feat: solana wallet standard e2e

[baptiste-marchand]

Description

Adds E2E tests for Solana Wallet Standard following #15707

Related issues

Extension PR: MetaMask/metamask-extension#31989

Manual testing steps

1. In one terminal, run yarn setup:e2e && yarn setup && yarn watch
2. In another terminal, run MULTICHAIN=1 yarn test:e2e:ios:debug:build
3. Then in this second terminal: MULTICHAIN=1 yarn test:e2e:ios:debug:run e2e/specs/multichain/solana-wallet-standard/connect.spec.ts to run the connect.spec.ts test

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​tty-browserify@​0.0.1
	npm/​jsonify@​0.0.1
	npm/​json-stable-stringify@​1.3.0
	npm/​@​solana/​wallet-standard@​1.1.4
	npm/​@​solana/​wallet-standard-wallet-adapter@​1.1.4
	npm/​assert@​2.0.0 ⏵ 2.1.0	+1		+1
	npm/​@​solana/​wallet-standard-core@​1.1.2
	npm/​@​wallet-standard/​core@​1.1.1
	npm/​@​reown/​appkit-polyfills@​1.7.2
	npm/​os-browserify@​0.3.0
	npm/​@​walletconnect/​jsonrpc-http-connection@​1.0.8
	npm/​@​trezor/​connect-analytics@​1.3.3
	npm/​@​solana/​wallet-standard-wallet-adapter-react@​1.1.4
	npm/​@​particle-network/​crypto@​1.0.1
	npm/​@​solana/​wallet-adapter-wallets@​0.19.36
	npm/​@​trezor/​env-utils@​1.4.0
	npm/​@​particle-network/​analytics@​1.0.2
	npm/​@​solana/​wallet-adapter-walletconnect@​0.1.20
	npm/​@​trezor/​device-utils@​1.1.0
	npm/​bitcoin-ops@​1.4.1
	npm/​sodium-native@​4.3.3
	npm/​@​solana/​buffer-layout-utils@​0.2.0
See 270 more rows in the dashboard

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		npm/bigint-buffer@1.1.5 has a High CVE. CVE: GHSA-3gc7-fjrx-p6mg bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function (HIGH) Affected versions: <= 1.1.5 Patched version: No patched versions From: yarn.lock → npm/bigint-buffer@1.1.5 ℹ Read more on: This package | This alert | What is a CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bigint-buffer@1.1.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@metamask/test-dapp-solana@0.3.1 has Network access. Module: globalThis["fetch"] Location: Package overview From: package.json → npm/@metamask/test-dapp-solana@0.3.1 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@metamask/test-dapp-solana@0.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@reown/appkit-controllers@1.7.2 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@reown/appkit-controllers@1.7.2 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@reown/appkit-controllers@1.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@solana/kit@2.1.1 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@solana/kit@2.1.1 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@solana/kit@2.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@solana/rpc-transport-http@2.1.1 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@solana/rpc-transport-http@2.1.1 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@solana/rpc-transport-http@2.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@solana/web3.js@1.98.2 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@solana/web3.js@1.98.2 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@solana/web3.js@1.98.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@stellar/stellar-sdk@13.3.0 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@stellar/stellar-sdk@13.3.0 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@stellar/stellar-sdk@13.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/base-controllers@5.11.0 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@toruslabs/base-controllers@5.11.0 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/base-controllers@5.11.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/broadcast-channel@10.0.2 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@toruslabs/broadcast-channel@10.0.2 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/broadcast-channel@10.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/http-helpers@6.1.1 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@toruslabs/http-helpers@6.1.1 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/http-helpers@6.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/metadata-helpers@5.1.0 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@toruslabs/metadata-helpers@5.1.0 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/metadata-helpers@5.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/solana-embed@2.1.0 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@toruslabs/solana-embed@2.1.0 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/solana-embed@2.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@trezor/analytics@1.3.5 has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@trezor/analytics@1.3.5 ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/analytics@1.3.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 40 more rows in the dashboard

View full report

[github-actions]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 92fb423
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/cd9ac0ee-01f3-464a-8827-015e0d68a2cf

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

Tip

• Check the documentation if you have any doubts on how to understand the failure on bitrise

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud