is a third iteration at the PoC for Dapp Connection Control Bar
on our extension. The MetaMask extension currently has a confusing split
between dapp connection controls and the wallet network picker, making
it difficult for users to understand what context they are in and where
to manage an active connection. So we built a proof of concept for a new
UX pattern, introducing a contextual control bar that appears only when
an active dapp connection is present and remains hidden when no
connection exists.

The purpose of this POC is to let the team interact with a clearer, more
explicit connection surface, evaluate whether it reduces confusion
between wallet and dapp contexts, and decide if this pattern should be
refined and taken to production.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40617?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: adds dapp connection control bar

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/WAPI-1147
https://consensyssoftware.atlassian.net/browse/WAPI-1146

## **Manual testing steps**

1. Go to [test dapp](https://metamask.github.io/test-dapp/)
2. Request permissions
3. Make sure dapp connection control bar shows on bottom when viewing
extension
4. Clicking the `select` element should show dapp network selector
5. Clicking the cogwheel icon should show dapp permission management
screen
6. Clicking the exit icon should prompt to disconnect from dapp

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<img width="421" height="623" alt="Screenshot 2026-03-04 at 12 00 01"
src="https://github.com/user-attachments/assets/509ff8fc-f3f5-4f46-8920-b7e616c30e71"
/>

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Introduces a new connection UI surface that dispatches network-menu
and permission-removal actions; regressions could affect per-dapp
network switching or disconnect behavior. Changes are mostly UI/test
refactors with limited impact outside connected-site flows.
> 
> **Overview**
> Adds a new *Dapp Connection Control Bar* shown at the bottom of `Home`
when the current tab is connected, surfacing the connected
origin/account plus quick actions to open the per-dapp network selector,
navigate to `review-permissions`, and disconnect (via
`removePermissionsFor` + a confirmation modal).
> 
> Removes the previous header-level connection status indicator and
simplifies `ConnectedSiteMenu` to a basic button (no
popover/metadata-driven rendering), updating snapshots and unit coverage
accordingly.
> 
> Updates E2E network tests to use the new control-bar network button
(with a toast-close safeguard), and drops unused i18n keys for the
removed connected/not-connected tooltip strings.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
6dda52f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## **Description**

Removes the `@metamask/error-reporting-service` package. This service
registered a `ErrorReportingService:captureException` messenger action,
but no controller ever called it. Error reporting is now handled
directly via `messenger.captureException`, which is a built-in
capability of `@metamask/messenger` (used e.g. in `oauth-service.ts`),
making this package redundant.

## **Changelog**

CHANGELOG entry: null

## **Related issues**

N/A

## **Manual testing steps**

1. Build the extension and verify it starts without errors.

## **Screenshots/Recordings**

N/A

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk cleanup that removes an unused controller/messenger and
dependency; main risk is missing any hidden runtime references during
initialization.
> 
> **Overview**
> Removes the redundant `ErrorReportingService` controller: deletes its
init + messenger modules/tests, and drops it from controller/messenger
registration and `metamask-controller` initialization.
> 
> Also removes the `@metamask/error-reporting-service` dependency from
`package.json`/`yarn.lock` and cleans up the related deprecation ignore
entry in `.yarnrc.yml`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fe77e35. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…design / cta segment prop update (#41226)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Buy/Get Cta Style Alignment

Adjust the token-list mUSD banner so the bonus subtitle uses primary
text
color and the action control is a secondary (outline) button instead of
primary.

Segment event prop updates for Claim CTA location and Convert CTA 2&3
redirectTo

- MusdConversionCtaClicked: Asset overview and token-list convert CTAs
now emit properties via createMusdCtaClickedEventProperties, with
redirects_to from resolveMusdConversionCtaRedirectsTo (aligned with buy
vs conversion and education vs custom amount). Replaces incorrect
chain_id / token_symbol with network_chain_id, network_name, and
asset_symbol. Convert link location follows entryPoint
(musdConversionFlowEntryPointToCtaEventLocation).
- MusdClaimBonusButtonClicked: location is token_list_item or
asset_overview via resolveMerklClaimBonusAnalyticsLocation from
TokenCell (showMusdConvertCta), not claim_bonus_bottom_sheet. DeFi
TokenCell usage no longer opts into Merkl/mUSD list props; tests assert
that.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41226?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: Updated Buy/Get mUSD CTA styling

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/MUSD-556
Fixes: https://consensyssoftware.atlassian.net/browse/MUSD-558

## **Manual testing steps**

```
Feature: mUSD home CTA visual design
  As a user viewing the token list mUSD banner
  I want the bonus line and action control to match the intended hierarchy
  So primary copy stays clear and the action reads as secondary to the row

  Background:
    Given the mUSD Buy/Get CTA is visible on the home token list

  Scenario: Bonus subtitle uses primary default text color
    When I view the mUSD CTA
    Then the bonus percentage subtitle is styled with primary default text color
    And the subtitle remains readable against the banner background

  Scenario: Action control uses secondary button styling
    When I view the mUSD CTA
    Then the CTA action is a secondary (outline) button
    And the button label matches the main CTA copy ("Buy mUSD" or "Get mUSD")

  Scenario Outline: Design applies for both CTA variants
    Given the CTA shows "<variant_title>" as the main line
    When I view the mUSD CTA
    Then the bonus subtitle uses primary default text color
    And the action control is a secondary button labeled "<variant_title>"

    Examples:
      | variant_title |
      | Buy mUSD      |
      | Get mUSD      |
```

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

<img width="550" height="107" alt="image"
src="https://github.com/user-attachments/assets/01f96c6f-5e36-4572-9155-4a988965ab6f"
/>

### **After**

<!-- [screenshots/recordings] -->

<img width="504" height="126" alt="image"
src="https://github.com/user-attachments/assets/5fd1c5d6-52e0-44a6-861e-be5c6e17497d"
/>

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk due to cross-component changes to mUSD CTA/claim analytics
payloads and `TokenCell` prop shape, which could affect event tracking
and CTA visibility if misconfigured.
> 
> **Overview**
> Updates the home token-list mUSD banner copy/styling to match mobile:
headline now uses the product name ("MetaMask USD"), subtitle uses the
new `musdEarnBonusPercentage` string, and the action is a secondary
button while keeping the row clickable.
> 
> Refactors `TokenCell` mUSD integration from boolean flags to a single
`musd` options prop (with exported presets for token list and asset
overview), and uses that to gate the Merkl claim badge and convert link
plus their analytics locations/entry points.
> 
> Standardizes mUSD analytics across `MusdBuyGetCta`, `MusdAssetCta`,
`MusdConvertLink`, and `ClaimBonusBadge`: events now include
`redirects_to` derived from education/buy intent, correct network/asset
fields (`network_chain_id`, `network_name`, `asset_symbol`), and
consistent location mapping; adds/updates tests and snapshots
accordingly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9aa0d85. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## **Description**

Filter out incoming native token transfers in the Activity list to
reduce risk of address poisoining

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: chore: filter out native token transfers

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/CEUX-948

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes transaction selection logic to hide incoming native-coin
transfers, which could inadvertently suppress legitimate inbound
transactions in the Activity view if the heuristic misclassifies a tx
(e.g., certain contract-mediated receipts).
> 
> **Overview**
> Adds an *address-poisoning defense* by updating `selectTransactions`
to filter out **incoming native coin transfers** when the current
account is the recipient but did not initiate the transaction (similar
to the existing incoming token-transfer filter).
> 
> Extends unit coverage around `selectTransactions`
(outgoing/self-send/swap vs blocked inbound native receipts) and updates
the incoming-transactions e2e expectations so native incoming transfers
(and token transfers) result in an empty Activity list while outgoing
sends still render.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ae1aa24. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…ponents (#40209)

## **Description**

When a user opens the Secret Recovery Phrase reveal page while on a
malicious website, this PR adds a real-time dapp scan that warns them
before they can proceed. If the site is flagged as malicious (`BLOCK`),
a danger banner appears with an acknowledgment checkbox — the Next
button turns red and stays disabled until the user explicitly accepts
the risk.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40209?quickstart=1)

## **Changelog**

CHANGELOG entry: Added real-time dapp scanning warning with
acknowledgment checkbox on the SRP reveal page for malicious websites

## **Related issues**

Fixes:

## **Manual testing steps**

1. Navigate to a known malicious site (e.g.
`this-is-a-malicious-website-by-jacob2.xyz`)
2. Open the extension and go to Settings > Security > Reveal Secret
Recovery Phrase
3. Confirm: danger banner shows, acknowledgment checkbox appears, Next
button is red and disabled
4. Check the checkbox → Next button becomes enabled (still red)
5. On a safe/clean site: no extra warning, normal blue Next button, no
checkbox

## **Screenshots/Recordings**

### **Before**

<!-- No dapp scan warning on SRP reveal page -->

### **After**
<img width="400" height="599" alt="Screenshot 2026-03-26 at 3 57 31 PM"
src="https://github.com/user-attachments/assets/0bf3c585-e74b-4826-bc8d-f9f608c291b2"
/>



<!-- Malicious site: danger banner + acknowledgment checkbox + red
disabled Next button -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I've included tests if applicable
- [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds a new phishing-scan call and UX gating to the Secret Recovery
Phrase reveal flow; mistakes could block legitimate SRP access or fail
to warn on malicious origins. Changes also introduce a new background
RPC and metrics event that must remain consistent across UI/background
boundaries.
> 
> **Overview**
> Adds a real-time phishing scan when opening the SRP reveal flow, using
the current tab origin to detect malicious sites.
> 
> If the scan recommends `Block`, the password step shows a new
localized danger banner + acknowledgment checkbox, turns the Continue
button into a *danger* state, and prevents both button-click and
form-submit progression until the risk is acknowledged.
> 
> Wires a new background action (`scanUrlForPhishing`) through the
controller/actions layer, and emits a new MetaMetrics event
(`SrpRevealMaliciousSiteDetected`) when a malicious site is detected;
updates unit tests to cover scan outcomes, gating behavior, and metric
emission.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
571ba82. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Howard Braham <howrad@gmail.com>
Part of the ongoing JS→TS migration effort for `shared/constants`.
Converts `terms.js` to `terms.ts`.

## Changes

- **`shared/constants/terms.js` → `shared/constants/terms.ts`** — rename
only; no logic changes. TypeScript infers the exported constants as
string literals without explicit annotations.

Existing consumers import without file extensions, so no import paths
required updating.

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> 
> ----
> 
> *This section details on the original issue you should resolve*
> 
> <issue_title>TypeScript conversion of `shared/constants/terms.js`
(level 30)</issue_title>
> <issue_description>### What is this about?
> 
> .
> 
> ### Scenario
> 
> _No response_
> 
> ### Design
> 
> _No response_
> 
> ### Technical Details
> 
> _No response_
> 
> ### Threat Modeling Framework
> 
> _No response_
> 
> ### Acceptance Criteria
> 
> _No response_
> 
> ### Stakeholder review needed before the work gets merged
> 
> - [ ] Engineering (needed in most cases)
> - [ ] Design
> - [ ] Product
> - [ ] QA (automation tests are required to pass before merging PRs but
not all changes are covered by automation tests - please review if QA is
needed beyond automation tests)
> - [ ] Security
> - [ ] Legal
> - [ ] Marketing
> - [ ] Management (please specify)
> - [ ] Other (please specify)
> 
> ### References
> 
> _No response_</issue_description>
> 
> <agent_instructions>Follow the best practice
https://github.com/MetaMask/contributor-docs/blob/main/docs/typescript.md</agent_instructions>
> 
> ## Comments on the Issue (you are @copilot in this section)
> 
> <comments>
> </comments>
> 


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes MetaMask/MetaMask-planning#5530

<!-- START COPILOT CODING AGENT TIPS -->
---

📍 Connect Copilot coding agent with [Jira](https://gh.io/cca-jira-docs),
[Azure Boards](https://gh.io/cca-azure-boards-docs) or
[Linear](https://gh.io/cca-linear-docs) to delegate work to Copilot in
one click without leaving your project management tool.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk rename-only JS→TS migration of a constants module; behavior
should be unchanged as consumers import via extensionless path.
> 
> **Overview**
> Migrates the shared Terms constants module from
`shared/constants/terms.js` to `shared/constants/terms.ts`, keeping the
exported values (`TERMS_OF_USE_LINK`, `TERMS_OF_USE_LAST_UPDATED`) the
same so existing extensionless imports continue to work.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
035970f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DDDDDanica <12678455+DDDDDanica@users.noreply.github.com>
## Version Bump After Release

This PR bumps the main branch version from 13.25.0 to 13.26.0 after
cutting the release branch.

### Why this is needed:
- **Nightly builds**: Each nightly build needs to be one minor version
ahead of the current release candidate
- **Version conflicts**: Prevents conflicts between nightlies and
release candidates
- **Platform alignment**: Maintains version alignment between MetaMask
mobile and extension
- **Update systems**: Ensures nightlies are accepted by app stores and
browser update systems

### What changed:
- Version bumped from `13.25.0` to `13.26.0`
- Platform: `extension`
- Files updated by `set-semvar-version.sh` script

### Next steps:
This PR should be **manually reviewed and merged by the release
manager** to maintain proper version flow.

### Related:
- Release version: 13.25.0
- Release branch: release/13.25.0
- Platform: extension
- Test mode: false

---
*This PR was automatically created by the
`create-platform-release-pr.sh` script.*

Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>
Co-authored-by: chloeYue <105063779+chloeYue@users.noreply.github.com>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
Updates a test to use waitForNextUpdate rather than setTimeout, as
setTimeout seemed to be causing some inconsistent results.
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41308?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Test-only changes that update async waiting semantics; low product
risk, with minor risk of altering test reliability if the new `waitFor`
assertions are too permissive or timing-sensitive.
> 
> **Overview**
> Refactors `useMerklRewards.test.ts` to remove `setTimeout`/`act`-based
async flushing and instead wait on specific state transitions via
`renderHook`’s `waitFor`.
> 
> Cleans up teardown logic (dropping the extra microtask flush) and
makes the geoblocked case explicitly synchronous since the query is
disabled.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
014f0f8. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41242?quickstart=1)

Removed code that calculated available time ranges for non-evm assets
using the `historicalPrices` state, which is now deprecated, as
historical prices are now fetched directly from price-api, not the snap.

It should not have any impact on the app.

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2993

## **Manual testing steps**

1. Open the asset details for any evm or non-evm asset
2. Time ranges should display at the bottom of the chart (no change)

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [X] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [X] I've completed the PR template to the best of my ability
- [X] I’ve included tests if applicable
- [X] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [X] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes asset chart time-range behavior (now always hardcoded) and
removes `historicalPrices` from selector composition, which could affect
non-EVM chart UX or any remaining consumers expecting populated
historical price state.
> 
> **Overview**
> Removes remaining `historicalPrices` plumbing and related
utilities/tests, including the `getHistoricalPrices` selector and the
non‑EVM `useChartTimeRanges` hook.
> 
> The asset price chart now uses a hardcoded `TIME_RANGES` list
(dropping CAIP address conversion + dynamic interval selection), and
multichain balance-rate selector composition now always supplies an
empty `historicalPrices` object.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
30473ad. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…s) (#41207)

## **Description**
This PR adds first part of the MetaMetrics integration for hardware
wallet recovery flow tracking.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41207?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes: n/a

Related ticket: https://consensyssoftware.atlassian.net/browse/MUL-1483

#### Main PR: #41154

## **Manual testing steps**

1. Add hardware wallet account
2. Setup local Segment event tracking
3. Disconnect hardware wallet
4. Go to Swaps and try to do a swap with hardware wallet account while
hardware wallet is disconnected
5. Click on button to start recovery flow for hardware wallet
6. Observe event tracking result in local Segment console

#### To run Segment tracking locally do the following:

Add/replace the `SEGMENT_HOST` and `SEGMENT_WRITE_KEY` variables in
`.metamaskrc`:

```
SEGMENT_HOST='http://localhost:9090/'
SEGMENT_WRITE_KEY='FAKE'
```

Run the following:
```
node development/mock-segment.js
yarn start
```

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**
This type of tracking was not available before. Nothing to show here.

### **After**
No UI changes, but here are some Segment events intercepted locally.

<img width="609" height="244" alt="Screenshot 2026-03-25 at 16 57 45"
src="https://github.com/user-attachments/assets/b2c13870-21aa-44c7-b0f4-03daf84340af"
/>
<img width="609" height="479" alt="Screenshot 2026-03-25 at 17 08 17"
src="https://github.com/user-attachments/assets/54737e3e-3cfd-4839-927e-3a50d7c81ee6"
/>

<img width="606" height="242" alt="Screenshot 2026-03-26 at 15 10 03"
src="https://github.com/user-attachments/assets/dfd5c4ca-37d7-4d15-ac8d-eeca11981813"
/>


## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Adds new MetaMetrics tracking with additional state/side-effect logic
in `HardwareWalletErrorModal`, which could affect modal lifecycle and
event deduping/counting if edge cases are missed.
> 
> **Overview**
> Adds first-class MetaMetrics coverage for the hardware wallet recovery
flow by introducing new Segment-aligned enums (`location`,
`device_type`, `error_type`) and three new events:
`HardwareWalletRecoveryModalViewed`,
`HardwareWalletRecoverySuccessModalViewed`, and
`HardwareWalletRecoveryCtaClicked`.
> 
> Implements shared helpers to build a schema-compliant Segment
`properties` payload (including sanitized/truncated `error_message`,
`error_code` labeling, device type/model mapping, and `error_type`
normalization), plus a new `useHardwareWalletRecoveryLocation` hook to
derive `location` from the current route/confirmation context.
> 
> Updates `HardwareWalletErrorModal` to emit these events with deduping
and an `error_type_view_count` that increments on repeated
views/reconnect failures, and expands test harness utilities to allow
injecting a mock `trackEvent`; adds unit tests for the new helpers,
hook, and modal tracking behavior.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a746a85. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Fixes a bug where the form would reset without user taking any action,
as well as some design tweaks to remove cancel button and add projected
p&l values in form.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41283?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: fixes tpsl form reset bug

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/TAT-2700,
https://consensyssoftware.atlassian.net/browse/TAT-2698

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**


https://github.com/user-attachments/assets/f9a2a1d4-d2d0-4756-8d58-885717dfe29d

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches perps TP/SL editing flow and modal actions; while UI-focused,
it changes state initialization/submission wiring and could affect order
protection settings if regressions occur.
> 
> **Overview**
> Fixes the perps TP/SL update UX so in-progress edits aren’t
overwritten by background position refreshes, by initializing TP/SL
fields once on mount and keying the modal by `position.symbol`.
> 
> Moves the primary save action out of `UpdateTPSLModalContent` into the
modal `ModalFooter` via a new `UpdateTPSLSubmitState` callback, and
removes cancel buttons from the TP/SL and close-position modals.
> 
> Adds estimated USD P&L display rows for the configured take-profit and
stop-loss prices (including new i18n strings) and updates unit tests to
exercise the new footer-driven submit and the new estimated P&L
rendering.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a173442. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Alejandro Garcia <alejandro.garcia@consensys.net>
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Adding tests for the swap/bridge transaction details page. The new test
verifies that the app navigates to the custom TransactionDetails page
and that it contains the expected data after tx submission

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41269?quickstart=1)

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: test: add e2e tests for unified swap transaction
details page

## **Related issues**

Fixes: https://consensyssoftware.atlassian.net/browse/SWAPS-4269

## **Manual testing steps**

1. Tests should succeed

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk since changes are limited to E2E test helpers and assertions,
but they may introduce test flakiness due to new UI text/selector
expectations and status mapping.
> 
> **Overview**
> Adds an `ActivityListPage.checkBridgeTransactionDetails` helper that
opens the swap/bridge transaction details view and asserts navigation,
status text, scanner link count, and displayed source/destination
amounts.
> 
> Extends bridge E2E coverage by calling this helper in negative-case
bridge tests (pending/failed) and wires it into the shared
`bridgeTransaction` utility via a new `expectedStatus` param plus more
consistent action/token label construction.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
83404bf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## **Description**

This updates the declared build targets to match the browser minimums we
already support elsewhere in the extension.

The current browserslist and Babel targets were still pointing at Chrome
89 / Firefox 89, which was lower than our real support floor and causes
extra transpilation.

This PR:
- raises browserslist and Babel targets to `chrome >= 113` and `firefox
>= 115`
- adds Browserify-required Babel syntax transforms for class properties
and private methods, plus keeps the existing logical-assignment
transform
- updates the build-system LavaMoat policy to allow those nested
`@babel/preset-env` plugins

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41170?quickstart=1)

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. build it
2. does it work?

<!--
## **Screenshots/Recordings**

If applicable, add screenshots and/or recordings to visualize the before
and after of your change.

### **Before**

[screenshots/recordings]

### **After**

[screenshots/recordings]
-->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

<!--
## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
-->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Moderate risk because it changes build/transpilation targets and
multiple LavaMoat policies; misconfiguration could cause runtime issues
in older browsers or build-time bundling failures.
> 
> **Overview**
> Updates declared build targets to **Chrome 113+ / Firefox 115+** by
bumping `.browserslistrc` and Babel `targets` in `babel.config.js`,
reducing unnecessary transpilation.
> 
> Adds explicit Babel syntax transforms for `class` properties and
private class features (keeping logical assignment transforms) and wires
in the needed devDependencies/depcheck ignores.
> 
> Adjusts LavaMoat Browserify/Webpack policies to match the new Babel
plugin dependency graph and to refine/expand allowed globals (e.g.,
`AbortSignal.timeout`, scoped `navigator.*`, `document.visibilityState`,
`crypto.subtle`, and additional DOM prototype access), while removing
several now-unneeded `@swc/helpers` allowances.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5d88a00. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
## **Description**

This feature wasn't working well enough (needs maintenance) and we think
it's causing a "workflows awaiting approval" problem, so we are removing
the "Open in GitHub Codespaces" badge from PR descriptions.

## **Changelog**

CHANGELOG entry: null

<!--## **Related issues**
## **Manual testing steps**
## **Screenshots/Recordings**
## **Pre-merge author checklist**
## **Pre-merge reviewer checklist**
[skip-e2e]-->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk: removes a non-critical PR-body automation workflow and a
template badge link, with no runtime product code changes. Minor process
risk is limited to CODEOWNERS approval routing for `.devcontainer/`.
> 
> **Overview**
> Removes the **"Open in GitHub Codespaces"** badge from the PR template
(and the CODEBOT PR-description snippet) and deletes the
`codespaces-update-badge` GitHub Action that rewrote PR bodies with the
PR number.
> 
> Updates `.github/CODEOWNERS` so changes under `.devcontainer/` are
owned by `@MetaMask/extension-platform` (instead of
`@MetaMask/extension-security-team`) alongside `@HowardBraham`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f9d3919. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
…41259)

Converts `shared/lib/rpc.utils.js` to TypeScript as part of the ongoing
TS migration effort.

## Changes

- **`shared/lib/rpc.utils.ts`** — Replaces the JS file with full
TypeScript types:
  - Function signature with explicit parameter and return types
  - `headers` typed as `Record<string, string>`
- JSON-RPC response destructured via a typed cast reflecting the two
valid error shapes (`{ message?: string }` object or plain string)

```ts
export async function jsonRpcRequest(
  rpcUrl: string,
  rpcMethod: string,
  rpcParams: unknown[] = [],
  options: { headers?: Record<string, string> } = {},
): Promise<unknown>
```

- **`development/ts-migration-dashboard/files-to-convert.json`** —
Removes `shared/lib/rpc.utils.js` from the pending conversion list.

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> 
> ----
> 
> *This section details on the original issue you should resolve*
> 
> <issue_title>TypeScript conversion of `shared/lib/rpc.utils.js` (level
32)</issue_title>
> <issue_description>### What is this about?
> 
> .
> 
> ### Scenario
> 
> _No response_
> 
> ### Design
> 
> _No response_
> 
> ### Technical Details
> 
> _No response_
> 
> ### Threat Modeling Framework
> 
> _No response_
> 
> ### Acceptance Criteria
> 
> _No response_
> 
> ### Stakeholder review needed before the work gets merged
> 
> - [ ] Engineering (needed in most cases)
> - [ ] Design
> - [ ] Product
> - [ ] QA (automation tests are required to pass before merging PRs but
not all changes are covered by automation tests - please review if QA is
needed beyond automation tests)
> - [ ] Security
> - [ ] Legal
> - [ ] Marketing
> - [ ] Management (please specify)
> - [ ] Other (please specify)
> 
> ### References
> 
> _No response_</issue_description>
> 
> <agent_instructions>Follow best practice
https://github.com/MetaMask/contributor-docs/blob/main/docs/typescript.md</agent_instructions>
> 
> ## Comments on the Issue (you are @copilot in this section)
> 
> <comments>
> </comments>
> 


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes MetaMask/MetaMask-planning#5528

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent
pull requests. You can protect all pull requests by enabling Advanced
Security for your repositories. [Learn more about Advanced
Security.](https://gh.io/cca-advanced-security)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Mostly a TypeScript migration with added unit tests; only small
behavioral impact is slightly different error message formatting for
some JSON-RPC `error` shapes.
> 
> **Overview**
> Converts `shared/lib/rpc.utils` to TypeScript by adding explicit
parameter/return types, typing `headers`, and casting the JSON-RPC
response shape.
> 
> Adds a new Jest suite (`shared/lib/rpc.utils.test.ts`) covering
success cases, invalid response shapes, basic-auth URL credential
handling, custom header merging, and updated error handling that
stringifies non-message error objects.
> 
> Removes `shared/lib/rpc.utils.js` from
`development/ts-migration-dashboard/files-to-convert.json`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
0710d81. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DDDDDanica <12678455+DDDDDanica@users.noreply.github.com>
Co-authored-by: dddddanica <zhaodanica@gmail.com>
…41125)

## **Description**

Expanding the successful policy update comment to point to process doc

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/41125?quickstart=1)

## **Changelog**

## **Related issues**

Fixes: null

## **Manual testing steps**

1. change dependencies enough to make current policy outdated
2. trigger policy update
3. observe the comment 

## **Screenshots/Recordings**
maybe later

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Only changes GitHub Actions comment text; no changes to policy
generation, commits, or runtime code paths.
> 
> **Overview**
> When the `update-lavamoat-policies` workflow successfully updates and
commits policies, the PR comment now includes a *TIP* linking to the
`docs/lavamoat-policy-review-process.md` guidance before seeking
reviewer approval, in addition to the existing LavaMoat policy diff
reading link.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
94ffeb7. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Part of the ongoing TypeScript migration effort (level 14).
`shared/lib/ui-utils.js` exports URL string constants and a single
`process.env` variable.

## Changes

- Renamed `shared/lib/ui-utils.js` → `shared/lib/ui-utils.ts`

No content changes were required — TypeScript infers all types from the
string literals and `process.env` access (`SUPPORT_LINK` becomes `string
| undefined`). All 20+ importing files resolve the module transparently
via the `.ts` extension.

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> 
> ----
> 
> *This section details on the original issue you should resolve*
> 
> <issue_title>TypeScript conversion of `shared/lib/ui-utils.js` (level
14)</issue_title>
> <issue_description>### What is this about?
> 
> .
> 
> ### Scenario
> 
> _No response_
> 
> ### Design
> 
> _No response_
> 
> ### Technical Details
> 
> _No response_
> 
> ### Threat Modeling Framework
> 
> _No response_
> 
> ### Acceptance Criteria
> 
> _No response_
> 
> ### Stakeholder review needed before the work gets merged
> 
> - [ ] Engineering (needed in most cases)
> - [ ] Design
> - [ ] Product
> - [ ] QA (automation tests are required to pass before merging PRs but
not all changes are covered by automation tests - please review if QA is
needed beyond automation tests)
> - [ ] Security
> - [ ] Legal
> - [ ] Marketing
> - [ ] Management (please specify)
> - [ ] Other (please specify)
> 
> ### References
> 
> _No response_</issue_description>
> 
> <agent_instructions>Follow the best practice in
https://github.com/MetaMask/contributor-docs/blob/main/docs/typescript.md
> </agent_instructions>
> 
> ## Comments on the Issue (you are @copilot in this section)
> 
> <comments>
> </comments>
> 


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

- Fixes MetaMask/MetaMask-planning#5535

<!-- START COPILOT CODING AGENT TIPS -->
---

📱 Kick off Copilot coding agent tasks wherever you are with [GitHub
Mobile](https://gh.io/cca-mobile-docs), available on iOS and Android.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk rename-only TypeScript migration of a constants module; main
risk is any tooling/import resolution edge cases around `.js`→`.ts`
module resolution.
> 
> **Overview**
> Converts `shared/lib/ui-utils` from JavaScript to TypeScript by
renaming `ui-utils.js` to `ui-utils.ts` with no functional changes.
> 
> The module continues to export the same URL string constants and
`SUPPORT_LINK` sourced from `process.env` (now typed as `string |
undefined`).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
41acd5c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DDDDDanica <12678455+DDDDDanica@users.noreply.github.com>
## **Description**

Fixes
```
└─ serialize-javascript
   ├─ ID: 1115519
   ├─ Issue: Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
   ├─ URL: GHSA-qj8w-gfj5-8c6v
   ├─ Severity: moderate
   ├─ Vulnerable Versions: <7.0.5
   │
   ├─ Tree Versions
   │  └─ 7.0.3
   │
   └─ Dependents
      └─ terser-webpack-plugin@npm:5.3.16 [e4394]
```

## **Changelog**

CHANGELOG entry: null

<!--## **Related issues**
## **Manual testing steps**
## **Screenshots/Recordings**
## **Pre-merge author checklist**
## **Pre-merge reviewer checklist**
[skip-e2e]-->

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Low risk dependency-only change; primary impact is in build tooling
consumers of `serialize-javascript`, with minimal chance of runtime
behavior changes outside updated library semantics.
> 
> **Overview**
> Updates the pinned `serialize-javascript` resolution from `7.0.3` to
`7.0.5` and refreshes `yarn.lock` accordingly.
> 
> This is a security-driven bump to address a moderate DoS advisory
affecting versions `<7.0.5`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2b71464. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
@metamaskbotv2

metamaskbotv2 Bot commented Apr 10, 2026

Copy link
Copy Markdown
Contributor
Builds ready [6c178b2]
⚡ Performance Benchmarks (Total: 🟢 24 pass · 🟡 1 warn · 🔴 0 fail)

Baseline (latest main): f34f804 | Date: 9/10/58222 | Pipeline: 24231442528 | Baseline logs

Interaction Benchmarks
Benchmarkchrome-browserify
loadNewAccount🟢 [Show logs]
confirmTx🟢 [Show logs]
bridgeUserActions🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • bridgeUserActions/bridge_load_asset_picker: -12%
Startup Benchmarks
Benchmarkchrome-browserifychrome-webpackfirefox-browserifyfirefox-webpack
startupStandardHome🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]
startupPowerUserHome🟢 [Show logs]🟢 [Show logs]
🟡 loadScripts
[Show logs]
🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • startupStandardHome/initialActions: -38%
  • startupStandardHome/setupStore: +14%
  • startupPowerUserHome/uiStartup: +13%
  • startupPowerUserHome/initialActions: +100%
  • startupPowerUserHome/setupStore: +11%
  • startupPowerUserHome/numNetworkReqs: +23%
  • startupStandardHome/firstPaint: +13%
  • startupPowerUserHome/numNetworkReqs: +46%
  • startupStandardHome/domInteractive: +23%
  • startupStandardHome/initialActions: -38%
  • startupPowerUserHome/backgroundConnect: +13%
  • startupPowerUserHome/firstReactRender: +11%
  • startupPowerUserHome/setupStore: -17%
  • startupStandardHome/initialActions: +11%
  • startupStandardHome/setupStore: -51%
  • startupPowerUserHome/uiStartup: +10%
  • startupPowerUserHome/load: +11%
  • startupPowerUserHome/domContentLoaded: +11%
  • startupPowerUserHome/loadScripts: +12%
  • startupPowerUserHome/setupStore: +25%
User Journey Benchmarks
Benchmarkchrome-browserifychrome-webpack
onboardingImportWallet🟢 [Show logs]🟢 [Show logs]
onboardingNewWallet🟢 [Show logs]🟢 [Show logs]
assetDetails🟢 [Show logs]🟢 [Show logs]
solanaAssetDetails🟢 [Show logs]🟢 [Show logs]
importSrpHome🟢 [Show logs]🟢 [Show logs]
sendTransactions🟢 [Show logs]🟢 [Show logs]
swap🟢 [Show logs]🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • onboardingImportWallet/srpButtonToSrpForm: +10%
  • onboardingImportWallet/metricsToWalletReadyScreen: -16%
  • onboardingImportWallet/doneButtonToHomeScreen: +10%
  • onboardingImportWallet/openAccountMenuToAccountListLoaded: -14%
  • onboardingNewWallet/agreeButtonToOnboardingSuccess: +30%
  • assetDetails/assetClickToPriceChart: -22%
  • assetDetails/total: -22%
  • solanaAssetDetails/assetClickToPriceChart: -11%
  • solanaAssetDetails/total: -11%
  • importSrpHome/openAccountMenuAfterLogin: -64%
  • swap/total: +14%
  • onboardingImportWallet/metricsToWalletReadyScreen: -13%
  • onboardingImportWallet/doneButtonToHomeScreen: -37%
  • onboardingImportWallet/openAccountMenuToAccountListLoaded: -98%
  • onboardingImportWallet/total: -52%
  • onboardingNewWallet/skipBackupToMetricsScreen: -19%
  • onboardingNewWallet/agreeButtonToOnboardingSuccess: +30%
  • solanaAssetDetails/assetClickToPriceChart: -65%
  • solanaAssetDetails/total: -65%
  • importSrpHome/loginToHomeScreen: -22%
  • importSrpHome/openAccountMenuAfterLogin: -47%
  • importSrpHome/homeAfterImportWithNewWallet: -28%
  • importSrpHome/total: -26%
  • sendTransactions/openSendPageFromHome: +206%
  • sendTransactions/selectTokenToSendFormLoaded: +115%
  • sendTransactions/total: +15%
  • swap/openSwapPageFromHome: -38%
  • swap/fetchAndDisplaySwapQuotes: -13%

Dapp page load benchmarks: data not available.

Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 5.44 MiB (100%)
  • ui: 8.19 MiB (100%)
  • common: 12.31 MiB (100%)

AI Test Plan

Risk Score High Risk Medium Risk Files Changed Commits
62/100 8 6 905 130
Cherry-Pick Scenarios (4)

High Risk Scenarios (2)

1. Transactions – Reload behavior after a failed transaction

Risk Level: HIGH

Why This Matters: Cherry-pick 41523 fixes UI recovery after failed transactions; without it, users may get stuck or see stale activity after failures.

Test Steps:

  1. Intentionally submit a transaction that will fail (e.g., set too-low gas limit on a contract call or use a failing method on a test dapp).
  2. When the failure occurs, verify the UI reloads/recovers to a usable state (no stuck loading, correct failure toast/message).
  3. Navigate to Activity and confirm the failed transaction is displayed correctly; lock/unlock and ensure the state remains consistent.

2. Token Management – Eagerly add mUSD during conversion for new single-wallet users

Risk Level: HIGH

Why This Matters: Cherry-pick 41633 fixes visibility gaps by eagerly adding mUSD for new single-wallet users post-conversion; without it, users may not see the asset they just acquired.

Test Steps:

  1. Create a brand-new profile with a single default account; perform a Swap/Convert to mUSD on a supported network.
  2. Immediately check the Assets tab to confirm mUSD appears without requiring manual token addition and the balance is correct.
  3. Restart the extension and ensure mUSD remains visible with the correct balance; verify no duplicate mUSD entries are created.
  4. Add a second account and repeat a conversion; confirm the eager-add logic does not incorrectly add duplicates or mis-attribute balances across accounts.

Medium Risk Scenarios (2)

1. Transactions – Prevent duplicate success toasts for already-confirmed txs

Risk Level: MEDIUM

Why This Matters: Cherry-pick 41514 fixes duplicate success toasts for already-confirmed transactions, which can confuse users and mask real new events.

Test Steps:

  1. Send a transaction and wait for confirmation; verify exactly one success toast appears.
  2. Reload the extension and open Activity; ensure no new success toast is shown for the same transaction.
  3. Perform a speed up on a new transaction that confirms; verify the replaced transaction does not trigger an extra success toast.

2. Notifications – Eliminate duplicate toast notifications across flows

Risk Level: MEDIUM

Why This Matters: Cherry-pick 41583 addresses duplicate toast notifications across flows; duplicates can overwhelm users and obscure important signals.

Test Steps:

  1. Connect to a dapp, sign a message, and confirm only one toast appears per action.
  2. Switch accounts immediately after a transaction confirms and ensure no extra success toasts are emitted.
  3. Lock/unlock and revisit Activity; verify the same past events do not generate new duplicate toasts.

Release Scenarios (10)

High Risk Scenarios (6)

1. State Migrations (201) – Assets data shape and selectors

Risk Level: HIGH

Why This Matters: Migrations can corrupt or reshape stored assets data; a bad migration risks lost tokens, duplicates, or broken rendering across networks and accounts.

Test Steps:

  1. Install previous stable MetaMask (13.25.x), create 2 accounts, add custom tokens on Ethereum and Polygon (include hidden/ignored tokens), then lock the wallet.
  2. Upgrade to 13.26.0 and unlock; allow any automatic migrations to complete.
  3. Verify all previously added tokens and hidden/ignored states persist per account and per network; confirm balances and fiat values render correctly.
  4. Switch networks, refresh extension, and confirm no duplicate tokens were created and no tokens disappeared.
  5. Open Activity and Assets tabs for both accounts to ensure no errors or loading loops occur post-migration.

2. State Migrations (202) – Follow-up/cleanup for assets and migration gating

Risk Level: HIGH

Why This Matters: Follow-up migrations often fix edge cases from the first pass; regressions here can re-trigger migration loops or lose user preferences for tokens.

Test Steps:

  1. Start with a profile already upgraded to 13.26.0 from the prior scenario; manually toggle token detection off, hide a token, and add a new watch token on a second network.
  2. Lock and unlock to trigger any lazy migration tasks; then switch networks repeatedly (Ethereum, Polygon, a custom RPC).
  3. Verify hidden tokens remain hidden, newly added watch token is still present, and token detection setting stays intact across networks.
  4. Confirm any migration banner or prompt (if present) does not keep reappearing after completion/reload.
  5. Inspect Activity for both accounts to ensure no assets-related errors or empty states appear.

3. Token Management – Post-migration integrity across multi-account and multi-network

Risk Level: HIGH

Why This Matters: Large token-management changes and selectors impact how assets are discovered and shown; inconsistencies lead to user confusion, incorrect balances, and trust issues.

Test Steps:

  1. With 3+ accounts, add different sets of tokens per account on Ethereum, Base, and a custom RPC; hide at least one token per account.
  2. Quit and relaunch the browser; then open each account and network to verify token lists load consistently and quickly.
  3. Perform a token send on each network; confirm the sent token remains in the list and balances update correctly after confirmation.
  4. Toggle token detection on/off and verify it does not override hidden states or remove watch tokens.
  5. Remove a token and confirm it stays removed after a reload and network switch.

4. Bridge – Controller initialization and status updates

Risk Level: HIGH

Why This Matters: Controller init changes for Bridge can break status persistence and error handling, leading to stuck or incorrect progress indicators.

Test Steps:

  1. Open Bridge and initiate a small transfer (e.g., ETH or token) from Ethereum to a supported L2; stay on the Bridge screen to watch status.
  2. While the bridge is in progress, lock/unlock the wallet and close/reopen the extension; verify status resumes correctly without showing stale or missing steps.
  3. Simulate a failed route (e.g., choose a known failing route/network or deliberately set too-low gas on source if applicable) and verify the error state is displayed cleanly.
  4. After completion, navigate away and back to Bridge to confirm final status and transaction hashes persist and are accurate.
  5. Check Activity view reflects the bridge transactions with correct statuses and links.

5. Accounts Tree and Messaging – Account list integrity and switching

Risk Level: HIGH

Why This Matters: Controller messenger changes can cause stale or mismatched account state, leading to signing with the wrong account or UI desync.

Test Steps:

  1. Create 3 new accounts and import one account via private key; rename accounts and reorder them where supported.
  2. Switch accounts rapidly and sign a simple dapp permission request per account (connect to a test dapp).
  3. Verify correct account name/address appears in the header, Send, and Activity views after each switch.
  4. Remove an imported account and confirm it disappears everywhere (accounts menu, Connected sites) without stale references.
  5. Reload the extension and verify all changes persist and no account duplication or missing accounts occur.

6. Transaction Signing – Status, activity updates, and persistence

Risk Level: HIGH

Why This Matters: Core controller and UI changes can desynchronize transaction activity and statuses, risking wrong balances or stuck pending entries.

Test Steps:

  1. Send a native asset transaction and an ERC-20 transfer on two different networks (e.g., Ethereum and Polygon); note pending and confirmed states.
  2. While a transaction is pending, close the popup and reopen it; verify activity list updates correctly without lag or missing entries.
  3. Perform a speed up and a cancel; confirm final statuses in Activity reflect replaced/canceled transactions accurately.
  4. Lock and unlock during a pending state; ensure final statuses still reconcile after unlock.
  5. Confirm no orphaned pending items remain after transactions finalize.

Medium Risk Scenarios (4)

1. API Error Handling – User-visible RPC and network errors

Risk Level: MEDIUM

Why This Matters: Error handler changes can hide critical failures or flood users with duplicate toasts, degrading reliability and supportability.

Test Steps:

  1. Go offline and attempt to load account, send a transaction, and open a dapp; observe error toasts/modals.
  2. Reconnect and switch to a custom RPC with an invalid URL; ensure errors are surfaced clearly without freezing.
  3. Trigger a simulated RPC failure (e.g., call a method unsupported by the network) and confirm the error is actionable (not a blank or generic code only).
  4. Dismiss errors and ensure they don’t reappear after navigation or reload.
  5. Verify no duplicate or stacked errors appear for the same action.

2. Connected Sites UX – Removal/rework of Connected Status Indicator

Risk Level: MEDIUM

Why This Matters: UI changes to connection indicators can confuse users about which account/site is connected, risking wrong-account actions.

Test Steps:

  1. Visit a dapp and connect one account; verify there is still a clear way to see the site’s connection status and which account is connected.
  2. Switch accounts and confirm the dapp reflects the new account; check the connections list in Settings > Connections.
  3. Disconnect the site from within MetaMask and confirm the dapp loses access and the connection status updates.
  4. Reload the dapp and extension and ensure the connection state persists correctly (connected remains connected, disconnected remains disconnected).
  5. Ensure no missing or broken UI elements appear where the old indicator used to be.

3. Backup & Sync – Feature toggles and persistence

Risk Level: MEDIUM

Why This Matters: Toggle logic changes can leave features half-enabled, causing silent failures or privacy issues.

Test Steps:

  1. Open Settings > Security & Privacy (or Identity section if applicable) and toggle Backup & Sync features on; complete any required auth.
  2. Lock/unlock and ensure the toggle state persists; repeat for turning the feature off.
  3. Toggle while offline; verify graceful failure messaging and that state doesn’t become inconsistent.
  4. Perform basic wallet actions (send, add token) and confirm no unexpected sync-related banners or errors appear.
  5. Revisit settings after a browser restart to confirm state remains correct.

4. Download Mobile Modal – QR and deep links

Risk Level: MEDIUM

Why This Matters: User-facing modal updates can break links or QR rendering, reducing trust and driving support tickets.

Test Steps:

  1. Open the Download Mobile modal from the avatar menu; verify copy, QR, and store links render properly.
  2. Switch language and theme, reopen the modal, and confirm layout and text are correct.
  3. Click both iOS and Android links to ensure correct store destinations open in a new tab.
  4. Close and reopen the modal after a page navigation to ensure it resets correctly.
  5. Confirm no console or UI errors when interacting with the modal controls.

Teams Sign-off Status

Signed off: None yet

Awaiting sign-off (9):
Accounts, Assets, Confirmations, Networks, Notifications, Onboarding, Swaps and Bridge, Transactions, Wallet


Generated by AI Test Plan Analyzer (gpt-5) at 2026-04-10T07:52:17.666Z

AI generated test plan (JSON): test-plan-13.26.0.json

…1655)

- feat: disable post-transaction toast cp-13.26.0 (#41636)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Revert the post-transaction toast  feature

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**




https://github.com/user-attachments/assets/f1047cc3-3526-4619-bc68-bedf641df9dc


<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding

Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling

guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes post-transaction navigation and disables the toast listener,
which can affect user flow after swaps/bridges/sends and may surface
regressions in transaction feedback. Also updates e2e behavior around
the smart transaction status page, which may introduce test or UI
flakiness if the status page timing differs.
> 
> **Overview**
> Disables the post-transaction toast flow by removing the global
`ToastListener` mount and stopping `SmartTransactionStatusPage` from
auto-resolving on load.
> 
> Updates post-submit navigation to go directly to `/?tab=activity`
after bridge submissions (`useSubmitBridgeTransaction`), non-EVM sends
(`useSendActions`), and certain swap completion paths (`awaiting-swap`).
> 
> Adjusts e2e bridge/swap tests to handle the smart transaction status
page explicitly (adds a close button selector, makes `submitQuote`
optionally dismiss the status page, and threads a `dismissStatusPage`
flag through test helpers/cases).
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
7ad5544. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
[4ee597b](4ee597b)

---------

Co-authored-by: Francis Nepomuceno <n3ps@users.noreply.github.com>
@metamaskbotv2

metamaskbotv2 Bot commented Apr 10, 2026

Copy link
Copy Markdown
Contributor
Builds ready [b9ed5bd]
⚡ Performance Benchmarks (Total: 🟢 25 pass · 🟡 0 warn · 🔴 0 fail)

Baseline (latest main): 71bd826 | Date: 10/14/58243 | Pipeline: 24252626917 | Baseline logs

Interaction Benchmarks
Benchmarkchrome-browserify
loadNewAccount🟢 [Show logs]
confirmTx🟢 [Show logs]
bridgeUserActions🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • loadNewAccount/load_new_account: -14%
  • loadNewAccount/total: -14%
  • bridgeUserActions/bridge_search_token: -16%
  • bridgeUserActions/total: -12%
Startup Benchmarks
Benchmarkchrome-browserifychrome-webpackfirefox-browserifyfirefox-webpack
startupStandardHome🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]
startupPowerUserHome🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • startupStandardHome/firstReactRender: -10%
  • startupStandardHome/initialActions: -33%
  • startupPowerUserHome/backgroundConnect: +45%
  • startupPowerUserHome/numNetworkReqs: -46%
  • startupPowerUserHome/firstPaint: +11%
  • startupPowerUserHome/numNetworkReqs: -17%
  • startupStandardHome/initialActions: +33%
  • startupStandardHome/setupStore: +13%
  • startupPowerUserHome/setupStore: -31%
  • startupStandardHome/initialActions: -43%
  • startupStandardHome/setupStore: -31%
  • startupPowerUserHome/setupStore: +12%
  • startupPowerUserHome/numNetworkReqs: -13%
User Journey Benchmarks
Benchmarkchrome-browserifychrome-webpack
onboardingImportWallet🟢 [Show logs]🟢 [Show logs]
onboardingNewWallet🟢 [Show logs]🟢 [Show logs]
assetDetails🟢 [Show logs]🟢 [Show logs]
solanaAssetDetails🟢 [Show logs]🟢 [Show logs]
importSrpHome🟢 [Show logs]🟢 [Show logs]
sendTransactions🟢 [Show logs]🟢 [Show logs]
swap🟢 [Show logs]🟢 [Show logs]

📈 Results compared to the previous 5 runs on main

  • onboardingImportWallet/srpButtonToSrpForm: -10%
  • onboardingImportWallet/metricsToWalletReadyScreen: -34%
  • onboardingImportWallet/openAccountMenuToAccountListLoaded: -12%
  • onboardingImportWallet/total: -24%
  • onboardingNewWallet/skipBackupToMetricsScreen: +16%
  • onboardingNewWallet/doneButtonToAssetList: -25%
  • onboardingNewWallet/total: -20%
  • assetDetails/assetClickToPriceChart: -15%
  • assetDetails/total: -15%
  • importSrpHome/openAccountMenuAfterLogin: -80%
  • onboardingImportWallet/metricsToWalletReadyScreen: +21%
  • onboardingImportWallet/doneButtonToHomeScreen: -43%
  • onboardingImportWallet/openAccountMenuToAccountListLoaded: -98%
  • onboardingImportWallet/total: -53%
  • onboardingNewWallet/skipBackupToMetricsScreen: -13%
  • onboardingNewWallet/agreeButtonToOnboardingSuccess: +33%
  • onboardingNewWallet/doneButtonToAssetList: +32%
  • onboardingNewWallet/total: +26%
  • assetDetails/assetClickToPriceChart: -16%
  • assetDetails/total: -16%
  • solanaAssetDetails/assetClickToPriceChart: -13%
  • solanaAssetDetails/total: -13%
  • importSrpHome/loginToHomeScreen: -25%
  • importSrpHome/openAccountMenuAfterLogin: -83%
  • importSrpHome/homeAfterImportWithNewWallet: -16%
  • importSrpHome/total: -17%
  • swap/openSwapPageFromHome: -46%

Dapp page load benchmarks: data not available.

Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 5.44 MiB (100%)
  • ui: 8.18 MiB (100%)
  • common: 12.31 MiB (100%)

AI Test Plan

Risk Score High Risk Medium Risk Files Changed Commits
57/100 6 8 903 131
Cherry-Pick Scenarios (5)

High Risk Scenarios (2)

1. Transaction Failure — UI Reload and State Sync

Risk Level: HIGH

Why This Matters: Cherry-pick 41523 fixes post-failure reload/sync; without it, users may see stale pending states or need manual intervention to recover.

Test Steps:

  1. Intentionally submit a transaction that will fail (e.g., interact with a reverting contract or set parameters to cause a revert) and wait for failure.
  2. Observe that the extension reloads/syncs to reflect the 'Failed' status without getting stuck on 'Pending' or requiring manual refresh.
  3. Confirm subsequent transactions behave normally and the UI does not enter reload loops.

2. Token Management — Eager Add mUSD on Conversion (New User, Single Wallet)

Risk Level: HIGH

Why This Matters: Cherry-pick 41633 fixes visibility of mUSD for new single-wallet users; incorrect scoping could cause silent token loss of visibility or unwanted auto-adds for existing users.

Test Steps:

  1. Create a brand-new wallet with a single account and no prior tokens; perform a conversion/swap to mUSD on a supported network.
  2. Immediately open Assets and verify mUSD is auto-added and visible without manual token addition.
  3. Repeat on an existing multi-account wallet to confirm the token isn’t incorrectly auto-added outside the intended new-user/single-wallet context.
  4. Remove mUSD from the token list and confirm it stays removed unless re-added by user action.

Medium Risk Scenarios (3)

1. Transaction Notifications — Skip Toast for Already-Confirmed

Risk Level: MEDIUM

Why This Matters: Cherry-pick 41514 fixes noisy UX by skipping toasts for already-confirmed transactions; regressions could spam users with historical confirmations.

Test Steps:

  1. Submit a transaction, wait for on-chain confirmation outside the extension (e.g., keep the tab locked or closed), then unlock/open the extension.
  2. Verify no 'Confirmed' toast appears for the already-confirmed transaction while Activity correctly shows it as confirmed.
  3. Refresh the extension and ensure no duplicate historical confirmation toasts are shown.

2. Notifications — Prevent Duplicate Toasts

Risk Level: MEDIUM

Why This Matters: Cherry-pick 41583 fixes duplicate toast notifications; duplicates degrade UX and can mask important single-event signals.

Test Steps:

  1. Submit a Send transaction and observe toasts; ensure only one 'Submitted' (and if applicable, one follow-up status) toast appears.
  2. Perform a Swap and a Bridge back-to-back; verify no duplicate toasts for the same event across actions.
  3. Lock/unlock during confirmations; confirm no retroactive duplicate toasts appear.

3. Transaction Notifications — Disable Post-Transaction Toast

Risk Level: MEDIUM

Why This Matters: Cherry-pick 41655 changes UX by disabling post-transaction toasts; ensuring clarity in Activity without silent failures is critical to avoid missed outcomes.

Test Steps:

  1. Submit a transaction and observe toasts; verify only the 'Submitted' toast appears and that no 'Confirmed' toast shows after completion.
  2. Confirm the Activity tab reflects confirmation without additional toasts and that navigating away/back doesn’t trigger a confirmation toast.
  3. Chain two transactions; ensure the lack of post-transaction toasts doesn’t hide failures (Activity should still surface outcomes clearly).

Release Scenarios (9)

High Risk Scenarios (4)

1. State Migrations (201, 202) — Assets and Accounts

Risk Level: HIGH

Why This Matters: Migrations can corrupt or drop user assets, duplicate entries, or descope data across networks; verifying persistence across complex states prevents data-loss regressions.

Test Steps:

  1. Install the previous stable extension (13.25.x), create 2+ accounts (one HD, one imported), add at least two networks (e.g., Ethereum, Polygon), and manually add 2 ERC-20 tokens and 1 NFT per network.
  2. Lock the wallet, then upgrade to 13.26.0 and unlock; wait for the UI to fully load (no spinner).
  3. Verify all accounts, custom networks, tokens, and NFTs are still present with correct balances and symbols; ensure no duplicate tokens/NFTs appear.
  4. Toggle token detection off/on and switch networks; confirm token lists remain accurate and network-scoped.
  5. Open Activity for each account to confirm past history remains intact and links open correctly to the right block explorers.

2. State Migrations — Fresh and Edge-Case Wallets

Risk Level: HIGH

Why This Matters: Edge-case and new-user paths often expose migration bugs (e.g., incorrect defaults, token auto-additions, or persistence issues) that can confuse or mislead users.

Test Steps:

  1. Start from a fresh 13.25.x wallet with token detection disabled and no custom tokens; upgrade to 13.26.0 and unlock.
  2. Confirm no phantom or auto-added tokens appear on each network and that detection setting persists.
  3. Import a private-key account post-upgrade; check assets render correctly without duplicating the HD account’s tokens.
  4. Add one custom token with an unusual decimal count and switch networks; verify correct formatting and scoping.
  5. Restart the browser and re-open the extension; confirm settings and asset lists persist.

3. Transaction Flow — Submission, Status Updates, and Activity

Risk Level: HIGH

Why This Matters: Transaction state integrity is core to trust; incorrect transitions or stale states lead to user errors and potential financial loss.

Test Steps:

  1. Submit a Send transaction on a congested network; keep the extension open and observe Pending → Confirmed/Failed transitions in Activity.
  2. Lock the wallet mid-pending, wait for on-chain confirmation, then unlock; verify the Activity status is correct without errant status regressions.
  3. Trigger a Speed Up and a Cancel on a pending transaction; ensure the replacement logic correctly reflects the final outcome.
  4. Hard refresh the extension (background reload or browser restart) mid-transaction; verify the final state syncs correctly upon reopen.
  5. Confirm there are no loops or stale states (e.g., stuck Pending) and that the activity details remain accurate.

4. Accounts and Permissions — Account Switching and Connected Sites

Risk Level: HIGH

Why This Matters: Changes in account-tree messaging and controller init can break per-account connection isolation, causing cross-account permission leaks.

Test Steps:

  1. Connect Account A to a dapp (e.g., Uniswap), then switch to Account B and confirm the site shows disconnected or distinct permissions.
  2. From the extension, review Connected Sites for each account; ensure lists differ appropriately and switching accounts updates the site connection state.
  3. Disconnect the site from Account A via the extension and reload the dapp; confirm permissions are revoked only for Account A.
  4. Reconnect with Account B and perform a transaction; verify it uses the correct account and network.
  5. Lock/unlock and confirm the per-account connection isolation persists.

Medium Risk Scenarios (5)

1. Bridge Flow — Status Tracking and Resumption

Risk Level: MEDIUM

Why This Matters: Controller init changes to bridge/status logic risk losing or misreporting long-running bridge statuses, confusing users about fund location.

Test Steps:

  1. Initiate a bridge transfer (e.g., ETH → another L2) from the extension’s Bridge UI and note the status indicator.
  2. Close the extension mid-bridge; re-open after several minutes and confirm the status resumes accurately (in-progress → complete).
  3. Open Activity and verify the bridge entry reflects the correct network and final status.
  4. If the bridge fails, ensure the UI surfaces failure clearly and offers retry or guidance without stale 'in-progress' states.

2. Connected Dapp Status UI — Indicator Removal Regression

Risk Level: MEDIUM

Why This Matters: Removing the connected-status-indicator can unintentionally hide connection state; users must still find, confirm, and manage permissions easily.

Test Steps:

  1. Visit a dapp and connect the wallet; verify there is still an obvious way to confirm connection (e.g., dapp shows address, extension’s Connected Sites).
  2. Attempt to disconnect from the extension’s permissions/connection management; verify the dapp reflects disconnection on reload.
  3. Switch accounts and networks; ensure the dapp updates which account is connected and that the UI remains discoverable without prior indicator.
  4. Confirm no orphaned indicators or stale 'connected' cues remain after disconnect.

3. API Error Handling — RPC/Quote Failures

Risk Level: MEDIUM

Why This Matters: API error handler changes can suppress or duplicate critical feedback; users need clear recovery paths during RPC and aggregator issues.

Test Steps:

  1. Configure a custom network with an invalid RPC URL and open the extension; verify a clear, actionable error appears (not a silent spinner).
  2. Switch back to a valid network and attempt a Swap where the quote intentionally fails (e.g., extreme slippage); confirm an informative error banner/toast shows.
  3. After errors, ensure normal flows recover without needing an extension restart.
  4. Confirm that error toasts/banners dismiss correctly and do not duplicate.

4. Backup & Sync Toggles — Persistence and Non-Interference

Risk Level: MEDIUM

Why This Matters: Toggle changes can create hidden state that interferes with core wallet operations or fails to persist.

Test Steps:

  1. Open Settings → Identity → Backup & Sync and toggle available features on.
  2. Lock/unlock and restart the browser; confirm toggles persist as set.
  3. Perform a normal Send and a Swap; verify no unexpected prompts or blocks appear due to toggles.
  4. Turn toggles off and repeat a transaction; ensure behavior returns to baseline without leftover banners.

5. Reset Account — Confirmation and Post-Reset Behavior

Risk Level: MEDIUM

Why This Matters: Changes in reset confirmation/UI can lead to user confusion or accidental data loss beyond nonce clearing.

Test Steps:

  1. With some completed and pending Activities, open Settings → Advanced → Reset Account and proceed through the confirmation modal.
  2. Verify pending nonces are cleared (no stuck pendings), but assets, networks, and account names remain intact.
  3. Submit a new transaction post-reset; confirm it sends successfully with a fresh nonce.
  4. Ensure no unexpected loss of activity history beyond expected nonce reset behavior.

Teams Sign-off Status

Signed off: None yet

Awaiting sign-off (10):
Accounts, Assets, Confirmations, Notifications, Onboarding, Permissions, Swaps and Bridge, Transactions, Wallet, Wallet Integrations


Generated by AI Test Plan Analyzer (gpt-5) at 2026-04-10T16:52:01.126Z

AI generated test plan (JSON): test-plan-13.26.0.json

@chloeYue chloeYue marked this pull request as ready for review April 10, 2026 17:34
@chloeYue chloeYue requested review from a team, HowardBraham and itsyoboieltr as code owners April 10, 2026 17:34
@chloeYue chloeYue merged commit 30cc74a into stable Apr 10, 2026
404 of 408 checks passed
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 10, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

release-13.26.0 Issue or pull request that will be included in release 13.26.0 team-bots Bot team (for MetaMask Bot, Runway Bot, etc.)

Projects

None yet

Development

Successfully merging this pull request may close these issues.