ledger clear signing upgrades

[DanielSinclair]

Fixes APP-####

What changed (plus any additional context for devs)

• Upgraded @ledgerhq/hw-app-eth and @ledgerhq/react-native-hw-transport-ble
• The upstream issue that required the patch was corrected.
• These upgrades will allow for Clear Signing with newer Ledger firmware versions

Screen recordings / screenshots

What to test

• Pairing and Signing with Ledger devices. Should try on a Ledger with an older firmware version and a recent firmware version (this month)
• Signing for popular dApps like Lido or Uniswap should not display a Blind Signing warning (new aggressive warning)

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ledgerhq/[email protected]	None	0	3.1 MB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	223 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	142 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	208 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	135 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	2.21 MB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	108 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	133 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	266 kB	aboissiere, gbrahm-ledger, ldg-github-ci, ...5 more
npm/@ledgerhq/[email protected]	None	0	324 kB	ldg-github-ci
npm/@ledgerhq/[email protected]	None	0	377 kB	ldg-github-ci
npm/[email protected]	network	0	2.14 MB	jasonsaayman
npm/[email protected]	None	0	487 kB	evanvosberg
npm/[email protected]	None	0	5.55 kB	junderw
npm/[email protected]	environment	0	4.51 MB	react-bot
npm/[email protected]	None	0	1.89 MB	dominik-czupryna-withintent
npm/[email protected]	None	0	64.3 kB	piotrwitek

🚮 Removed packages: npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/@ledgerhq/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[DanielSinclair]

@BrodyHughes Have two of these PRs for App and BX related to a Ledger change to Blind Signing warnings. Just need to test that Ledger functionality is still working as expected. We are in the process of submitting metadata for our contracts to remove warnings which might be a follow-up. More details here: https://linear.app/rainbow/issue/APP-1731/ledger-removal-of-blind-signing

[walmat]

I don't have a ledger so can't really review this PR. Going to remove my request for review.

[BrodyHughes]

Adding my slack comment here so we don't lose it:

Ledger testing:

• TF 1.9.41 (6)
• Ledger Nano X
• Hardware: Ledger NanoX V2.0
• Firmware: Secure Element v2.2.3 // Microcontroller 2.30 // Bootloader 1.16

okay i’m not sure if the app is even asking for bluetooth permissions correctly? i am also stuck on the import flow trying to connect to ledger.

can confirm:

• connects to phone bluetooth
• connects to ledger live app
• ledger live settings show bluetooth permissions allowed
• rainbow does NOT show bluetooth permissions allowed
• rainbow does NOT prompt me for bluetooth permissions

[brunobar79]

Launch in simulator or device for c0e322fcaa894dd74c300f29b817d8483b716bbc

[brunobar79]

Launch in simulator or device for 4e8afdf7600629e84737c2e72b46f45d4eb2f36f

[brunobar79]

Launch in simulator or device for 3d069219bcb1020f13f5e91d586c4a7bc09b3d28