Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to the latest Trezor package deps #1653

Merged
merged 3 commits into from
Apr 20, 2023
Merged

Update to the latest Trezor package deps #1653

merged 3 commits into from
Apr 20, 2023

Conversation

Adamj1232
Copy link
Member

@Adamj1232 Adamj1232 commented Apr 20, 2023
edited
Loading

Description

Will alleviate #1652

Update to the latest Trezor package with a new naming pattern.
All initialization options remains along with functionality.
Docs: https://www.npmjs.com/package/@trezor/connect-web

Checklist

  • Increment the version field in package.json of the package you have made changes in following semantic versioning and using alpha release tagging
  • Check the box that allows repo maintainers to update this PR
  • Test locally to make sure this feature/fix works
  • Run yarn check-all to confirm there are not any associated errors
  • Confirm this PR passes Circle CI checks
  • Add or update relevant information in the documentation

Tests with demo app (SDK)

  • send transaction
  • sign message
  • disconnect

@Adamj1232 Adamj1232 requested a review from leightkt April 20, 2023 16:40
@vercel
Copy link

vercel bot commented Apr 20, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
web3-onboard-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 20, 2023 4:53pm

@Adamj1232 Adamj1232 marked this pull request as ready for review April 20, 2023 16:42
@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore blake-hash@2.0.0
🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Package Location Source
blake-hash@2.0.0 (added) binding.gyp package.json via @trezor/connect-web@9.0.8, packages/trezor/package.json via @trezor/connect-web@9.0.8
Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ⚠️ 1 issue
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
@trezor/connect-web@9.0.8 None +64 trezor-ci
@web3-onboard/trezor@2.3.3 None +0 cmeisl

leightkt
leightkt approved these changes Apr 20, 2023
View reviewed changes
Copy link
Contributor

@leightkt leightkt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a trezor wallet to test locally- but changes look good! Thanks for tackling this so quickly!

@Adamj1232 Adamj1232 merged commit b95b53c into develop Apr 20, 2023
@Adamj1232 Adamj1232 deleted the update/trezor_deps branch April 20, 2023 17:04
This was referenced Apr 20, 2023
Merged
Merged
Merged
@Hannsek
Copy link

Hannsek commented May 29, 2023

I don't have a trezor wallet to test locally

There is a Trezor emulator which you can use: https://github.com/trezor/trezor-user-env/

@Adamj1232
Copy link
Member Author

@Hannsek thank you for passing along the Trezor emulator, that's very helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leightkt leightkt leightkt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Adamj1232 @Hannsek @leightkt