Syncing develop with release branch for message system #15392

MiroslavProchazka · 2024-11-14T13:21:08Z

Description

Related Issue

Resolve

Screenshots:

…modals view

…orks

Co-authored-by: Miroslav Procházka <[email protected]>

github-actions · 2024-11-14T13:24:58Z

🚀 Expo preview is ready!

Project → trezor-suite-preview
Platforms → android, ios
Scheme → trezorsuitelite
Runtime Version → 10
More info

Learn more about 𝝠 Expo Github Action

socket-security · 2024-11-14T13:25:57Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Uses eval	npm/[email protected]	Eval Type: eval Location: Package overview	`packages/suite-desktop/package.json`	🚫

View full report↗︎

Next steps

What is dynamic code execution?

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

karliatto and others added 30 commits October 31, 2024 17:53

fix(connect): only device mode seedless for LoadDevice

18b5cbc

fix(connect-explorer): make it clear that debug fw is needed

580f3a9

fix(suite-native): device state migration

0bde39e

fix(suite-native): fix key for wallet rows

0f1c6d7

fix(suite-native): update gorhom bottom sheet to get rid of warning

a64091e

chore: add 'no-case-declarations' ESLint rule

855548f

chore(suite): update everstake lib

2023fa1

fix(utxo-lib): add types bn.js and events

7cc5397

chore: tests add text encoder, decoder polyfill

c31959e

chore: update solana lib

76519c7

chore(connect-plugin-ethereum): update @metamask/eth-sig-uti

8b922da

chore(connect-plugin-stellar): update @stellar/stellar-sdk

811b149

chore(connect): update @ethereumjs libs

2d6465f

chore: add 'import/no-duplicates' ESLint rule

8d8beba

chore: enable 'prefet-const' ESLint rule

ff5fe34

fix(suite-native): fix video selection for XPUB vs address hints

ec6f90c

feat(suite-native): ethereum send info messages

d380b96

fix(connect): loadDevice not-initialize method

e46c95e

fix(components, theme): decrease Backdrop z-index to fix overlapping …

61bb366

…modals view

feat(suite-native): send token drafts

edb743a

feat(components): move getAssetLogoUrl to asset-utils

dc58bc5

feat(suite-native): fetch token icons from trezor data using asset-utils

b8395a8

refactor(trade): history transactions

7bebae6

feat(trade): update last transaction heading

c8e3b2c

fix(trade): route between last transactions/detail and back

946653d

refactor(trade): routing in the section

e663cdd

test(trade): routing in the section

b4c4973

feat(trade): sort out transaction history

abd4f92

feat(trade): remove buy again button

4454a1e

fix(trade): improve routing

f9668c4

Nodonisko and others added 11 commits November 13, 2024 15:59

fix(mobile): update staking data on mobile (#15372)

7c2e781

chore: remove no-shadow from config as it is off anyway

5e69c7f

chore: reintroduce no-shadow in minimal form

763f9b5

fix(suite): backup check always resulting in error

ef38e3a

fix(suite): backup check for T1B1

4e914bc

fix(e2e): Switched firmware to 2-latest in onboarding tests

def5c07

chore(ci): only build node-bridge in the main repository

69c54e0

chore: add eslint-plugin-cypress

7db9cd6

test(transport-test): use 2-latest emu (main has some breaking change)

2b3b60b

fix(suite-native): only fetch token defs for supported portfolio netw…

4ba14fe

…orks

chore(message-system): warn about pos backend issues (#15382)

3771bd2

Co-authored-by: Miroslav Procházka <[email protected]>

MiroslavProchazka requested review from martykan, tsusanka, Nodonisko, a team, jvaclavik, adamhavel, szymonlesisz, karliatto, marekrjpolak, mroz22, matejkriz, komret, tomasklim and vdovhanych as code owners November 14, 2024 13:21

MiroslavProchazka changed the title ~~Test~~ Syncing develop with release branch for message system Nov 14, 2024

komret approved these changes Nov 14, 2024

View reviewed changes

komret merged commit e33d888 into release-message-system-production Nov 14, 2024
33 of 34 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Syncing develop with release branch for message system #15392

Syncing develop with release branch for message system #15392

MiroslavProchazka commented Nov 14, 2024

github-actions bot commented Nov 14, 2024

socket-security bot commented Nov 14, 2024

Syncing develop with release branch for message system #15392

Syncing develop with release branch for message system #15392

Conversation

MiroslavProchazka commented Nov 14, 2024

Description

Related Issue

Screenshots:

github-actions bot commented Nov 14, 2024

socket-security bot commented Nov 14, 2024

Next steps