Upgrade trezor/connect-web package and reactivate it in yarn audit #30851
Labels
Comments
chloeYue
changed the title
9 tasks
github-merge-queue bot
pushed a commit
that referenced
this issue
Mar 7, 2025
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
We temporarily ignore the `'@trezor/connect-web` audit failure to
unblock ci, as upgrading to the new version breaks the webpack build.
```
└─ @trezor/connect-web
├─ ID: @trezor/connect-web (deprecation)
├─ Issue: This version is no longer supported
├─ Severity: moderate
├─ Vulnerable Versions: 9.4.7
│
├─ Tree Versions
│ └─ 9.4.7
│
└─ Dependents
└─ metamask-crx@workspace:.
```
[This
issue](#30851) is
created in order to upgrade to the latest version and remove the entry
from the ignore list.
[](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Check yarn audit gh action
## **Screenshots/Recordings**
### Before
### After
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---------
Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
MajorLift
pushed a commit
that referenced
this issue
Mar 7, 2025
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
We temporarily ignore the `'@trezor/connect-web` audit failure to
unblock ci, as upgrading to the new version breaks the webpack build.
```
└─ @trezor/connect-web
├─ ID: @trezor/connect-web (deprecation)
├─ Issue: This version is no longer supported
├─ Severity: moderate
├─ Vulnerable Versions: 9.4.7
│
├─ Tree Versions
│ └─ 9.4.7
│
└─ Dependents
└─ metamask-crx@workspace:.
```
[This
issue](#30851) is
created in order to upgrade to the latest version and remove the entry
from the ignore list.
[](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Check yarn audit gh action
## **Screenshots/Recordings**
### Before
### After
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---------
Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
14 tasks
MajorLift
pushed a commit
that referenced
this issue
Mar 7, 2025
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
We temporarily ignore the `'@trezor/connect-web` audit failure to
unblock ci, as upgrading to the new version breaks the webpack build.
```
└─ @trezor/connect-web
├─ ID: @trezor/connect-web (deprecation)
├─ Issue: This version is no longer supported
├─ Severity: moderate
├─ Vulnerable Versions: 9.4.7
│
├─ Tree Versions
│ └─ 9.4.7
│
└─ Dependents
└─ metamask-crx@workspace:.
```
[This
issue](#30851) is
created in order to upgrade to the latest version and remove the entry
from the ignore list.
[](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Check yarn audit gh action
## **Screenshots/Recordings**
### Before
### After
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---------
Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
MajorLift
added a commit
that referenced
this issue
Mar 7, 2025
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
We temporarily ignore the `'@trezor/connect-web` audit failure to
unblock ci, as upgrading to the new version breaks the webpack build.
```
└─ @trezor/connect-web
├─ ID: @trezor/connect-web (deprecation)
├─ Issue: This version is no longer supported
├─ Severity: moderate
├─ Vulnerable Versions: 9.4.7
│
├─ Tree Versions
│ └─ 9.4.7
│
└─ Dependents
└─ metamask-crx@workspace:.
```
[This
issue](#30851) is
created in order to upgrade to the latest version and remove the entry
from the ignore list.
[](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Check yarn audit gh action
## **Screenshots/Recordings**
### Before
### After
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---------
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->
[](https://codespaces.new/MetaMask/metamask-extension/pull/30859?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Go to this page...
2.
3.
## **Screenshots/Recordings**
<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->
### **Before**
<!-- [screenshots/recordings] -->
### **After**
<!-- [screenshots/recordings] -->
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
Co-authored-by: seaona <54408225+seaona@users.noreply.github.com>
Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
danjm
pushed a commit
that referenced
this issue
Mar 11, 2025
](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/30859?quickstart=1){kind=link}
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->
## **Description**
We temporarily ignore the `'@trezor/connect-web` audit failure to
unblock ci, as upgrading to the new version breaks the webpack build.
```
└─ @trezor/connect-web
├─ ID: @trezor/connect-web (deprecation)
├─ Issue: This version is no longer supported
├─ Severity: moderate
├─ Vulnerable Versions: 9.4.7
│
├─ Tree Versions
│ └─ 9.4.7
│
└─ Dependents
└─ metamask-crx@workspace:.
```
[This
issue](#30851) is
created in order to upgrade to the latest version and remove the entry
from the ignore list.
[](https://codespaces.new/MetaMask/metamask-extension/pull/30850?quickstart=1)
## **Related issues**
Fixes:
## **Manual testing steps**
1. Check yarn audit gh action
## **Screenshots/Recordings**
### Before
### After
## **Pre-merge author checklist**
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
## **Pre-merge reviewer checklist**
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
---------
Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is this about?
We have deactivated the yarn audit check for
trezor/connect-webpackage, because updating this package breaks the webpack build.We need to find a way to safely upgrade to the new version without breaking the webpack build
Related slack discussion: https://consensys.slack.com/archives/CTQAGKY5V/p1741276386883729
Related PR to ignore the audit check: #30850
Scenario
No response
Design
No response
Technical Details
No response
Threat Modeling Framework
No response
Acceptance Criteria
No response
Stakeholder review needed before the work gets merged
References
No response
The text was updated successfully, but these errors were encountered: