Skip to content

feat(keyring-eth-trezor): bump @trezor/connect-web to 9.6.0 to support new flow#300

Merged
dawnseeker8 merged 6 commits into
mainfrom
feat/trezor-connect-upgrade
Jul 3, 2025
Merged

feat(keyring-eth-trezor): bump @trezor/connect-web to 9.6.0 to support new flow#300
dawnseeker8 merged 6 commits into
mainfrom
feat/trezor-connect-upgrade

Conversation

@dawnseeker8

Copy link
Copy Markdown
Contributor

This PR will upgrade trezor/connect-web library based on trezor team suggestion. please refer to plan https://github.com/MetaMask/accounts-planning/issues/936 for details.

This PR will add a appName parameter to manifest to initialise TrezorSDK.

Examples

@dawnseeker8 dawnseeker8 requested review from a team as code owners June 23, 2025 10:06
@dawnseeker8 dawnseeker8 added the team-hardware-wallets This should be handled by the Hardware Wallets Team label Jun 23, 2025
@socket-security

socket-security Bot commented Jun 23, 2025

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedagent-base@​7.1.1 ⏵ 7.1.3100 +110090 +178100
Updatedsocks-proxy-agent@​8.0.4 ⏵ 8.0.59910083 +180100
Addedchalk@​5.4.110010010080100
Updated@​trezor/​connect-web@​9.4.7 ⏵ 9.6.19910092 +199 +190

View full report

@socket-security

socket-security Bot commented Jun 23, 2025

Copy link
Copy Markdown

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

  • urijs@1.19.11
  • eventsource@2.0.2
  • eventemitter3@5.0.1
  • base32.js@0.1.0
  • fastestsmallesttextencoderdecoder@1.0.22
  • toml@3.0.0
  • ripple-address-codec@5.0.0
  • ripple-keypairs@2.0.0
  • @xrplf/secret-numbers@1.0.0
  • is-retry-allowed@3.0.0
  • @xrplf/isomorphic@1.0.1
  • @stellar/js-xdr@3.1.2
  • bare-path@3.0.0
  • @scure/base@1.1.9
  • feaxios@0.0.23
  • detect-europe-js@0.1.2
  • is-standalone-pwa@0.1.1
  • ua-is-frozen@0.1.2
  • @types/node-fetch@2.6.12
  • bare-semver@1.0.1
  • chalk@5.4.1
  • commander@13.1.0
  • require-addon@1.1.0
  • sodium-native@4.3.3
  • @solana-program/system@0.7.0
  • bare-os@3.6.1
  • bare-addon-resolve@1.9.4
  • @stellar/stellar-base@13.1.0
  • @stellar/stellar-sdk@13.3.0
  • @noble/curves@1.9.0
  • @scure/bip32@1.7.0
  • @scure/bip39@1.6.0
  • bare-url@2.1.6
  • @noble/ciphers@1.3.0
  • ethereum-cryptography@3.2.0
  • @ethereumjs/rlp@10.0.0
  • @ethereumjs/util@10.0.0
  • @ethereumjs/common@10.0.0
  • @ethereumjs/tx@10.0.0
  • @solana/codecs-core@2.1.1
  • @solana/errors@2.1.1
  • @solana/codecs-numbers@2.1.1
  • @solana/codecs-strings@2.1.1
  • @solana/nominal-types@2.1.1
  • @solana/codecs-data-structures@2.1.1
  • @solana/kit@2.1.1
  • @solana/sysvars@2.1.1
  • @solana/addresses@2.1.1
  • @solana/codecs@2.1.1
  • @solana/accounts@2.1.1
  • @solana/functional@2.1.1
  • @solana/instructions@2.1.1
  • @solana/rpc-parsed-types@2.1.1
  • @solana/keys@2.1.1
  • @solana/rpc@2.1.1
  • @solana/programs@2.1.1
  • @solana/rpc-spec-types@2.1.1
  • @solana/rpc-types@2.1.1
  • @solana/rpc-subscriptions@2.1.1
  • @solana/signers@2.1.1
  • @solana/transaction-confirmation@2.1.1
  • @solana/transaction-messages@2.1.1
  • @solana/transactions@2.1.1
  • @solana/options@2.1.1
  • @solana/rpc-spec@2.1.1
  • @solana/assertions@2.1.1
  • @solana/rpc-api@2.1.1
  • @solana/fast-stable-stringify@2.1.1
  • @solana/rpc-transformers@2.1.1
  • @solana/rpc-transport-http@2.1.1
  • @solana/promises@2.1.1
  • @solana/rpc-subscriptions-api@2.1.1
  • @solana/rpc-subscriptions-spec@2.1.1
  • @solana/rpc-subscriptions-channel-websocket@2.1.1
  • @solana/subscribable@2.1.1
  • @solana-program/stake@0.2.1
  • @trezor/crypto-utils@1.1.3
  • bare-module-resolve@1.11.1
  • @scure/base@1.2.6
  • @solana-program/token-2022@0.4.2
  • @solana-program/compute-budget@0.8.0
  • xrpl@4.3.0
  • axios@1.10.0
  • ripple-binary-codec@2.4.1
  • @trezor/device-utils@1.1.1
  • @trezor/websocket-client@1.2.1
  • undici-types@7.11.0
  • @emurgo/cardano-serialization-lib-nodejs@13.2.0
  • socks-proxy-agent@8.0.5
  • agent-base@7.1.3
  • @fivebinaries/coin-selection@3.0.0
  • @emurgo/cardano-serialization-lib-browser@13.2.1
  • @types/web@0.0.197
  • @solana-program/token@0.5.1
  • long@5.2.5
  • @trezor/schema-utils@1.3.3
  • ua-parser-js@2.0.4
  • @trezor/utils@9.4.1
  • @trezor/connect@9.6.1
  • @trezor/blockchain-link@2.5.1
  • @trezor/blockchain-link-types@1.4.1
  • @trezor/blockchain-link-utils@1.4.1
  • @trezor/connect-analytics@1.3.4
  • @trezor/connect-common@0.4.1
  • @trezor/protobuf@1.4.1
  • @trezor/protocol@1.2.7
  • @trezor/transport@1.5.1
  • @trezor/type-utils@1.1.7
  • @trezor/utxo-lib@2.4.1
  • @trezor/env-utils@1.4.1
  • @trezor/analytics@1.4.1
  • @trezor/connect-web@9.6.1

View full report

@dawnseeker8 dawnseeker8 changed the title feat: Update Trezor/connect-web to 9.6.0 to support the new flow. Feat: Update Trezor/connect-web to 9.6.0 to support the new flow. Jun 23, 2025
@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@metamaskbot publish-preview

- Updated versions for several packages including `@noble/curves`, `@scure/base`, `bignumber.js`, `bn.js`, `chalk`, `long`, `socks-proxy-agent`, and `ws`.
- Removed obsolete entries and consolidated version specifications for better clarity and maintenance.
@github-actions

Copy link
Copy Markdown

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/keyring-api": "18.0.0-2e92e3c",
  "@metamask-previews/eth-hd-keyring": "12.1.0-2e92e3c",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.0-2e92e3c",
  "@metamask-previews/eth-simple-keyring": "10.0.0-2e92e3c",
  "@metamask-previews/eth-trezor-keyring": "8.0.0-2e92e3c",
  "@metamask-previews/keyring-internal-api": "6.2.0-2e92e3c",
  "@metamask-previews/keyring-internal-snap-client": "4.1.0-2e92e3c",
  "@metamask-previews/eth-snap-keyring": "13.0.0-2e92e3c",
  "@metamask-previews/keyring-snap-client": "5.0.0-2e92e3c",
  "@metamask-previews/keyring-snap-sdk": "4.0.0-2e92e3c",
  "@metamask-previews/keyring-utils": "3.0.0-2e92e3c"
}

@dawnseeker8 dawnseeker8 changed the title Feat: Update Trezor/connect-web to 9.6.0 to support the new flow. feat Update Trezor/connect-web to 9.6.0 to support the new flow. Jun 23, 2025
@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@metamaskbot publish-preview

@dawnseeker8 dawnseeker8 changed the title feat Update Trezor/connect-web to 9.6.0 to support the new flow. feat: update Trezor/connect-web to 9.6.0 to support the new flow. Jun 23, 2025
@github-actions

Copy link
Copy Markdown

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.
{
  "@metamask-previews/keyring-api": "18.0.0-c8d2139",
  "@metamask-previews/eth-hd-keyring": "12.1.0-c8d2139",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.0-c8d2139",
  "@metamask-previews/eth-simple-keyring": "10.0.0-c8d2139",
  "@metamask-previews/eth-trezor-keyring": "8.0.0-c8d2139",
  "@metamask-previews/keyring-internal-api": "6.2.0-c8d2139",
  "@metamask-previews/keyring-internal-snap-client": "4.1.0-c8d2139",
  "@metamask-previews/eth-snap-keyring": "13.0.0-c8d2139",
  "@metamask-previews/keyring-snap-client": "5.0.0-c8d2139",
  "@metamask-previews/keyring-snap-sdk": "4.0.0-c8d2139",
  "@metamask-previews/keyring-utils": "3.0.0-c8d2139"
}

owencraston
owencraston previously approved these changes Jun 25, 2025

@ccharly ccharly left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that:

is not passing the CI, we should focus on this and see if that new minor version breaks anything within our Trezor support first.

@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore-all

I have reviewed all this blocker alert and confirm that those network access code is required to talked to Trezor connect website to complete the functionality.

@dawnseeker8 dawnseeker8 requested a review from ccharly July 3, 2025 03:29
@dawnseeker8

Copy link
Copy Markdown
Contributor Author

I see that:

is not passing the CI, we should focus on this and see if that new minor version breaks anything within our Trezor support first.

@ccharly the pipeline in extension pr has been fixed and all green now. feel free to review again.

@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore npm/@solana/nominal-types@2.1.1

@SocketSecurity ignore npm/@solana/nominal-types@2.1.1

@dawnseeker8

Copy link
Copy Markdown
Contributor Author

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Block Low
@solana/nominal-types@2.1.1 has a New author.
View full report

@SocketSecurity ignore npm/@solana/nominal-types@2.1.1

@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore npm/@solana/nominal-types@2.1.1

@ccharly

ccharly commented Jul 3, 2025

Copy link
Copy Markdown
Contributor

@SocketSecurity ignore npm/@solana/nominal-types@2.1.1

It's ok, new author is @solana-devs which is the author of many other Solana packages.

@ccharly ccharly changed the title feat: update Trezor/connect-web to 9.6.0 to support the new flow. feat(keyring-eth-trezor): bump @trezor/connect-web to 9.6.0 to support new flow Jul 3, 2025
ccharly
ccharly previously approved these changes Jul 3, 2025

@ccharly ccharly left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and I checked that e2e were passing on the extension side:

Comment thread packages/keyring-eth-trezor/package.json Outdated
ccharly
ccharly previously approved these changes Jul 3, 2025
Comment thread .syncpackrc Outdated

@ccharly ccharly left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM

@dawnseeker8

Copy link
Copy Markdown
Contributor Author

@SocketSecurity ignore-all

@dawnseeker8 dawnseeker8 added this pull request to the merge queue Jul 3, 2025
@ccharly

ccharly commented Jul 3, 2025

Copy link
Copy Markdown
Contributor

@SocketSecurity ignore-all

Analysis is here: #300 (comment)

Merged via the queue into main with commit 9f37ef0 Jul 3, 2025
32 checks passed
@dawnseeker8 dawnseeker8 deleted the feat/trezor-connect-upgrade branch July 3, 2025 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

team-hardware-wallets This should be handled by the Hardware Wallets Team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants