chore(deps): bump @metamask/eth-trezor-keyring to ^6.0.0

[mikesposito]

Description

This PR bumps @metamask/eth-trezor-keyring from ^3.1.3 to ^6.0.0.

## [6.0.0]

### Added

- **BREAKING:** Add ESM build ([#40](https://github.com/MetaMask/accounts/pull/40))
  - It's no longer possible to import files from `./dist` directly.

## [5.0.0]

### Changed

- **BREAKING**: Bump `@metamask/eth-sig-util` dependency from `^7.0.3` to `^8.0.0` ([#79](https://github.com/MetaMask/accounts/pull/79))
  - `signTypedData` no longer support `number` for addresses, see [here](https://github.com/MetaMask/eth-sig-util/blob/main/CHANGELOG.md#800).

## [4.0.0]

### Changed

- **BREAKING**: `addAccounts` will now only return newly created accounts ([#64](https://github.com/MetaMask/accounts/pull/64))
  - This keyring was initially returning every accounts (previous and new ones), which is different from what is expected in the [`Keyring` interface].(https://github.com/MetaMask/utils/blob/v9.2.1/src/keyring.ts#L65)

Related issues

Fixes:

Manual testing steps

These changes directly impact Trezor devices:

1. Add one or more Trezor accounts
2. Sign message
3. Sign typed data
4. Sign transaction
5. Remove Trezor accounts

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@metamask/eth-trezor-keyring@6.0.0	None	0	160 kB	metamaskbot
npm/@metamask/slip44@4.0.0	None	0	136 kB	metamaskbot

🚮 Removed packages: npm/@metamask/eth-trezor-keyring@3.1.3, npm/@metamask/slip44@4.1.0, npm/tslib@2.6.2

View full report↗︎

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[mikesposito]

this tslib forced resolution has been added to fix this error that prevents the wallet unlock:

TypeError#1: Cannot assign to read only property 'Symbol(Symbol.iterator)' of object '[object Object]'
(anonymous) @ sentry-install.js:37776
sentry-install.js:37776   at Object.__generator (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-8.js:49554:131)
  at Mutex.<anonymous> (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-5.js:22679:28)
  at chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-8.js:49548:41
  at new Promise (<anonymous>)
  at Object.__awaiter (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-8.js:49544:16)
  at Mutex.acquire (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-5.js:22676:24)
  at CurrencyRateController.updateExchangeRate (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-1.js:21928:42)
  at CurrencyRateController._executePoll (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-1.js:21994:16)
  at chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/common-1.js:24712:24
  at sentryWrapped (chrome-extension://bclblcklhpbhilglihnehjhmpfchmmpp/scripts/sentry-install.js:21642:17)

[Gudahtt]

Two suggestions: Could we drop tslib as a top-level dependency, and can we narrow this resolution further?

The resolution is currently applied to all copies of tslib in the dependency tree, not just the one that was causing an issue here. Some of the affected versions are asking for a range that doesn't include 2.6 (e.g. there was on 1.x copy)

[mikesposito]

The direct dependency has been added because it is a peer dependency of @trezor/connect-web, which is a dependency of both the keyring and the client (because of the offscreen client-defined keyring). I suppose that some other package already provided it, but I thought it would be good to add it explicitly. Do you think we should remove it?

Regarding the resolution, it is indeed too broad, and we are getting rid of 1.x - I'll try to narrow it down

[ccharly]

On a sidenote, I believe we have wrongly added a "direct" dep to tslib on Trezor keyring here:

• https://github.com/MetaMask/accounts/blob/main/packages/keyring-eth-trezor/package.json#L56

We probably should have use a peer dep for this one instead... I'll check/track this internally to avoid having this resolution (cause I do believe we could get rid of it if we the dependency was done correctly on our side)

[mikesposito]

I think that this issue is due to a specific version range of tslib which is incompatible with certain parts of the extension, so we probably would have experienced it regardless at some point

[metamaskbot]

Builds ready [458e0a1]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 13, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1992 ± 88 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	319	2437	1815	505	242
		domContentLoaded	1705	2362	1959	179	86
		load	1713	2382	1992	184	88
		domInteractive	25	70	38	13	6
		backgroundConnect	7	105	33	26	13
		firstReactRender	17	91	31	23	11
		getState	98	304	172	73	35
		initialActions	0	1	0	0	0
		loadScripts	1329	1929	1532	156	75
		setupStore	7	83	17	22	10
		uiStartup	1940	2940	2409	272	131

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 56.62 KiB (1.08%)
• ui: 0 Bytes (0.00%)
• common: -906 Bytes (-0.01%)

[mikesposito]

@metamaskbot update-policies

[metamaskbot]

No policy changes

[metamaskbot]

Builds ready [06a0b65]

• builds: chrome, firefox
• builds (flask): chrome, firefox
• builds (MMI): chrome
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 13, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1593 ± 83 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1381	2049	1596	175	84
		domContentLoaded	1375	2031	1572	168	80
		load	1388	2051	1593	173	83
		domInteractive	22	131	46	30	14
		backgroundConnect	8	63	28	20	9
		firstReactRender	15	75	30	22	11
		getState	4	62	18	19	9
		initialActions	0	1	0	0	0
		loadScripts	997	1556	1166	138	66
		setupStore	6	71	13	18	9
		uiStartup	1524	2332	1826	212	102

[ccharly]

LGTM, I rely on e2e tests for validation though.

[metamaskbot]

Builds ready [37aed22]

• builds: chrome, firefox
• builds (flask): chrome, firefox
• builds (MMI): chrome
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 13, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1614 ± 132 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1383	2610	1609	259	124
		domContentLoaded	1340	2566	1586	251	121
		load	1385	2681	1614	275	132
		domInteractive	21	66	30	11	5
		backgroundConnect	8	120	28	30	14
		firstReactRender	15	72	39	24	12
		getState	4	41	9	8	4
		initialActions	0	0	0	0	0
		loadScripts	963	1924	1169	196	94
		setupStore	6	51	11	13	6
		uiStartup	1577	3038	1812	305	146

[Akaryatrh]

Good to me. Tested locally and was able to test successfully (with Trezor simulator) the provided scenario:

• Add one or more Trezor accounts
• Sign message
• Sign typed data
• Sign transaction
• Remove Trezor accounts