Skip to content

Update to latest Ledger develop#1

Open
may01 wants to merge 103 commits into
yldio:developfrom
LedgerHQ:develop
Open

Update to latest Ledger develop#1
may01 wants to merge 103 commits into
yldio:developfrom
LedgerHQ:develop

Conversation

@may01

@may01 may01 commented May 26, 2026

Copy link
Copy Markdown

Checklist

  • App update process has been followed
  • Target branch is develop
  • Application version has been bumped

Paulo Oliveira added 30 commits March 17, 2026 19:23
- remove dependency on pytezos (and Linux package libsodium)
- re-organize the ragger tests to be closer to the app-boilerplate app repo
- enable reusable Github workflows for app repositories
@socket-security

socket-security Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: pypi pynacl under GPL-3.0-only

License: GPL-3.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/m4/libtool.m4)

License: GPL-3.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/m4/ax_check_link_flag.m4)

License: GPL-3.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/m4/ax_tls.m4)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/compile)

License: GPL-3.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/config.sub)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/ltmain.sh)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/missing)

License: GPL-3.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/config.guess)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/builds/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/contrib/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/test/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/src/libsodium/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/dist-build/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/aclocal.m4)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/depcomp)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/src/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/test/default/Makefile.in)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/Makefile.in)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/build-aux/test-driver)

License: GPL-2.0-or-later - The applicable license policy does not permit this license (5) (pynacl-1.6.2/src/libsodium/src/libsodium/include/Makefile.in)

From: tests/requirements.txtpypi/pynacl@1.6.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/pynacl@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: pypi speculos under GPL-3.0

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9/pyproject.toml)

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9/speculos.egg-info/PKG-INFO)

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9/PKG-INFO)

License: LGPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9/COPYING.LESSER)

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9/COPYING)

From: tests/requirements.txtpypi/speculos@0.26.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/speculos@0.26.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: pypi speculos under GPL-3.0

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9.dist-info/METADATA)

License: LGPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9.dist-info/licenses/COPYING.LESSER)

License: GPL-3.0 - The applicable license policy does not permit this license (5) (speculos-0.26.9.dist-info/licenses/COPYING)

From: tests/requirements.txtpypi/speculos@0.26.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/speculos@0.26.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants