[pull] main from MetaMask:main by pull[bot] · Pull Request #545 · Reality2byte/metamask-mobile

pull · 2026-02-23T23:53:03Z

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

…cking to deposit flow (#25741) - feat(predict): cp-7.65.0 add analytics tracking to deposit flow (#25670)  ## **Description** Add analytics event tracking when deposit is triggered from different entry points (homepage balance, buy preview). The deposit function now accepts optional analytics parameters including entryPoint and amountUsd. - Add trackPredictOrderEvent call in usePredictDeposit when analytics properties are provided - Pass HOMEPAGE_BALANCE entry point from PredictBalance component - Pass BUY_PREVIEW entry point with market context from usePredictPlaceOrder when balance is insufficient - Add new event values: BUY_PREVIEW entry point and transaction types for deposit, withdraw, and claim - Update tests to verify analytics properties are passed correctly  ## **Changelog**  CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Adds analytics tracking to the deposit flow and changes the `deposit` hook signature to accept optional parameters, which could affect callers and analytics payload correctness but does not alter on-chain transaction behavior. > > **Overview** > Adds **analytics tracking for Predict deposits** by extending `usePredictDeposit().deposit` to accept optional `{ amountUsd, analyticsProperties }` and emitting `PredictController.trackPredictOrderEvent` with `status: initiated` and `transactionType: mm_predict_deposit` when properties are provided. > > Updates deposit entry points to pass analytics context: `PredictBalance` now sends `entryPoint: homepage_balance`, and `usePredictPlaceOrder` triggers a deposit on insufficient BUY balance with `entryPoint: buy_preview`, `marketId`, and merged `orderParams.analyticsProperties`. Expands `PredictEventValues` with `BUY_PREVIEW` and new transaction type constants, and updates/adds tests to validate the new analytics payloads. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 4bf856b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [fa7d510](fa7d510) Co-authored-by: Caainã Jeronimo <caainaje@gmail.com>

…entage CTA (#25749) - feat: cp-7.65.0 updated color of earn percentage CTA (#25738)  ## **Description** Updated coloring of Earn CTA  ## **Changelog**  CHANGELOG entry: updated coloring of Earn CTA ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  <img width="928" height="158" alt="image" src="https://github.com/user-attachments/assets/470dc2d4-9c8a-4f5a-8a42-623cf3a93e50" /> ### **After**  <img width="456" height="82" alt="image" src="https://github.com/user-attachments/assets/2f9a4386-fde8-43fc-89c0-40ce8b1e60cb" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Single UI styling change (text color) with no behavior, data, or navigation logic modified. > > **Overview** > Updates the Wallet home `StakeButton` “Earn” CTA styling by changing its label text color from `TextColor.Primary` to `TextColor.Alternative`, affecting how the earn/APR percentage is displayed. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3757843. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [7c4514a](7c4514a) Co-authored-by: Matthew Grainger <46547583+Matt561@users.noreply.github.com>

#25768) - feat: add network picker deeplink cp-7.65.0 (#25446)  ## **Description** Add deeplink support to open the network picker modal from the home screen. This allows users to directly open the network selection modal via a universal link to the home screen, improving navigation flow for network-specific actions. Deeplink: https://link.metamask.io/home?openNetworkSelector=true ## **Changelog**  CHANGELOG entry: feat: add network picker deeplink ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2571 ## **Manual testing steps** 1. Generate a link that a user can click (or spin up inside bash command) 2. "Click" network picker deeplink 3. EXPECTED - should open home screen and network deeplink ## **Screenshots/Recordings**  ### **Before**  ### **After** https://www.loom.com/share/53a5b4ea0e4245be85f8c96d4871a351 ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --- <a href="https://cursor.com/background-agent?bcId=bc-126b3cd2-5a62-4ebc-9054-8ac666811dd2"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> <a href="https://cursor.com/agents?id=bc-126b3cd2-5a62-4ebc-9054-8ac666811dd2"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a>  --- > [!NOTE] > **Medium Risk** > Touches navigation/deeplink behavior on the Wallet home screen and relies on delayed `setParams` timing, which could cause flaky or repeated navigation if React Navigation behavior changes. > > **Overview** > Adds support for a new Home deeplink query param, `openNetworkSelector=true`, which navigates to Wallet home and then triggers the network selector sheet after a small delay. > > Refactors Wallet deeplink-on-focus logic into a reusable `useHomeDeepLinkEffects` hook that now handles both Perps tab selection and the new network selector action, and clears consumed navigation params by nulling them out to avoid repeated triggers. > > Updates legacy `navigateToHomeUrl` to parse the new param and `setParams` post-navigation (delayed), adds/updates unit tests for both the handler and hook, and documents the new param in `docs/readme/deeplinking.md`. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 73cbed9. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [b539420](b539420) Co-authored-by: Prithpal Sooriya <prithpal.sooriya@consensys.net>

…nce changes and simplify setAmount cp-7.65.0 (#25776) - fix(perps): correct amount reset when balance changes and simplify setAmount cp-7.65.0 (#25759)  ## **Description** 1. **What is the reason for the change?** When the user changed the payment token or when the effective balance dropped, the Perps order form was resetting the amount to max whenever the current amount was greater than the new max. That logic could also run when the user had intentionally set the amount to 0 or left it empty (e.g. initial value 10), and `setAmount` was forcing empty values to `'0'`, which made it harder to preserve the intended initial amount. 2. **What is the improvement/solution?** - In the `useEffect` that reacts to `balanceForMax` / `maxPossibleAmount` / `orderForm.amount`: only reset the amount when it actually exceeds the new max. If `currentAmount === 0`, `maxPossibleAmount === 0`, or `currentAmount < maxPossibleAmount`, we return early and do not overwrite the form amount. - In `setAmount`, pass through the `amount` string as-is and remove the `|| '0'` fallback so the form can keep an empty or user-chosen initial value (e.g. 10) without being forced to `'0'`. ## **Changelog**  CHANGELOG entry: Fixed Perps order form so the amount is only reset when it exceeds the new max after changing payment token or balance, and no longer overwrites an initial or empty amount. ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: Perps order form amount when balance or payment token changes Scenario: user has set amount to 10 and then changes payment token Given user is on the Perps order view with amount set to 10 (or another value below the new max) When user changes the payment token (or balance updates so max possible amount changes) Then the amount remains 10 and is not reset to max or to 0 ``` ## **Screenshots/Recordings** ### **Before** No visible change ### **After** No visible change ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Small, localized UI state change to Perps order form amount clamping with minimal surface area; main risk is behavior differences around edge cases like `0`/empty amounts. > > **Overview** > Fixes Perps order form amount clamping when `balanceForMax`/`maxPossibleAmount` changes so it only overwrites the entered amount when the current value is **greater than or equal to** the new max, and avoids clamping when either value is `0`. > > This refactors the `useEffect` to early-return for non-exceeding/zero cases and consistently floor the recalculated max before updating `orderForm.amount`. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 68bf99e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  --------- Co-authored-by: Cursor <cursoragent@cursor.com> [985f421](985f421) Co-authored-by: Michal Szorad <michal.szorad@consensys.net> Co-authored-by: Cursor <cursoragent@cursor.com>

This reverts commit e922e16.

@sahar-fehri

…4.0 (#25798) - fix: nft images not loading (flaky) cp-7.64.0 (#25705)  ## **Description** Seeing a bug with NFT import on mobile for a custom network. On extension, the image for this NFT shows up just fine after import. On mobile, the image is blank. Multiple users have reported this. Mobile: <img width="300" height="2400" alt="image" src="https://github.com/user-attachments/assets/ab29a8f7-5c1f-4070-bf79-940f105b8caf" /> Extension: <img width="300" height="492" alt="image" src="https://github.com/user-attachments/assets/ec722a68-67e3-483a-b6a7-6f7eb08709c6" /> Solution: @sahar-fehri spotted that the difference between Extension and Mobile was the IPFS gateway, following that piece of information we identified where to change the ipfs url so that we only had to modify the cleint (mobile) and not core. Furthermore, after fixing that issue, we spotted some kind of flakiness where images were sometimes displayed and other times werent. This was due to the image being null while decoding the IPFS url which triggered expo-image calling `onError` and therefore not loading the image Finally, I also found an existing bug on @MetaMask/confirmations where IPFS images are not resolved  ## **Changelog**  CHANGELOG entry: nft images not loading for ApexYugalabs + flakiness ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/ASSETS-2610 ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After** https://github.com/user-attachments/assets/a379d20a-0ac2-45e8-89c5-8779517d3891  ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Touches NFT image resolution/rendering paths and controller initialization defaults; mistakes could regress NFT/media display across the app, though changes are localized and covered by updated tests. > > **Overview** > Fixes flaky/blank NFT images by **resolving IPFS URIs using the configured gateway** in confirmations’ `useEVMNfts` (async URL selection that tries multiple image fields and skips empty/null IPFS resolutions, with logging on failure). > > Updates `RemoteImage` to **render nothing while an IPFS URL is still being resolved** (instead of briefly rendering an empty `uri` that can trigger `expo-image` errors), and adds/adjusts tests and snapshots accordingly. > > Also hardens confirmations’ NFT row display for ERC1155 by defaulting missing balances to `0`, and initializes the engine `NftController` with an explicit `ipfsGateway: 'dweb.link'` (with a matching init test update). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b1130de. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [71d7c3f](71d7c3f) Co-authored-by: Juanmi <95381763+juanmigdr@users.noreply.github.com>

…on colors (#25737) - feat(card): cp-7.64.0 change CardHome button colors (#25728)  ## **Description**  Change CardHome button colors ## **Changelog**  CHANGELOG entry: ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  <img width="200" height="900" alt="image" src="https://github.com/user-attachments/assets/31e5700c-2387-4c73-a71a-6576036e2f95" /> ### **After**  <img width="200" height="900" alt="image" src="https://github.com/user-attachments/assets/64bb8951-f334-406e-a916-d0070723bc28" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Purely UI styling changes (button variant/color updates) with no logic, data, or navigation changes; risk is limited to visual regressions and snapshot/test updates. > > **Overview** > Updates `CardHome` CTA styling by switching the main action buttons (`Add funds`, `Enable card`, `Change asset`, and error `Try again`) from `ButtonVariants.Secondary` to `ButtonVariants.Primary`. > > Refreshes the `CardHome` Jest snapshots to reflect the new primary button appearance (dark background with white text, removing the previous secondary styling). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 61ad41d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  Co-authored-by: Ale Machado <alejandro@macha.do> [51f9d36](51f9d36) Co-authored-by: Bruno Nascimento <brunonascimentodev@gmail.com> Co-authored-by: Ale Machado <alejandro@macha.do>

…IDGE_CHAIN_IDS (#25809) - fix: check chainRanking against ALLOWED_BRIDGE_CHAIN_IDS (#25788)  ## **Description** When new networks are added to the chainRanking remote feature flag in LaunchDarkly, older app versions that don't support those networks would still surface them in the UI (destination network pills, source chain checks). This creates a forward-compatibility gap where users could see unsupported networks. This change adds client-side filtering of chainRanking against ALLOWED_BRIDGE_CHAIN_IDS — the hardcoded allowlist in @metamask/bridge-controller that defines which chains this version of the client actually supports. This ensures that chains added to the remote flag in the future are silently ignored by older app versions that lack support for them.  ## **Changelog**  CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Changes selector logic that drives which networks appear/are considered enabled for bridging, so regressions could hide valid networks or incorrectly disable bridging if allowlist/ID formatting mismatches occur. > > **Overview** > Adds a client-side `isAllowedBridgeChainId` guard so chains coming from the remote `bridgeConfigV2.chainRanking` flag are filtered against `ALLOWED_BRIDGE_CHAIN_IDS`. > > Updates selectors so **source** chain ranking is filtered by both allowlist *and* user-configured networks, **destination** chain ranking is filtered by allowlist only, and `selectIsBridgeEnabledSourceFactory` now checks membership in the allowlisted `chainRanking` rather than per-chain config flags. Expands unit tests to cover EVM/non-EVM unsupported chains and the new allowlist filtering behavior. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit acd1570. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [2726418](2726418) Co-authored-by: Bryan Fullam <bryan.fullam@consensys.net>

… get swapped (#25899) - fix: remove old erc-20 balances that fully get swapped cp-7.65.0 (#25797)  ## **Description** Patch of this fix: MetaMask/core#7861  ## **Changelog**  CHANGELOG entry: fix: remove old erc-20 balances that fully get swapped ## **Related issues** Fixes: [#incident-metamask-1453](https://consensys.slack.com/archives/C0AD7TXHKQS) ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After** https://www.loom.com/share/243ad5b96abc4591bd3b51cc28d2e2d8 ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Touches token balance fetching/normalization logic via a vendored patch, which could affect displayed balances if token tracking data or API responses differ from expectations. > > **Overview** > **Fixes stale ERC-20 balances after full swaps** by patching `@metamask/assets-controllers` so the Accounts API balance fetcher can derive the user’s tracked token list and emit explicit *zero* balance entries for tracked ERC-20s missing from the API response. > > Wires `TokenBalancesController` to pass current `state.tokenBalances` into the `AccountsApiBalanceFetcher`, and updates app dependencies to use the patched `@metamask/assets-controllers@99.2.0` (with corresponding lockfile/resolution updates). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b6e90d7. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [3cd7132](3cd7132) Co-authored-by: Prithpal Sooriya <prithpal.sooriya@consensys.net>

## **Description** **Reason for change:** `yarn audit:ci` was failing due to a high-severity vulnerability in `axios` (GHSA-43fc-jf86-j433): Denial of Service via the `__proto__` key in `mergeConfig`. Affected versions are ≤1.13.4; the project was on 1.12.2. **Solution:** - Bumped axios resolutions to `^1.13.5` in root `package.json` (both resolution entries) and in `.github/scripts/package.json`. - Added `axios` to `npmPreapprovedPackages` in `.yarnrc.yml` so Yarn’s 3-day minimal age gate allows the new release. - Ran `yarn install --no-immutable` to update the lockfile to axios 1.13.5. No code changes; dependency upgrade only. `yarn audit:ci` now passes. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: N/A ## **Manual testing steps** ```gherkin Feature: Security audit and dependency usage after axios upgrade Scenario: CI audit passes after axios upgrade Given the repo has axios resolved to 1.13.5 When I run yarn audit:ci Then the command exits with code 0 and reports no audit suggestions Scenario: App and scripts still run with upgraded axios Given the branch is checked out and dependencies are installed When I run yarn install and then run any flow that uses axios (e.g. scripts or app network calls) Then no runtime errors occur and behavior is unchanged ``` ## **Screenshots/Recordings** Not applicable (dependency-only change; no UI changes). ### **Before** N/A ### **After** N/A ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Dependency upgrade plus bundler resolution changes could affect runtime networking behavior or Metro module resolution, especially if any code relied on Axios’ Node build. > > **Overview** > Bumps `axios` to `^1.13.5` (and updates both root `yarn.lock` and `.github/scripts/yarn.lock`) to address the reported security advisory. > > Updates `metro.config.js` resolver logic to always redirect `axios` (and `axios/dist/node/*`) imports to `axios/dist/browser/axios.cjs`, while preserving the existing E2E-only Sentry module mocking behavior under the new unified `resolveRequest` handler. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 520829a. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  --------- Co-authored-by: sethkfman <10342624+sethkfman@users.noreply.github.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: Cal-L <cal.leung@consensys.net>

…al terms and US account checkboxes (#25923) - fix(card): cp-7.65.0 add email consent legal terms and US account checkboxes (#25869) ## Summary This PR adds several legal consent improvements to the Card onboarding flow, focusing on US-specific requirements. ## Changes 1. **Email consent legal terms** - Added consent text to ConfirmEmail screen: "By continuing, you agree to receiving email for login verifications and alerts." 2. **E-sign consent improvements** - Made the consent text more concise and improved clickable area usability by making only the document name ("E-Sign Act Consent and Disclosure") clickable instead of the entire text. 3. **US-only consent checkboxes** - Added two required checkboxes for US users on the Physical Address screen: - **Coinme Terms of Service** - Single checkbox with clickable link - **Cross River Bank consent** - Checkbox with 4 clickable document links (Terms & Conditions, Account Opening Disclosures, Notice of Privacy Practices, CL Privacy Policy) - All checkboxes are required for US users to proceed - Updated consent text to use "Cross River Bank" (without possessive) and "CL Privacy Policy" 4. **USA PATRIOT Act notice** - Added concise legal notice for US users on Verify Identity screen: "Federal law (USA PATRIOT Act) requires us to verify your identity with ID and proof of address to help prevent terrorism and money laundering. This usually takes 5 minutes." All US-specific features use `selectedCountry?.key === 'US'` checks, following the established pattern in the Card onboarding flow. ## Test plan - [ ] Test email confirmation screen shows legal terms - [ ] Test e-sign consent clickable area (only document name should be clickable) - [ ] Test US users see all 3 consent checkboxes on Physical Address screen - [ ] Test non-US users don't see the US-only checkboxes - [ ] Test all document links open correctly - [ ] Test consent text displays "Cross River Bank" and "CL Privacy Policy" - [ ] Test US users see PATRIOT Act notice on Verify Identity screen - [ ] Test non-US users see original text on Verify Identity screen - [ ] Test form validation requires all checkboxes for US users 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Bruno Nascimento <bruno.nascimento@consensys.net> [463fbd2](463fbd2)  --- > [!NOTE] > **Medium Risk** > Changes gating/validation in the Card onboarding flow for US users and adds external legal-link navigation, which could block progression if copy/links or state handling regress. > > **Overview** > Adds a **legal consent disclosure** to the `ConfirmEmail` step (new i18n key `confirm_email.legal_terms`) and renders it under the Continue button. > > Updates the `PhysicalAddress` step for **US users** to require two additional consents (Coinme ToS + Cross River Bank disclosures) before continuing, refactors the existing E-Sign consent copy so only the document name is clickable, and wires up multiple `Linking.openURL` handlers for the legal document links. > > Updates `VerifyIdentity` to show a **US-specific (USA PATRIOT Act) notice** via a new translation key, and expands `PhysicalAddress.test.tsx` to cover the new required checkboxes and link-opening behavior (including non-US rendering expectations). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d47cd02. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  Co-authored-by: Ale Machado <alejandro@macha.do> Co-authored-by: Bruno Nascimento <bruno.nascimento@consensys.net>

…ent to prevent duplicate onClose and goBack calls from firing (#25922) - fix: cp-7.65.0 hardened bottomsheet component to prevent duplicate onClose and goBack calls from firing (#25862)  ## **Description** Fixes bug where duplicate mUSD conversion transactions could be created by spam pressing the "Pay with" menu items. The proposed fix is to harden the `BottomSheet` component to dedupe duplicate events. Bottomsheet changes: - Deduped navigation: `navigation.goBack()` now runs at most once per sheet lifecycle (guards duplicate close events). - Hardened close requests: `onCloseBottomSheet(callback)` is now first-wins while closing (ignores subsequent close requests so the callback can’t be overwritten). - Single-fire post callback: the `postCallback` now runs at most once on close (even if multiple close events fire), and is cleared after running. - Resets on open: on open we reset the close-state refs so the sheet can be reused safely.  ## **Changelog**  CHANGELOG entry: updated bottomsheet component to dedupe events ## **Related issues** Fixes: [MUSD-306: Duplicate mUSD transactions created when spam clicking token in the "Pay with" menu](https://consensyssoftware.atlassian.net/browse/MUSD-306) ## **Manual testing steps** ```gherkin Feature: Idempotent BottomSheet close behavior Scenario: user closes a bottom sheet multiple times rapidly Given a bottom sheet is open and configured to navigate back on close When the user triggers multiple close actions in quick succession Then the app navigates back only once And any post-close callback runs at most once And logs are displayed to display this dedupe behaviour ``` ## **Screenshots/Recordings**  ### **Before**  Video shows the bottomsheet calling `navigation.goBack()` twice. https://github.com/user-attachments/assets/e56cb0f6-0e54-49c6-8bee-26ebc545e97c ### **After**  N/A - Bottomsheet dedupes duplicate events ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Touches a widely used `BottomSheet` close/navigation path, so regressions could affect modal dismissal behavior across the app, though the changes are narrow and add guards rather than altering core flows. > > **Overview** > Prevents duplicate bottom-sheet close side effects by making `BottomSheet` idempotent across a sheet lifecycle: `navigation.goBack()` runs at most once, repeated `onCloseBottomSheet()` calls while closing are ignored, and the post-close callback is guaranteed to run at most once (then cleared), with state reset on open and logs when duplicates are skipped. > > Updates `PayWithModal` to pass a single `onClosed` handler to `onCloseBottomSheet` so token-selection actions (mUSD conversion, perps deposit/order, or `setPayToken`) occur only after the sheet finishes closing, reducing risk of duplicate transaction-triggering side effects from rapid taps. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9c63858. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [59a8f6a](59a8f6a) Co-authored-by: Matthew Grainger <46547583+Matt561@users.noreply.github.com>

… properties for mUSD same-chain enforcement (#25926) - feat: cp-7.65.0 MUSD-307 Add missing event properties for mUSD same-chain enforcement (#25915)  ## **Description** ## Purpose Add mUSD conversion quote + consistency-check context to the `MUSD_CONVERSION_STATUS_UPDATED` tracking event. ## Event properties added - `quote_payment_chain_id`: Quote source chainId (where payment token is sourced) - `quote_output_chain_id`: Quote target chainId (where output token is received) - `quote_is_same_chain`: Whether quote source/target chainIds match - `quote_payment_token_address`: Quote source/payment token address - `quote_output_token_address`: Quote target/output token address - `payment_amount_usd`: Quoted source/payment amount in USD - `output_amount_usd`: Quoted target/output amount in USD - `pay_quote_strategy`: Quote strategy used - `selected_payment_chain_id`: User-selected payment chainId (if present) - `selected_payment_chain_matches_quote_payment_chain`: Whether selected payment chainId matches quote source chainId - `tx_execution_chain_matches_quote_output_chain`: Whether tx execution chainId matches quote target chainId - `payment_token_address`: Resolved “payment/in” token address (selected or quote-derived) - `payment_token_chain_id`: Resolved “payment/in” token chainId (selected or quote-derived) - `output_token_address`: Resolved “output/out” token address (quote-derived) - `output_token_chain_id`: Resolved “output/out” token chainId (quote-derived)  ## **Changelog**  CHANGELOG entry: added mUSD conversion event properties for same-chain enforcement ## **Related issues** Fixes: [MUSD-307: Add tracking for bridge conversions](https://consensyssoftware.atlassian.net/browse/MUSD-307) ## **Manual testing steps** ```gherkin Feature: Enriched mUSD conversion status analytics Scenario: user conversion status update includes quote context Given user initiates an mUSD conversion that produces a MetaMask Pay quote When the conversion transaction status updates (approved, confirmed, or failed) Then analytics includes the quote payment/output chain and token addresses And analytics includes whether the quote is same-chain and the quote strategy And analytics includes payment/output USD amounts when available ``` ## **Screenshots/Recordings**  ### **Before**  N/A ### **After** N/A  ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Primarily analytics/test changes with a small defensive change around transfer data decoding; low risk to user flows, but metrics payload shape changes and depends on quote availability from state. > > **Overview** > Enriches the `MUSD_CONVERSION_STATUS_UPDATED` MetaMetrics event emitted by `useMusdConversionStatus` with **MetaMask Pay quote context** (payment/output chain + token addresses, same-chain flag, quote strategy, and USD amounts) plus **consistency-check fields** comparing the user-selected payment chain and tx execution chain to the quote. > > Hardens tracking by **safely decoding** `txParams.data` (no-throw; empty amounts on malformed data) and updates tests to assert the new properties, including new same-chain vs cross-chain quote scenarios and more flexible property matching. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 22d6f32. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [4ba008a](4ba008a) Co-authored-by: Matthew Grainger <46547583+Matt561@users.noreply.github.com>

) - fix(perps): markets filters cp-7.65.0 (#25898)  ## **Description** The Perps market category filter pills had two UX issues: 1. **Pills disappeared when a category was selected** — selecting a category (e.g. "Crypto") would hide all other pills and show only the selected one with a dismiss "×". This made it impossible to quickly switch between categories without first dismissing the current filter. 2. **Selected pill was invisible in light mode** — the selected pill background used `theme.colors.overlay.inverse` which resolves to `#ffffff` (white) in **both** light and dark themes. On a white/light background this made the selected pill completely invisible. ### Changes **`PerpsMarketCategoryBadges`** — Removed the dual-render-path pattern. The component now always renders all pills in a horizontal `ScrollView`. The selected pill is visually highlighted and shows a dismiss "×" icon. Tapping the selected pill toggles it off (back to "all"). Tapping another pill switches the filter directly. Removed unused `View` and `FadeOut` imports, and the unused `container` style. **`PerpsMarketCategoryBadge.styles`** — Changed the selected pill background from `overlay.inverse` (`#ffffff` in both themes) to `icon.default` (`#121314` in light mode, `#ffffff` in dark mode), ensuring strong contrast in both themes. Text color (`icon.inverse`) already correctly inverts per theme. **Tests** — Updated `PerpsMarketCategoryBadges.test.tsx` to reflect the new behavior: all pills remain visible when one is selected, tapping a selected pill deselects it, tapping a different pill switches categories, and the dismiss icon only appears on the selected pill. ## **Changelog** CHANGELOG entry: Fixed Perps market category filter pills disappearing when a category is selected, and fixed selected pill being invisible in light mode ## **Related issues** Fixes: #25900 ## **Manual testing steps** ```gherkin Feature: Perps Market Category Filter Pills Scenario: user views category pills with no filter active Given the user is on the Perps markets list screen And no category filter is selected When the user views the filter bar Then all category pills (Crypto, Stocks, Commodities, Forex, New) are visible And no pill is highlighted Scenario: user selects a category filter Given the user is on the Perps markets list screen And no category filter is selected When the user taps the "Crypto" pill Then the "Crypto" pill is highlighted with a dark background (light mode) or white background (dark mode) And the "Crypto" pill shows a dismiss "×" icon And all other pills (Stocks, Commodities, Forex, New) remain visible and unselected And the market list is filtered to show only Crypto markets Scenario: user deselects a category filter by tapping the selected pill Given the user is on the Perps markets list screen And the "Crypto" category filter is active When the user taps the "Crypto" pill (or its dismiss "×" icon) Then no category filter is active And all pills return to unselected state And the market list shows all markets Scenario: user switches category filter directly Given the user is on the Perps markets list screen And the "Crypto" category filter is active When the user taps the "Stocks" pill Then the "Stocks" pill becomes highlighted with dismiss icon And the "Crypto" pill returns to unselected state And the market list is filtered to show only Stocks markets Scenario: selected pill is visible in light mode Given the user is using the app in light mode And the user is on the Perps markets list screen When the user taps any category pill Then the selected pill is clearly visible with a dark background and white text And it is distinguishable from the unselected pills ``` ## **Screenshots/Recordings**  ### **Before** - Selecting a category hid all other pills, showing only the selected one - Selected pill was invisible in light mode (white on white) ### **After** - All pills always remain visible; selected pill is highlighted with dismiss "×" - Selected pill has strong contrast in both light and dark modes https://github.com/user-attachments/assets/f54536f0-29e2-4c71-8bdd-d4549db51619 ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > UI-only behavior and styling changes to a local filtering component, with updated unit tests; minimal risk outside the Perps market list UX. > > **Overview** > Fixes Perps market category filter UX by **always rendering all category pills** in `PerpsMarketCategoryBadges` (instead of collapsing to a single selected pill), while visually highlighting the active category and allowing **tap-to-toggle off** back to `all` or switch directly to another category. > > Adjusts selected pill styling in `PerpsMarketCategoryBadge.styles` to use `theme.colors.icon.default` for the selected background (improving light-mode visibility) and removes now-unused container styling/exit animations. Updates `PerpsMarketCategoryBadges` tests to match the new always-visible + toggle/switch behavior and verify dismiss icon only appears on the selected pill. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7afd934. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [486e0d7](486e0d7) Co-authored-by: Alejandro Garcia Anglada <aganglada@gmail.com>

…buttons temporarily (#25925) - fix: cp-7.65.0 Remove speed-up and cancel buttons temporarily (#25859)  ## **Description**  This PR aims to remove speed up and cancel buttons from transaction activity temporarily. We will introduce as part of redesign here: https://github.com/MetaMask/MetaMask-planning/issues/6569 ## **Changelog**  CHANGELOG entry: ## **Related issues** Fixes: #25781 ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [X] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [X] I've completed the PR template to the best of my ability - [X] I've included tests if applicable - [X] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [X] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > UI-only removal of existing actions; risk is mainly a temporary loss of user functionality with minimal chance of breaking unrelated transaction rendering. > > **Overview** > Removes the **Speed up** and **Cancel** transaction action buttons from the activity list rows and from the transaction details modal (`TransactionElement` and `TransactionDetails`). > > Cleans up related wiring by dropping the smart-transaction gating selector/props and deleting the associated UI handlers/tests (including the `TransactionDetails` button rendering test and unused callbacks in `TransactionDetailsSheet`). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 78845da. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [fb14049](fb14049) Co-authored-by: OGPoyraz <omergoktugpoyraz@gmail.com>

…Action (#26041) - chore: New Crowdin translations by Github Action cp-7.65.0 (#25645)  --- > [!NOTE] > **Low Risk** > Translation-only changes limited to `de`/`el` locale files; main risk is missing/incorrect keys or interpolation placeholders causing UI fallback or formatting issues. > > **Overview** > Refreshes `locales/languages/de.json` and `locales/languages/el.json` with new Crowdin translation content, including many fixes where English placeholders remained and updated phrasing for existing UI. > > Adds new localized strings for recently added flows (e.g., `wallet_creation_error`, gas sponsorship reserve-balance warning, first-time address interaction alerts, perps *pay with* copy and validation, provider selection, prediction-market liquidity/busy errors, card push provisioning, and fiat on-ramp payment method/provider selection), plus assorted wording tweaks and new labels (e.g., `transaction_error`, new mUSD claim labels/titles). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 331b421. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> [ff877d4](ff877d4) Co-authored-by: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>

…ring wallet creation - (#26056) - fix: Prompt for biometric access on iOS during wallet creation - cp-7.65.0 (#26002)  ## **Description**  This PR addresses a regression on 7.65.0 where biometrics access is no longer prompted on wallet creation for iOS. The change here adds that back, which should result in a more intuitive user experience + makes it consistent with Android. This is an improvement relative to the code that was removed in #24496 since we're now detecting the auth type prior to the password being stored rather than triggering two storage actions. ## **Changelog**  CHANGELOG entry: ## **Related issues** Fixes: #25998 ## **Manual testing steps** Allowing biometrics - Will be prompted ask for biometric access on wallet creation - If allowed, unlock access control will be stored using biometrics - Future unlock triggers biometrics Rejecting biometrics - Will be prompted ask for biometric access on wallet creation - If rejected, unlock access control will not be stored, forcing user to use password - Future unlock falls back to password entry ## **Screenshots/Recordings**  ### **Before**  ### **After**  Allowing biometrics https://github.com/user-attachments/assets/9a05e870-b1fe-465e-ba8c-6b565198ed9e Rejecting biometrics https://github.com/user-attachments/assets/9ce0be47-2aaf-4ce3-bf6e-c0386559546c ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Touches core wallet creation/import and credential storage logic, including new native biometric prompting on iOS and changes to fallback behavior; regressions could affect onboarding success or how passwords are stored/retrieved. > > **Overview** > Restores an explicit iOS biometric access-control prompt during wallet creation/import by adding `Authentication.requestBiometricsAccessControlForIOS` (backed by `expo-local-authentication`) and using its result to downgrade from BIOMETRIC to PASSWORD when the user declines/cancels. > > Refactors auth persistence by removing `updateAuthTypeStorageFlags`/`storePasswordWithFallback`, making `Authentication.storePassword` public and adding an optional `fallbackToPassword` retry path; wallet creation/import and reset-password flows now call `storePassword(..., true)` directly. > > Updates and expands unit tests to cover the new iOS prompt behavior and the revised `storePassword` fallback/flag logic, adds a Jest mock for `expo-local-authentication`, and introduces the `expo-local-authentication` dependency (iOS pod + package). > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0f8b7e7. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [ff37603](ff37603) --------- Co-authored-by: Cal Leung <cal.leung@consensys.net> Co-authored-by: João Loureiro <175489935+joaoloureirop@users.noreply.github.com>

…cation permission. (#23759)" This reverts commit ddd333c.

## **Description** Instead of display OTA version like "v7.65.0 ota v1", we want to display "ota v7.65.1" ## **Changelog**  CHANGELOG entry: Changed how OTA version is displayed ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before** <img width="200" height="450" alt="File" src="https://github.com/user-attachments/assets/b73503f5-378e-4c13-8b94-85d44e7483d2" />  ### **After** <img width="200" height="450" alt="Simulator Screenshot - iPhone 16 - 2026-02-19 at 11 39 56" src="https://github.com/user-attachments/assets/a0dffaf5-5f91-4725-939d-95309bd6d419" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [x] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [x] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > UI-only version-string logic and test updates; minimal risk beyond potentially misreporting version/OTA status in edge cases (e.g., OTA disabled/embedded detection). > > **Overview** > Updates the About MetaMask (`AppInformation`) header version string to **conditionally show the OTA version** when running an update, and the native app version when running embedded code/dev or when OTA is disabled. > > Removes the `getFullVersion` helper (now only exports `OTA_VERSION`), bumps `OTA_VERSION` to `v7.65.1`, and updates tests/snapshots to wait for async device-info rendering and to mock `OTA_VERSION` directly while also showing `OTA Version` in the long-press environment info section. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 5610e54. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

This PR updates the change log for 7.65.0. (Hotfix - no test plan generated.) --------- Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> Co-authored-by: João Loureiro <175489935+joaoloureirop@users.noreply.github.com>

# 🚀 v7.65.0 Testing & Release Quality Process Hi Team, As part of our new **MetaMask Release Quality Process**, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment. --- ## 📋 Key Processes ### Testing Strategy - **Developer Teams:** Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows. - **QA Team:** Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing. - **Customer Success Team:** Validate new functionalities and provide feedback to support release monitoring. ### GitHub Signoff - Each team must **sign off on the Release Candidate (RC)** via GitHub by the end of the validation timeline (**Tuesday EOD PT**). - Ensure all tests outlined in the Testing Plan are executed, and any identified issues are addressed. ### Issue Resolution - **Resolve all Release Blockers** (Sev0 and Sev1) by **Tuesday EOD PT**. - For unresolved blockers, PRs may be reverted, or feature flags disabled to maintain release quality and timelines. ### Cherry-Picking Criteria - Only **critical fixes** meeting outlined criteria will be cherry-picked. - Developers must ensure these fixes are thoroughly reviewed, tested, and merged by **Tuesday EOD PT**. --- ## 🗓️ Timeline and Milestones 1. **Today (Friday):** Begin Release Candidate validation. 2. **Tuesday EOD PT:** Finalize RC with all fixes and cherry-picks. 3. **Wednesday:** Buffer day for final checks. 4. **Thursday:** Submit release to app stores and begin rollout to 1% of users. 5. **Monday:** Scale deployment to 10%. 6. **Tuesday:** Full rollout to 100%. --- ## ✅ Signoff Checklist Each team is responsible for signing off via GitHub. Use the checkbox below to track signoff completion: # Team sign-off checklist - [x] Accounts Framework - [x] Assets - [x] Bots Team - [x] Card - [x] Confirmations - [x] Core Platform - [x] Design System - [x] Earn - [x] Mobile Platform - [x] Mobile UX - [x] Network Enablement - [x] Onboarding - [x] Perps - [x] Predict - [x] Product Safety - [x] Ramp - [x] Rewards - [x] Swaps and Bridge - [x] team-new-networks - [x] Transactions This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀 Feel free to reach out if you have questions or need clarification. Many thanks in advance # Reference - Testing plan sheet - https://docs.google.com/spreadsheets/d/1tsoodlAlyvEUpkkcNcbZ4PM9HuC9cEM80RZeoVv5OCQ/edit?gid=404070372#gid=404070372

…28hj-76wf cp-7.66.0 (#26441) - chore: allow list audit finding GHSA-378v-28hj-76wf cp-7.66.0 (#26386) add bn.js affected by an infinite loop. No fix available yet (latest is 5.2.1, affected <=5.2.3). Suppressing for now to unblock CI. GHSA-378v-28hj-76wf  ## **Description**  ## **Changelog**  CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Low risk config-only change, but it intentionally suppresses a known dependency vulnerability from failing CI. > > **Overview** > Adds `GHSA-378v-28hj-76wf` / advisory `1113402` (bn.js infinite-loop issue) to `npmAuditIgnoreAdvisories` in `.yarnrc.yml` to suppress the audit finding and unblock CI. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6285323. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  [ebce642](ebce642) Co-authored-by: sethkfman <10342624+sethkfman@users.noreply.github.com>

…26382) ## **Description** This PR adds the full Predictions section implementation for the Homepage, enabling users to view their prediction positions or discover trending prediction markets. **Key features:** - **Conditional rendering**: Shows user's positions if they have any, otherwise displays trending markets carousel - **Trending markets carousel**: Horizontal scrollable list with snap-to-card behavior and "More predictions" card at the end - **Fade overlay effect**: Gradient overlay on the right edge that fades out as user scrolls to the end - **Shimmer loading skeletons**: Consistent with DeFi section using `SkeletonPlaceholder` with theme colors - **Optimized refresh**: Only fetches positions when user has them, always refreshes markets **Components added:** - `PredictMarketCard` - Compact card for trending markets - `PredictPositionRow` - Row component for user positions - `ViewMoreCard` - Card at end of carousel for navigation - `PredictMarketCardSkeleton` / `PredictPositionRowSkeleton` - Loading states **Utilities added:** - `colorWithOpacity` - Converts design system colors to RGBA for gradient effects - `usePredictMarketsForHomepage` - Hook for fetching trending markets with caching - `usePredictPositionsForHomepage` - Hook for fetching user positions with caching ## **Changelog** CHANGELOG entry: null ## **Related issues** Refs: https://consensyssoftware.atlassian.net/browse/TMCU-421 Refs: https://consensyssoftware.atlassian.net/browse/TMCU-415 ## **Manual testing steps** ```gherkin Feature: Predictions Section on Homepage Scenario: user views trending markets when they have no positions Given user is on the homepage And user has no prediction positions When user scrolls to the Predictions section Then user sees a horizontal carousel of trending market cards And user sees a "More predictions" card at the end And user sees a fade effect on the right edge while scrolling Scenario: user views their positions when they have active predictions Given user is on the homepage And user has at least one prediction position When user scrolls to the Predictions section Then user sees their positions displayed in rows And user can tap a position to navigate to market details Scenario: user navigates to full predictions list Given user is on the homepage When user taps the "Predictions" section title Then user is navigated to the full predictions market list ``` ## **Screenshots/Recordings** ### **Before** ### Flag Off (no change) <img width="300" alt="image" src="https://github.com/user-attachments/assets/c7ecd487-faf0-4a8d-b66e-6cc1cf9ad78e" /> ### Flag On <img width="300" alt="image" src="https://github.com/user-attachments/assets/02f5e64c-f3e7-4e46-9c93-f011acf25aaf" /> ### **After** ### Flag Off (no changes) <img width="300" alt="image" src="https://github.com/user-attachments/assets/c7ecd487-faf0-4a8d-b66e-6cc1cf9ad78e" /> ### Flag On <img width="300" alt="image" src="https://github.com/user-attachments/assets/202b1915-5c26-492e-b912-9d5f4d46e4ae" /> <img width="300" alt="image" src="https://github.com/user-attachments/assets/f4ecc50a-aa87-4488-8bc0-eecbd7627021" />  ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Touches homepage rendering and adds new Engine-backed fetch hooks with caching/refresh behavior; risk is mainly UI/regression and data-loading edge cases rather than security-critical logic. > > **Overview** > Adds a fully functional **Homepage Predictions** section that conditionally renders either a compact list of the user’s prediction positions (with navigation into `MARKET_DETAILS`) or a horizontally snapping carousel of trending markets with a trailing “More predictions” CTA. > > Introduces homepage-specific data hooks for positions and markets (with module-level caching, refresh support, and basic stale-response protection), plus shared UI primitives for loading and failure states (skeleton cards/rows and a reusable `ErrorState` with retry). Also centralizes `colorWithOpacity` into `app/util/colors` (with tests) and updates gradients to use the shared helper, alongside new i18n strings for “More predictions” and section error messaging. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 67b22d2. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

# 🚀 v7.65.1 Testing & Release Quality Process Hi Team, As part of our new **MetaMask Release Quality Process**, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment. --- ## 📋 Key Processes ### Testing Strategy - **Developer Teams:** Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows. - **QA Team:** Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing. - **Customer Success Team:** Validate new functionalities and provide feedback to support release monitoring. ### GitHub Signoff - Each team must **sign off on the Release Candidate (RC)** via GitHub by the end of the validation timeline (**Tuesday EOD PT**). - Ensure all tests outlined in the Testing Plan are executed, and any identified issues are addressed. ### Issue Resolution - **Resolve all Release Blockers** (Sev0 and Sev1) by **Tuesday EOD PT**. - For unresolved blockers, PRs may be reverted, or feature flags disabled to maintain release quality and timelines. ### Cherry-Picking Criteria - Only **critical fixes** meeting outlined criteria will be cherry-picked. - Developers must ensure these fixes are thoroughly reviewed, tested, and merged by **Tuesday EOD PT**. --- ## 🗓️ Timeline and Milestones 1. **Today (Friday):** Begin Release Candidate validation. 2. **Tuesday EOD PT:** Finalize RC with all fixes and cherry-picks. 3. **Wednesday:** Buffer day for final checks. 4. **Thursday:** Submit release to app stores and begin rollout to 1% of users. 5. **Monday:** Scale deployment to 10%. 6. **Tuesday:** Full rollout to 100%. --- ## ✅ Signoff Checklist Each team is responsible for signing off via GitHub. Use the checkbox below to track signoff completion: # Team sign-off checklist - [ ] Mobile Platform This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀 Feel free to reach out if you have questions or need clarification. Many thanks in advance # Reference - Testing plan sheet - https://docs.google.com/spreadsheets/d/1tsoodlAlyvEUpkkcNcbZ4PM9HuC9cEM80RZeoVv5OCQ/edit?gid=404070372#gid=404070372  --- > [!NOTE] > **Medium Risk** > Touches browser WebView gesture coordination and activation logic, which can affect tap/scroll behavior and navigation; changes are well-covered by updated unit tests but still UI-interaction sensitive. > > **Overview** > Updates `GestureWebViewWrapper` to **defer pull-to-refresh activation**: top-edge touches enter a `pending_refresh` state and only activate after a small downward move (`PULL_MOVE_ACTIVATION`), failing on taps, horizontal drags, or upward movement; gesture composition also switches from `Gesture.Race` to `Gesture.Simultaneous` so WebView taps can pass through while the gesture decides. > > Refreshes associated tests/mocks to cover `onTouchesMove`/`onTouchesUp` and the new activation/failure cases, and adds the new `PULL_MOVE_ACTIVATION` constant. > > Bumps release/OTA metadata by setting `OTA_VERSION` to `v7.65.1`, updates the App Information screen to display native vs OTA version explicitly (and show OTA version in environment info), and adjusts snapshots/tests accordingly; Yarn config additionally suppresses a new `bn.js` audit advisory. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit dcabeb9. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

## **Description** This PR adds a bottom sheet modal when the user selects a token that is not purchasable with their provider, allowing them to change either the token or the provider. <img width="460" height="1046" alt="Screenshot 2026-02-13 at 12 52 34 PM" src="https://github.com/user-attachments/assets/b5998455-1621-42ef-84bc-165dec2aab0b" />  ## **Changelog**  CHANGELOG entry: Adds modal for changing token or provider if token is unavailable. ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/TRAM-3036 ## **Manual testing steps** ```gherkin Feature: my feature name Scenario: user [verb for user action] Given [describe expected initial app state] When user [verb for user action] Then [describe expected outcome] ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  ![token-unavailable](https://github.com/user-attachments/assets/9d158013-5eda-4510-bc8f-1a2caa015dab) ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Adds new navigation flow and modal behavior that triggers automatically based on provider token support; mistakes could cause unexpected modal loops or block the quote screen, though changes are localized to Ramp UI and covered by tests. > > **Overview** > When a user selects a provider that doesn’t support the currently selected `assetId`, `BuildQuote` now automatically navigates to a new `RampTokenNotAvailableModal` (gated to fire once per unsupported state to avoid re-navigation on re-renders). > > Adds the new bottom-sheet modal with copy and actions to *change token* (navigate back to token selection) or *change provider* (open provider picker), wires it into Ramp modal routes and `Routes.RAMP.MODALS`, and updates i18n strings. Provider picker spacing is tweaked and its tests are refactored to render with app providers; new/updated tests and snapshots cover the unsupported-token flow and modal interactions. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 97a318a. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

## **Description** This PR reverts the changes from PR #7341 that added `IS_RAMP_UAT` and `IS_RAMP_DEV` environment variable conditions for WebView debugging. These conditions were causing `JniAndroid$UncaughtExceptionException` errors as reported in Sentry. **What changed:** - Reverted `MainApplication.kt` to use only `BuildConfig.DEBUG` for WebView debugging - Removed `IS_RAMP_UAT` and `IS_RAMP_DEV` buildConfigField definitions from `build.gradle` **Why:** The additional conditions introduced in PR #7341 were triggering JNI uncaught exceptions. Reverting to the original `BuildConfig.DEBUG` check resolves this issue while maintaining WebView debugging capability in debug builds. ## **Changelog** CHANGELOG entry: Fixed Android JNI UncaughtException error caused by WebView debugging configuration ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/TRAM-2903 Fixes #12193 ## **Manual testing steps** ```gherkin Feature: Android app stability Scenario: App launches without JNI exceptions Given the MetaMask app is installed on Android When user opens the app Then the app should launch without JNI UncaughtException errors And WebView debugging should work in DEBUG builds only ``` ## **Screenshots/Recordings** ### **Before** N/A - This is a revert of configuration code, not UI changes. ### **After** N/A ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Small Android build/config change that only affects when WebView debugging is enabled; minimal impact outside developer debugging behavior. > > **Overview** > Removes the `IS_RAMP_UAT`/`IS_RAMP_DEV` `BuildConfig` fields from `android/app/build.gradle`. > > Updates `MainApplication.kt` to enable `WebView.setWebContentsDebuggingEnabled(true)` *only* when `BuildConfig.DEBUG` is true, removing the additional Ramp environment-based conditions. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2973934. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Amitabh Aggarwal <amitabh94@users.noreply.github.com>

This PR syncs the stable branch to main for version 7.68.0. *Synchronization Process:* - Fetches the latest changes from the remote repository - Resets the branch to match the stable branch - Attempts to merge changes from main into the branch - Handles merge conflicts if they occur *File Preservation:* Preserves specific files from the stable branch: - CHANGELOG.md - bitrise.yml - android/app/build.gradle - ios/MetaMask.xcodeproj/project.pbxproj - package.json Indicates the next version candidate of main to 7.68.0  --- > [!NOTE] > **Low Risk** > Documentation-only change to `CHANGELOG.md` with no runtime or build impact. > > **Overview** > Updates `CHANGELOG.md` for the `7.65.0` release by adding a new version section with aggregated **Added** and **Fixed** entries. > > Also updates the compare links at the bottom so `[Unreleased]` now compares from `v7.65.0` to `HEAD`, and adds a new `[7.65.0]` comparison link. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit f8adcae. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

## **Description** Phase 2 analytics migration (Batch 2-16): migrate web3auth's OAuthRehydration component from useMetrics/MetricsEventBuilder to the new analytics system (useAnalytics/AnalyticsEventBuilder). **Reason**: Deprecate MetaMetrics in favour of the shared analytics utility and AnalyticsController. **Changes**: `OAuthRehydration/index.tsx` now uses `useAnalytics` from `app/components/hooks/useAnalytics/useAnalytics` and `AnalyticsEventBuilder` from `app/util/analytics/AnalyticsEventBuilder`; `MetaMetricsEvents` import updated to direct path. Test mocks updated to mock `useAnalytics` instead of `useMetrics`. Note: `OAuthService.ts` was already migrated on main. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/MCWP-297 (Batch 2-16) ## **Manual testing steps** ```gherkin Feature: Authentication analytics Scenario: user triggers an OAuth rehydration flow event Given app is open and user is in an OAuth rehydration flow When user performs an action that triggers analytics (e.g. password login attempt, rehydration completed) Then the event is tracked on Mixpanel ``` ## **Screenshots/Recordings** N/A – analytics migration, no UI change. ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Refactor limited to analytics hook/event-builder wiring and test mocks; no changes to auth flow logic or data handling are introduced. > > **Overview** > Migrates `OAuthRehydration` analytics instrumentation from the legacy `useMetrics`/`MetricsEventBuilder` to the new `useAnalytics` hook and `AnalyticsEventBuilder`, while keeping the same onboarding tracking calls/events. > > Updates the `MetaMetricsEvents` import to the new direct module path and adjusts the unit test mocks to stub `useAnalytics` instead of `useMetrics`. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 373b95e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

## **Description**  This PR is part of a series to remove the legacy code after BIP-44 was shipped, several components, hooks, views, etc. still uses the remote feature flag for BIP-44 causing an unnecessary overcomplexity that can be easily removed. The change includes updating the activity view. ## **Changelog**  CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/MUL-1458 ## **Manual testing steps** Not applicable ## **Screenshots/Recordings** Not applicable ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Changes the main Activity transactions rendering path and removes conditional behavior for non-EVM/legacy flows, which could affect users on certain account/network setups; test updates reduce but don’t eliminate behavioral regression risk. > > **Overview** > `ActivityView` is simplified by removing the feature-flag/address-based branching that chose between legacy `TransactionsView`/`MultichainTransactionsView` vs `UnifiedTransactionsView`; it now always renders `UnifiedTransactionsView`. > > The network filter button logic/styles are de-gated (no more disabled state based on `useCurrentNetworkInfo().isDisabled` or multichain flags), and tests are updated accordingly (snapshot + unit test expectation changes). > > Adds a stable `testID` (`unified-transactions-view`) for `UnifiedTransactionsView` and introduces a Detox page object; smoke tests switch to swiping the unified list and adjust fixtures to use an EVM-only account tree/network enablement to avoid live non-EVM fetching. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 95dcf1f. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  --------- Co-authored-by: Christopher Ferreira <christopher.ferreira@consensys.net> Co-authored-by: Curtis David <Curtis.David7@gmail.com>

## **Description** The balance check in `usePredictPlaceOrder` was comparing against `maxAmountSpent` alone, which does not include fees. This caused the deposit flow to be skipped when the user's balance was sufficient for the bet amount but insufficient to cover the bet amount plus fees, leading to order failures. This fix computes the `totalAmount` as `maxAmountSpent + fees.totalFee` and uses it for the balance comparison, ensuring the deposit prompt triggers correctly when the full cost (including fees) exceeds the user's balance. ## **Changelog** CHANGELOG entry: Fixed a bug where the balance check for prediction market orders did not account for fees, causing orders to fail when the user's balance was insufficient to cover fees ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/PRED-678 ## **Manual testing steps** ```gherkin Feature: Predict order balance check includes fees Scenario: user places a BUY order with balance less than amount + fees Given the user has a balance that covers the bet amount but not the bet amount plus fees When user places a BUY order Then the deposit flow is triggered to top up the shortfall Scenario: user places a BUY order with balance covering full amount with fees Given the user has a balance that covers both the bet amount and fees When user places a BUY order Then the order proceeds without triggering the deposit flow ``` ## **Screenshots/Recordings** ### **Before**  ### **After**  ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [ ] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > Small, localized logic change to preflight balance validation; main risk is minor behavior change in when the deposit flow triggers. > > **Overview** > Fixes a Predict order placement bug where the BUY-side balance check only compared against `maxAmountSpent` and could skip the deposit prompt when fees pushed the total cost over the user’s balance. > > `usePredictPlaceOrder` now computes a `totalAmount` as `maxAmountSpent + fees.totalFee` (with a safe default) and uses that value for both the insufficient-funds comparison and the `deposit` amount. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 8787912. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

## **Description** This PR updates the **Advanced Settings** screen to use an inline `HeaderCompactStandard` instead of stack navbar options. **Reason for change:** Align Settings subpages with the app’s header pattern: simple back + title screens should use `HeaderCompactStandard` (or equivalent) rendered inline, with the stack header hidden, for consistent layout and safe area handling. **What changed:** 1. **MainNavigator.js** – For the `AdvancedSettings` screen, replaced `options={AdvancedSettings.navigationOptions}` with `options={{ headerShown: false }}` so the stack header is hidden and the screen controls its own header. 2. **AdvancedSettings/index.js** – Removed navbar-based header setup: dropped `getNavigationOptionsTitle` import and usage, removed `updateNavBar`, and removed `componentDidUpdate` / `componentDidMount` calls that set navigation options. Added inline `HeaderCompactStandard` at the top of the content with `title={strings('app_settings.advanced_title')}`, `onBack={() => this.props.navigation.goBack()}`, and `includesTopInset`. 3. **AdvancedSettings/index.test.tsx** – Introduced shared `defaultNavigation` (including `goBack` mock); updated all `AdvancedSettings` renders to use it. Added tests: "renders header with correct title" and "calls navigation.goBack when back button is pressed". Snapshot updated to include the new header output. ## **Changelog** This PR is not end-user-facing (header presentation aligned with design; same screen content and behavior). CHANGELOG entry: null ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/DSYS-357 ## **Manual testing steps** ```gherkin Feature: Advanced Settings header Scenario: user sees inline header on Advanced Settings Given the app is open and the user is in Settings When the user taps "Advanced" Then the Advanced Settings screen shows an inline header with title "Advanced" and a back button And the stack navigator header is not visible Scenario: user can go back from Advanced Settings Given the user is on the Advanced Settings screen When the user taps the back button in the header Then the app navigates back to the previous Settings screen ``` ## **Screenshots/Recordings**  ### **Before**  ### **After**  https://github.com/user-attachments/assets/f878ecbf-25e1-4502-9cf2-fd7241e68d31 ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Low Risk** > UI/navigation presentation refactor limited to the Advanced Settings header; low risk aside from potential safe-area/layout regressions on that screen. > > **Overview** > **Advanced Settings now renders its own header** using inline `HeaderCompactStandard` (with back + title + top inset), instead of configuring the stack navbar via `navigationOptions`/`setOptions`. > > The `AdvancedSettings` stack screen is updated to always hide the navigator header (`headerShown: false`), and tests/snapshots are updated to validate the new header rendering and that pressing the back button calls `navigation.goBack()`. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9d07407. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).

> [!NOTE] > **Low Risk** > Translation-only updates in `locales/languages/de.json`; no logic changes, with low risk beyond potential missing/incorrect strings affecting UX. > > **Overview** > Updates German locale strings in `locales/languages/de.json`, translating many previously-English messages and refining existing wording across swaps/bridge, network management, QR/auth flows, rewards, and wallet dialogs. > > Adds new German strings for **new/expanded UI surfaces** including `market_insights`, `homepage` sections/errors, device authentication settings, malicious site warnings, fiat on-ramp modals, and MetaMask Card freeze/unfreeze and wallet provisioning copy. > > Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3f61259. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).  Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com>

runway-github Bot and others added 30 commits February 6, 2026 15:12

[skip ci] Bump version number to 3647

073739e

Revert "fix: iOS source map not being uploaded to bitrise (#25609)"

18fb541

This reverts commit e922e16.

[skip ci] Bump version number to 3652

a28dca3

[skip ci] Bump version number to 3654

c33c50b

Merge branch 'stable' into upd-765-stable

9f2e1e2

Merge branch 'upd-765-stable' into release/7.65.0

58f7a3d

[skip ci] Bump version number to 3663

b2f4535

[skip ci] Bump version number to 3665

25b8b2c

[skip ci] Bump version number to 3675

c91fd41

Merge branch 'stable' into release/7.65.0

6233634

[skip ci] Bump version number to 3678

f4e8402

[skip ci] Bump version number to 3682

07d0125

[skip ci] Bump version number to 3683

7dc7add

[skip ci] Bump version number to 3685

f0d1faf

[skip ci] Bump version number to 3686

5654abb

[skip ci] Bump version number to 3690

edec879

runway-github Bot and others added 27 commits February 12, 2026 22:16

[skip ci] Bump version number to 3711

8991b47

[skip ci] Bump version number to 3726

613662a

[skip ci] Bump version number to 3727

1623492

Revert "fix: MUL-1331 modify android manifest file for correct BLE lo…

f4c68b8

…cation permission. (#23759)" This reverts commit ddd333c.

[skip ci] Bump version number to 3747

24e48a9

bump semvar version to 7.65.1 && build version to 3761

a297959

revert version bump

f1d63d2

release: release/7.65.0-Changelog (#25735)

b57fd86

This PR updates the change log for 7.65.0. (Hotfix - no test plan generated.) --------- Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> Co-authored-by: João Loureiro <175489935+joaoloureirop@users.noreply.github.com>

feat: Fix for pull to refresh gesture bug

7d46ea3

Merge branch 'stable' into release/7.65.1

7bd9d79

Merge origin/main into stable-main-7.68.0

f8adcae

Merge branch 'main' into stable-main-7.68.0

1d9860e

pull Bot locked and limited conversation to collaborators Feb 23, 2026

pull Bot added the ⤵️ pull label Feb 23, 2026

pull Bot merged commit 9b792be into Reality2byte:main Feb 23, 2026
0 of 9 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pull] main from MetaMask:main#545

[pull] main from MetaMask:main#545
pull[bot] merged 65 commits into
Reality2byte:mainfrom
MetaMask:main

pull Bot commented Feb 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

14 participants

Conversation

pull Bot commented Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

14 participants

pull Bot commented Feb 23, 2026 •

edited

Loading