Prevent Broken ledger live for celo users #7622
Conversation
live-github-bot
bot
added
common
|
@aaronmgdr is attempting to deploy a commit to the LedgerHQ Team on Vercel. A member of the Team first needs to authorize it. |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
3 Skipped Deployments
|
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected], npm/@celo/[email protected] |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat are git dependencies?Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install. Publish the git dependency to npm or a private package repository and consume it from there. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
| @@ -62,20 +62,6 @@ function readPackage(pkg, context) { | |||
| addPeerDependencies("@storybook/addon-react-native-web", { | |||
| webpack: "*", | |||
| }), | |||
| /* @celo/* packages */ | |||
| addDependencies(/@celo\/(?!base)+/, { "@celo/base": `^${pkg.version}` }), | |||
There was a problem hiding this comment.
this is no longer necessary and in fact breaks install as celo deps no longer locked together their versions
|
perplexed as to why in the ledger live environment calling toChecksumAddress results in eventually the @noble/hash library asserting that the Buffer of the address is a Uint8Array and (this is the crucial part) it gives false. whereas i can trace the same code path in a different environment and it will return true. I made an empty electron repo with just ContractKit as I thought it could be the differenc but received no issue. |
aaronmgdr
force-pushed
the
chore/celo-upgrade
branch
from
ba61f82
to
ef17b49
Compare
|
This fails because in JSDom Buffer does not inherit from Uint8Array. this causes a cascade of failures starting in @noble/hashes and bubbling up to web3.js Its a bit of a bummer. And im not sure of the best approach to fix it. As an alternative I played around with removing contractkit completely. But that too requires a bit more to get it working, and will change a substantial amount of files. So i wont do more on that just yet. |
|
@Wozacosta id love to talk more about how we can get this working. |
|
There as been no activity on this PR for the last 14 days. Please consider closing this PR. |
|
do not close this pr |
aaronmgdr
changed the title
aaronmgdr
force-pushed
the
chore/celo-upgrade
branch
from
89b4ac0
to
6b46353
Compare
|
Hello @aaronmgdr, Also, the @celo packages that are being updated have this error message: Versions less than 5.1 are deprecated and will no longer be able to submit transactions to celo in a future hardfork |
@qperrot thanks for getting back. to be honest i had trouble understanding how to get the ledger system running. Hoping we can work together on this. It was tricky upgrade so far. As for the timeline mentioned. It is the same as the celo transition to L2. The Testnet was just upgraded today and the plan for celo mainnet is by end of year |
|
note probably https://github.com/LedgerHQ/ledger-live/blob/develop/libs/ledger-live-common/src/families/celo/hw-app-celo.ts needs to be updated. |
aaronmgdr
force-pushed
the
chore/celo-upgrade
branch
from
54baece
to
8b6f015
Compare
using the one from parent class the v from sig gets messed up
aaronmgdr
force-pushed
the
chore/celo-upgrade
branch
from
5014717
to
62aeb68
Compare
|
same as #8240 |
✅ Checklist
npx changesetwas attached.📝 Description
It is necessary to upgrade celo dependencies for ledger live to continue working with Celo once the Celo transition to Layer 2 happens. This is because early versions of celo blockchain used a custom transaction type and older versions of celo sdks only build transictions using this deprecated transaction format. However cel2 will not support this transaction format.
❓ Context
closes #7551
🧐 Checklist for the PR Reviewers