-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent Broken ledger live for celo users #7622
base: develop
Are you sure you want to change the base?
Conversation
@aaronmgdr is attempting to deploy a commit to the LedgerHQ Team on Vercel. A member of the Team first needs to authorize it. |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
3 Skipped Deployments
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected] |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat are git dependencies?Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install. Publish the git dependency to npm or a private package repository and consume it from there. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
@@ -62,20 +62,6 @@ function readPackage(pkg, context) { | |||
addPeerDependencies("@storybook/addon-react-native-web", { | |||
webpack: "*", | |||
}), | |||
/* @celo/* packages */ | |||
addDependencies(/@celo\/(?!base)+/, { "@celo/base": `^${pkg.version}` }), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is no longer necessary and in fact breaks install as celo deps no longer locked together their versions
perplexed as to why in the ledger live environment calling toChecksumAddress results in eventually the @noble/hash library asserting that the Buffer of the address is a Uint8Array and (this is the crucial part) it gives false. whereas i can trace the same code path in a different environment and it will return true. I made an empty electron repo with just ContractKit as I thought it could be the differenc but received no issue. |
ba61f82
to
ef17b49
Compare
This fails because in JSDom Buffer does not inherit from Uint8Array. this causes a cascade of failures starting in @noble/hashes and bubbling up to web3.js Its a bit of a bummer. And im not sure of the best approach to fix it. As an alternative I played around with removing contractkit completely. But that too requires a bit more to get it working, and will change a substantial amount of files. So i wont do more on that just yet. |
@Wozacosta id love to talk more about how we can get this working. |
There as been no activity on this PR for the last 14 days. Please consider closing this PR. |
do not close this pr |
89b4ac0
to
6b46353
Compare
Hello @aaronmgdr, Also, the @celo packages that are being updated have this error message: Versions less than 5.1 are deprecated and will no longer be able to submit transactions to celo in a future hardfork |
@qperrot thanks for getting back. to be honest i had trouble understanding how to get the ledger system running. Hoping we can work together on this. It was tricky upgrade so far. As for the timeline mentioned. It is the same as the celo transition to L2. The Testnet was just upgraded today and the plan for celo mainnet is by end of year |
note probably https://github.com/LedgerHQ/ledger-live/blob/develop/libs/ledger-live-common/src/families/celo/hw-app-celo.ts needs to be updated. |
54baece
to
8b6f015
Compare
using the one from parent class the v from sig gets messed up
5014717
to
62aeb68
Compare
same as #8240 |
✅ Checklist
npx changeset
was attached.📝 Description
It is necessary to upgrade celo dependencies for ledger live to continue working with Celo once the Celo transition to Layer 2 happens. This is because early versions of celo blockchain used a custom transaction type and older versions of celo sdks only build transictions using this deprecated transaction format. However cel2 will not support this transaction format.
❓ Context
closes #7551
🧐 Checklist for the PR Reviewers