Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update Trezor Connect to v9.4.0, remove workarounds #27112

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

chore: update Trezor Connect to v9.4.0, remove workarounds #27112

wants to merge 1 commit into from
+291 −354

Conversation

vthomas13
Copy link
Contributor

@vthomas13 vthomas13 commented Sep 12, 2024
edited
Loading

This PR includes changes from PR #26749 by @martykan.

Description

With MV3, MetaMask started to use Trezor Connect inside an offscreen environment, in a way that was previously unsupported and required a workaround by patching the Trezor Connect library.

In recent versions of Trezor Connect, the library can handle working in an offscreen environment correctly, without the need for the workaround, which could cause issues with compatibility.

This PR removes the patch and updates the Trezor Connect library to the latest version (v9.4.0).
The change in manifest.json is due to new URL parameters, Firefox needs the asterisk at the end to match the URL with them.
I haven't removed the WebUSB device request which was added on MetaMask's side in relation to the workaround, since it can improve UX of the pairing process, but it could be removed if desired.

The dependency update affects Lavamoat, I am including the policy changes in my commit, however let me know if you would like me to remove them and handle them using your own process.

Open in GitHub Codespaces

Related issues

Fixes:

Manual testing steps

  1. Open accounts dropdown, "Add hardware wallet"
  2. Select Trezor
  3. Follow prompts to connect the device
  4. See a list of accounts from the Trezor

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@vthomas13 vthomas13 requested review from a team as code owners September 12, 2024 18:14
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@socket-security Socket Security
Copy link

socket-security bot commented Sep 12, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/[email protected] None 0 489 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 52.4 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 506 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 63.7 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 160 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 114 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 106 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 14.1 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 58.5 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 11.8 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 1.89 MB nicolo-ribaudo
npm/@babel/[email protected] None 0 70 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 69.7 kB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected] None 0 107 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 200 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 90.8 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 248 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 70.4 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 728 kB nicolo-ribaudo
npm/@babel/[email protected] environment 0 2.48 MB nicolo-ribaudo
npm/@emurgo/[email protected] eval 0 3.35 MB lisicky_emurgo
npm/@emurgo/[email protected] eval, filesystem 0 3.35 MB lisicky_emurgo
npm/@fivebinaries/[email protected] None 0 149 kB slowbackspace
npm/@mobily/[email protected] None 0 381 kB mobily
npm/@sinclair/[email protected] None 0 536 kB sinclair
npm/@solana/[email protected] None 0 197 kB steveluscher
npm/@solana/[email protected] network 0 10.9 MB lorisleiva
npm/@trezor/[email protected] network 0 14 kB trezor-ci
npm/@trezor/[email protected] None 0 56.3 kB trezor-ci
npm/@trezor/[email protected] network 0 58.4 kB trezor-ci
npm/@trezor/[email protected] None 0 213 kB trezor-ci
npm/@trezor/[email protected] environment 0 5.41 kB trezor-ci
npm/@trezor/[email protected] None 0 180 kB trezor-ci
npm/@trezor/[email protected] None 0 93.8 kB trezor-ci
npm/@trezor/[email protected] filesystem 0 1.41 MB trezor-ci
npm/@trezor/[email protected] environment 0 17.7 kB trezor-ci
npm/@trezor/[email protected] None 0 1.09 MB trezor-ci
npm/@trezor/[email protected] None 0 11.8 kB trezor-ci
npm/@trezor/[email protected] None 0 38.7 kB trezor-ci
npm/@trezor/[email protected] network 0 165 kB trezor-ci
npm/@trezor/[email protected] None 0 2.89 kB trezor-ci
npm/@trezor/[email protected] None 0 64.2 kB trezor-ci
npm/@trezor/[email protected] None 0 234 kB trezor-ci
npm/@types/[email protected] None 0 8.92 kB types
npm/@types/[email protected] None 0 1.36 MB types
npm/[email protected] network 0 43.7 kB fengmk2
npm/[email protected] None 0 1.56 MB ealmansi
npm/[email protected] None 0 164 kB peterolson
npm/[email protected] None 0 55.7 kB no2chem
npm/[email protected] None 0 7.79 kB dcousens
npm/[email protected] None 0 4.38 kB dcousens
npm/[email protected] None 0 410 kB fanatid
npm/[email protected] None 0 156 kB dcposch
npm/[email protected] None 0 34.6 kB volovyk-s
npm/[email protected] None 0 110 kB ealmansi
npm/[email protected] filesystem, shell 0 62.4 kB abetomo
npm/[email protected] None 0 11.2 kB sindresorhus
npm/[email protected] None 0 315 kB stefanpenner
npm/[email protected] None 0 7.76 kB digitaldesignlabs
npm/[email protected] None 0 14 kB indexzero
npm/[email protected] None 0 125 kB nickyout
npm/[email protected] None 0 3.66 kB dead_horse
npm/[email protected] None 0 22.2 kB kawanet
npm/[email protected] network 0 162 kB tedeh
npm/[email protected] None 0 32 kB mathias
npm/[email protected] None 0 75.6 kB tdegrunt
npm/[email protected] None 0 422 kB kkoopa
npm/[email protected] None 0 4.28 kB dcousens
npm/[email protected] None 0 47.4 kB jst5000
npm/[email protected] None 0 1.1 MB jst5000
npm/[email protected] None 0 24.4 kB jst5000
npm/[email protected] None 0 147 kB intelliot
npm/[email protected] network 0 4.9 MB intelliot
npm/[email protected] None 0 79.4 kB arv
npm/[email protected] None 0 1.1 MB junderw
npm/[email protected] None 0 354 kB sindresorhus
npm/[email protected] None 0 19.1 kB dcousens
npm/[email protected] None 0 112 kB faisalman
npm/[email protected] None 0 6.9 MB thegecko
npm/[email protected] None 0 5.49 kB junderw
npm/[email protected] None 0 4.67 kB junderw
npm/[email protected] environment, network 0 147 kB lpinca

🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@sinclair/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Sep 12, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/[email protected], npm/[email protected], npm/@solana/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/@solana/[email protected], npm/@trezor/[email protected], npm/@trezor/[email protected], npm/@trezor/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@metamaskbot
Copy link
Collaborator

Builds ready [e3aa795]
Page Load Metrics (1516 ± 98 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint22522941391419201
domContentLoaded13562191149718991
load13642283151620498
domInteractive195731136
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@metamaskbot
Copy link
Collaborator

Builds ready [34f33b3]
Page Load Metrics (1805 ± 132 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint22527371727446214
domContentLoaded139626811776278133
load144826901805275132
domInteractive127528147
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@codecov Codecov
Copy link

codecov bot commented Sep 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.95%. Comparing base (9459903) to head (9ce641e).

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop   #27112   +/-   ##
========================================
  Coverage    69.95%   69.95%           
========================================
  Files         1441     1441           
  Lines        50099    50099           
  Branches     14007    14007           
========================================
  Hits         35046    35046           
  Misses       15053    15053

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@vthomas13 vthomas13 force-pushed the marty-trezor-update branch 3 times, most recently from 8804fcc to 60175c2 Compare September 13, 2024 16:26
@danjm
Copy link
Contributor

danjm commented Sep 13, 2024

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

Policies updated

@vthomas13
Copy link
Contributor Author

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

No policy changes

@metamaskbot
Copy link
Collaborator

Builds ready [a840f33]
Page Load Metrics (1727 ± 72 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint22222241521553265
domContentLoaded15102215171515373
load15232224172715172
domInteractive1310235199
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 16, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@metamaskbot
Copy link
Collaborator

Builds ready [9ce641e]
Page Load Metrics (1751 ± 154 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint20924261344659316
domContentLoaded143424591736317152
load144324661751320154
domInteractive1998382010
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@legobeat legobeat mentioned this pull request Sep 17, 2024
Open
7 tasks
@danjm
Copy link
Contributor

danjm commented Sep 19, 2024

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

No policy changes

@metamaskbot
Copy link
Collaborator

Builds ready [8094f79]
Page Load Metrics (1844 ± 180 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint151932551841369177
domContentLoaded151231151812346166
load152032771844375180
domInteractive13187473718
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@vthomas13
Copy link
Contributor Author

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

Builds ready [b0def90]
Page Load Metrics (1940 ± 131 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint20428061705654314
domContentLoaded162627981918271130
load163428081940273131
domInteractive179642209
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@vthomas13
Copy link
Contributor Author

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

No policy changes

@metamaskbot
Copy link
Collaborator

Builds ready [b88206c]
Page Load Metrics (1761 ± 94 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint31823781633439211
domContentLoaded15032357174119091
load15112377176119694
domInteractive186939157
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@metamaskbot
Copy link
Collaborator

Builds ready [588ba2b]
Page Load Metrics (1756 ± 45 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint1629194217538641
domContentLoaded1621193317288943
load1629194217569345
domInteractive23122452211
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@metamaskbot
Copy link
Collaborator

Builds ready [725caae]
Page Load Metrics (1967 ± 142 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint164830281988312150
domContentLoaded162127081938274132
load163228761967295142
domInteractive247642178
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@danjm
Copy link
Contributor

danjm commented Oct 3, 2024

@SocketSecurity ignore npm/[email protected]

@vthomas13
Copy link
Contributor Author

@SocketSecurity ignore npm/[email protected] npm/@solana/[email protected]
Verified these authors as members of other open source projects

@vthomas13
Copy link
Contributor Author

@SocketSecurity ignore npm/[email protected] npm/[email protected] npm/[email protected] npm/[email protected]

npm/[email protected]: it's a widely used library to improve HTTP/HTTPS performance by maintaining persistent connections.
npm/[email protected]: the fallback mechanism ensures the non-native version can still be used in case of an issue with the native code
npm/[email protected]: it's a stable release, but the library is deprecated, so it's good to migrate to xrpl.js as Socket suggests.
npm/[email protected]: It's a cryptographic library, and they usually use native code for performance reasons. However native-code can lead to platform-specific vulnerabilities. It's used in trezor's utxo-lib package

@vthomas13
Copy link
Contributor Author

@SocketSecurity ignore npm/[email protected] npm/[email protected] npm/[email protected] npm/@solana/[email protected] npm/@trezor/[email protected]

npm/[email protected]: Verified the new author as a member of other open source projects
npm/[email protected], npm/[email protected], npm/@solana/[email protected], npm/@trezor/[email protected]: These are not used in trezor/connect-web, which is what we import.

@vthomas13
Copy link
Contributor Author

@SocketSecurity ignore npm/@trezor/[email protected] npm/@trezor/[email protected]
npm/@trezor/[email protected], npm/@trezor/[email protected]: These are not used in trezor/connect-web, which is what we import.

@vthomas13 vthomas13 force-pushed the marty-trezor-update branch 2 times, most recently from 145a9aa to ba14308 Compare October 7, 2024 14:48
@metamaskbot
Copy link
Collaborator

Builds ready [ba14308]
Page Load Metrics (1991 ± 112 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint30926161913434208
domContentLoaded165126051963235113
load169926301991233112
domInteractive28194644923
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@vthomas13 vthomas13 requested a review from a team October 9, 2024 14:13
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@metamaskbot
Copy link
Collaborator

Builds ready [fd765ae]
Page Load Metrics (1871 ± 95 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint16362300187020096
domContentLoaded16212291184318991
load16292299187119895
domInteractive247644157
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 5.55 KiB (0.07%)

@vthomas13 vthomas13 added this pull request to the merge queue Oct 10, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 10, 2024
@vthomas13 vthomas13 added this pull request to the merge queue Oct 10, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danjm danjm danjm approved these changes

@mikesposito mikesposito mikesposito approved these changes

Assignees
No one assigned
Labels
team-extension-platform
Projects
PR review queue
Status: Review finalised - Ready to be merged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vthomas13 @metamaskbot @danjm @mikesposito