Update @metamask/eth-sig-util to ^6

[mikesposito]

Description

This PR updates @metamask/eth-sig-util package to ^6, which includes a change on the normalize function that affects how empty strings and 0 inputs are treated, and since @metamask/eth-keyring-controller normalizes data passed to signPersonalMessage since v11, I think this change should be breaking also for @metamask/eth-keyring-controller.

Changes

• BREAKING: signPersonalMessage now normalizes msgParams.data in a different way for 0 and empty strings inputs.
  • 0 will be normalized to 0x00 and empty strings to 0x

References

• Related to #1315

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation for new or updated code as appropriate (note: this will usually be JSDoc)
• I've highlighted breaking changes using the "BREAKING" category above as appropriate

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@metamask/eth-sig-util	6.0.0	None	+0	150 kB	metamaskbot

[Gudahtt]

LGTM!

[Gudahtt]

Though... is this breaking? I can see that it's called a lot with the address parameter, but that's intended to be an address. I'm not sure any of these methods worked in the first place if an empty string or zero was passed in. And certainly MetaMask would never pass in either of those, we don't let RPC calls get to the keyring until after verifying the address.

I guess for it's uses on addresses, it's breaking only due to a lack of expressive types/validation prior to this, but not in a way that impacts us.

The only exception to that is for the personal sign method. In that case, we use this normalize function for the data as well. Again the expectation seems clear that it's meant to be a hex string, but this might affect "empty" personal sign signatures potentially.