release: 13.20.1

.eslintrc.js

@@ -588,7 +588,7 @@ module.exports = {
       files: ['development/**/*.js', 'test/helpers/setup-helper.js'],
       rules: {
         'n/no-process-exit': 'off',
-        'n/shebang': 'off',
+        'n/hashbang': 'off',
       },
     },
     /**

.eslintrc.node.js

@@ -2,6 +2,16 @@ module.exports = {
   extends: ['@metamask/eslint-config-nodejs'],
   rules: {
     'n/no-process-env': 'off',
+    // eslint-plugin-n@17 started treating these browser globals as Node builtins
+    // and `n/hashbang` started flagging existing script headers in this repo.
+    // Keep prior behavior while we remain on the current shared config stack.
+    'n/no-unsupported-features/node-builtins': [
+      'error',
+      {
+        ignores: ['navigator', 'Navigator', 'localStorage'],
+      },
+    ],
+    'n/hashbang': 'off',
     // TODO: re-enable these rules
     'n/no-sync': 'off',
     'n/no-unpublished-import': 'off',

.yarnrc.yml

@@ -26,29 +26,6 @@ npmAuditIgnoreAdvisories:
   # We are ignoring this on April 24, 2025 to unblock CI, we will follow with a proper fix or confirmation this does not affect our users
   - 1104001
 
-  # Issue: `glob` vulnerability, already fixed in the version we're using (v10.5.0) but the
-  # advisory range hasn't been updated yet.
-  # URL: https://github.com/advisories/GHSA-5j98-mcp5-4vw2
-  - 1109809
-
-  # Issue: `body-parser` denial of service vulnerability
-  # Seemingly only impacts v2.2.0, but we're on v1. The advisory range is overly wide.
-  # The attack vector also does not apply to how we use the package.
-  # URL: https://github.com/advisories/GHSA-wqch-xfxh-vrr4
-  - 1110857
-
-  # Issue: ajv has ReDoS when using `$data` option
-  # A lot of our linting tooling relies on old versions of ajv, which proves hard to deal with
-  # For now, we are ignoring this to unblock CI
-  # URL: https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
-  - 1113214
-
-  # Issue: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
-  # Only affects dev/build-time dependencies (eslint-plugin-n, glob) — not shipped to users.
-  # URL: https://github.com/advisories/GHSA-3ppc-4f35-3m26
-  - 1113371
-  - 1113459
-
   ### Package Deprecations:
 
   # React-tippy brings in popper.js and react-tippy has not been updated in
@@ -104,3 +81,5 @@ npmPreapprovedPackages:
   - 'lavamoat-node'
   - 'lavamoat'
   - 'extension-port-stream'
+  # Temporary bypass for recent minimatch security patch; remove once older than age gate.
+  - 'minimatch'

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [13.20.1]
+
+### Fixed
+
+- Conditionally display delete account confirmation (#40502)
+
 ## [13.20.0]
 
 ### Added
@@ -1837,7 +1843,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - This changelog was split off with 12.22.0
 - All older changes can be found in [docs/CHANGELOG_older.md](https://github.com/MetaMask/metamask-extension/blob/main/docs/CHANGELOG_older.md)
 
-[Unreleased]: https://github.com/MetaMask/metamask-extension/compare/v13.20.0...HEAD
+[Unreleased]: https://github.com/MetaMask/metamask-extension/compare/v13.20.1...HEAD
+[13.20.1]: https://github.com/MetaMask/metamask-extension/compare/v13.20.0...v13.20.1
 [13.20.0]: https://github.com/MetaMask/metamask-extension/compare/v13.19.0...v13.20.0
 [13.19.0]: https://github.com/MetaMask/metamask-extension/compare/v13.18.1...v13.19.0
 [13.18.1]: https://github.com/MetaMask/metamask-extension/compare/v13.18.0...v13.18.1