Update eth-json-rpc-middleware from 6.0.0 to latest version

[jeongmincho]

Currently this repo uses an outdated version of the eth-json-rpc-middleware library as a dependency. This throws warnings regarding outdated dependencies and specifically causes an issue on Webpack 5 due to the middleware dependency's usage of the safe-event-emitter (requiring a node resolution of util) instead of the newer @metamask/safe-event-emitter.

[acolytec3]

Just to second this. This outdated version of eth-json-rpc-middleware depends on a very archaic version of a deprecated ethereumjs library (ethereumjs-abi) and references a github repo instead of an npm tarball that causes issues in a number of upstream consumers of eth-json-rpc-middleware as referenced by this thread. Would you accept a PR to bump this dependency (would likely require a breaking change).

See the dependency tree here

The bump from v4.2.2 to v5.0 in this library doesn't resolve this issue.

[mcmire]

Thanks for raising this issue. We're aware that this package uses some outdated dependencies. The main consumer of this package within our ecosystem is the codebase for our mobile app, which in general is a bit behind in terms of our JSON-RPC stack as compared with our extension codebase. What this means is that even if we upgrade this package, we would not be able to effectively test the upgrade in our stack (as it would introduce some breaking changes). We are working on upgrading the mobile app so that we can bring this package up to date, but in the meantime you may have better luck forking this repo, doing the upgrades yourself, and republishing this under your own scope. Sorry about that.

[acolytec3]

Thanks for raising this issue. We're aware that this package uses some outdated dependencies. The main consumer of this package within our ecosystem is the codebase for our mobile app, which in general is a bit behind in terms of our JSON-RPC stack as compared with our extension codebase. What this means is that even if we upgrade this package, we would not be able to effectively test the upgrade in our stack (as it would introduce some breaking changes). We are working on upgrading the mobile app so that we can bring this package up to date, but in the meantime you may have better luck forking this repo, doing the upgrades yourself, and republishing this under your own scope. Sorry about that.

I understand the suggestion but unfortunately that likely won't solve the issues referenced in the thread I linked since the root issue is a reference to a library we don't maintain anymore. For better or worse, there are several consumers of this library outside of the Metamask namespace (e.g. @coinbase/wallet-sdk) and in some cases (that I haven't been able to reproduce), their install process breaks because of the outdated dependency tree here so not sure there's anything we can do about it. I guess for now we'll just keep encouraging teams who land here to use the resolutions property in package.json to point to a non-broken version of ethereumjs-abi.

[mcmire]

Update: eth-json-rpc-middleware (now @metamask/eth-json-rpc-middleware) was upgraded to v9 in version 5.1.0, and the latest version (7.0.0) uses v12. ethereumjs-abi should no longer be in the dependency tree.