Chore: audit @trezor/connect-web package

[DDDDDanica]

Description

Bump @trezor-connect-web to 5.4.0 to audit
Changelog: trezor/trezor-suite@2ed5d0a

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/secp256k1@5.0.0
• @SocketSecurity ignore npm/bigint-buffer@1.1.5
• @SocketSecurity ignore npm/@actions/exec@1.1.1
• @SocketSecurity ignore npm/string.prototype.repeat@1.0.0
• @SocketSecurity ignore npm/borc@3.0.0
• @SocketSecurity ignore npm/web3-providers-ipc@4.0.7
• @SocketSecurity ignore npm/@fastify/busboy@2.1.1
• @SocketSecurity ignore npm/encodeurl@2.0.0
• @SocketSecurity ignore npm/web3-net@4.1.0
• @SocketSecurity ignore npm/@radix-ui/react-use-callback-ref@1.1.0
• @SocketSecurity ignore npm/@radix-ui/react-id@1.1.0
• @SocketSecurity ignore npm/@radix-ui/react-use-layout-effect@1.1.0
• @SocketSecurity ignore npm/@radix-ui/react-use-controllable-state@1.1.0
• @SocketSecurity ignore npm/@radix-ui/react-direction@1.1.0
• @SocketSecurity ignore npm/@lavamoat/preinstall-always-fail@2.1.0
• @SocketSecurity ignore npm/web3-providers-ws@4.0.8
• @SocketSecurity ignore npm/web3-providers-http@4.2.0
• @SocketSecurity ignore npm/negotiator@1.0.0
• @SocketSecurity ignore npm/unique-slug@5.0.0
• @SocketSecurity ignore npm/abbrev@3.0.0
• @SocketSecurity ignore npm/unique-filename@4.0.0
• @SocketSecurity ignore npm/@radix-ui/react-context@1.1.1
• @SocketSecurity ignore npm/negotiator@0.6.4
• @SocketSecurity ignore npm/@solana/rpc-transport-http@2.0.0
• @SocketSecurity ignore npm/hash-base@3.0.5
• @SocketSecurity ignore npm/jayson@4.1.3
• @SocketSecurity ignore npm/@solana/web3.js@1.95.8
• @SocketSecurity ignore npm/@radix-ui/primitive@1.1.1
• @SocketSecurity ignore npm/@radix-ui/react-compose-refs@1.1.1
• @SocketSecurity ignore npm/agentkeepalive@4.6.0
• @SocketSecurity ignore npm/tinyexec@0.3.2
• @SocketSecurity ignore npm/undici@5.28.5
• @SocketSecurity ignore npm/async-function@1.0.0
• @SocketSecurity ignore npm/ox@0.6.7
• @SocketSecurity ignore npm/@solana-program/token-2022@0.3.4
• @SocketSecurity ignore npm/@everstake/wallet-sdk@1.0.13
• @SocketSecurity ignore npm/istanbul-lib-report@3.0.1
• @SocketSecurity ignore npm/koa-convert@2.0.0
• @SocketSecurity ignore npm/anymatch@3.1.3
• @SocketSecurity ignore npm/duplexer3@0.1.5
• @SocketSecurity ignore npm/clone-response@1.0.3
• @SocketSecurity ignore npm/cosmiconfig@7.1.0
• @SocketSecurity ignore npm/defaults@1.0.4
• @SocketSecurity ignore npm/fast-diff@1.3.0
• @SocketSecurity ignore npm/util@0.10.4
• @SocketSecurity ignore npm/istanbul-lib-source-maps@4.0.1
• @SocketSecurity ignore npm/defined@1.0.1
• @SocketSecurity ignore npm/react-fast-compare@3.2.2
• @SocketSecurity ignore npm/fb-watchman@2.0.2
• @SocketSecurity ignore npm/capture-stack-trace@1.0.2

[DDDDDanica]

@metamaskbot update-policies

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[danjm]

@metamaskbot update-policies

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[DDDDDanica]

@metamaskbot update-policies

[socket-security]

Report too large to display inline

View full report↗︎

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[DDDDDanica]

@metamaskbot update-policies

[mikesposito]

FYI there's this PR in flight as well: #30640

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here