Change ledger-lib and ledger-proto source to point to github.com/ledger-community instead of a custom fork. Update revisions of mintlayer-core-primitives and mintlayer-ledger-messages. Make LEDGER_TESTS_AUTO_CONFIRM true by default, to match the corresponding Trezor behaviour. Silence cargo-deny error about rand being unsound. Update rustls-webpki to fix a vulnerability.

Update the Trezor repo referencve again.

Author: ImplOfAnImpl

Cargo.lock

@@ -280,28 +280,30 @@ zeroize = "1.5"
 
 [workspace.dependencies.ml_primitives]
 git = "https://github.com/mintlayer/mintlayer-core-primitives"
-# The commit "Add CoinType used for Ledger and encode/decode utils".
-rev = "13b10dbc88efdf3b5aa31ece8e34278bc69a5a9b"
+# The commit "Merge pull request #4 from mintlayer/fix_typo".
+rev = "8644bfe06d932d687075939d2d175183ba1c369d"
 package = "mintlayer-core-primitives"
 
 [workspace.dependencies.ledger-lib]
-git = "https://github.com/ImplOfAnImpl/rust-ledger.git"
-rev = "035789ec436d47b938e8a3d2085ffb2fbf6f0559"
+git = "https://github.com/ledger-community/rust-ledger.git"
+# Note: we need this PR - https://github.com/ledger-community/rust-ledger/pull/14
+rev = "c8ed12e89788e78d77cdc0dc9fb8a4bd4dc24b89"
 
 [workspace.dependencies.ledger-proto]
-git = "https://github.com/ImplOfAnImpl/rust-ledger.git"
-rev = "035789ec436d47b938e8a3d2085ffb2fbf6f0559"
+git = "https://github.com/ledger-community/rust-ledger.git"
+# The revision must be the same as for ledger-lib.
+rev = "c8ed12e89788e78d77cdc0dc9fb8a4bd4dc24b89"
 
 [workspace.dependencies.mintlayer-ledger-messages]
 git = "https://github.com/mintlayer/mintlayer-ledger-app"
-# The commit "Move StatusWord to messages crate"
-rev = "dbc41342564b2198037ed4ad41b4cf0c34617870"
+# The commit "Update mintlayer-core-primitives repo revision. Enable disabled CI workflows. ..."
+rev = "ffe0d6256877c1b4b18b2e4a27bdeeaa7fc5a2ff"
 package = "messages"
 
 [workspace.dependencies.trezor-client]
 git = "https://github.com/mintlayer/mintlayer-trezor-firmware"
-# The commit "Fix Mintlayer code after merge with v2.11.0"
-rev = "fda0c12fc408ab96d4bd0fc3e796e00c622642db"
+# The commit "Fix Mintlayer code after merge with v2.11.0. Update revisions of mintlayer-core-primitives and parity-scale-codec."
+rev = "596b3ebf536b438156132406d2e3a3f4dde53ebc"
 features = ["bitcoin", "mintlayer"]
 
 [workspace.metadata.dist.dependencies.apt]
@@ -346,10 +348,13 @@ opt-level = 2
 # TODO: investigate this further.
 fontconfig-parser = { git = "https://github.com/Riey/fontconfig-parser", rev = "f7d13a779e6ee282ce75acbc00a1270c0350e0c2" }
 
-# This patch is needed because there is no release of the library and because ledger-lib depends on ledger-proto, so this is the only way to make the former find the latter.
-# Note that the revision specified here must be the same as the one used in the workspace.dependencies section
-ledger-proto = { git = "https://github.com/ImplOfAnImpl/rust-ledger.git", rev = "035789ec436d47b938e8a3d2085ffb2fbf6f0559" }
-# The specific commit is chosen because it contains a fix for the Ledger NanoX,
-# and we use the same version across all Trezor, Ledger and Mintlayerr core primitives repos
-# If a different version is used the tests in Mintlayer core will stop compiling
+# This patch is needed because there is no release of the library and because ledger-lib depends on ledger-proto, so this
+# is the only way to make the former find the latter.
+# Note that the revision specified here must be the same as the one used in the workspace.dependencies section.
+ledger-proto = { git = "https://github.com/ledger-community/rust-ledger.git", rev = "c8ed12e89788e78d77cdc0dc9fb8a4bd4dc24b89" }
+
+# Use a specific commit because we need a fix (github.com/paritytech/parity-scale-codec/pull/751)
+# that has not been released yet (should be part of the release coming after v3.7.5).
+# Note that the fix is needed for the Ledger app, but we have to use the same version of parity-scale-codec
+# across Trezor, Ledger, mintlayer-core and mintlayer-core-primitives repos.
 parity-scale-codec = { git = "https://github.com/paritytech/parity-scale-codec.git", rev = "5021525697edc0661591ebc71392c48d950a10b0" }

Cargo.toml

@@ -44,6 +44,14 @@ db-path = "~/.cargo/advisory-dbs"
 db-urls = ["https://github.com/RustSec/advisory-db"]
 yanked = "warn"
 ignore = [
-    "RUSTSEC-2024-0436", # "paste" is no longer maintained
-    "RUSTSEC-2025-0141", # "bincode" is no longer maintained
+    # "paste" is no longer maintained.
+    "RUSTSEC-2024-0436",
+
+    # "bincode" is no longer maintained.
+    "RUSTSEC-2025-0141",
+
+    # `rand` is unsound.
+    # Note: to fix the error we need to upgrade `rand` to either 0.9.3 or 0.10.1, which is non-trivial
+    # because some of our dependencies still use 0.8.x and earlier versions.
+    "RUSTSEC-2026-0097"
 ]

deny.toml

@@ -713,11 +713,11 @@ version = "0.10.4"
 criteria = "safe-to-deploy"
 
 [[exemptions.ledger-lib]]
-version = "0.1.0@git:035789ec436d47b938e8a3d2085ffb2fbf6f0559"
+version = "0.1.0@git:c8ed12e89788e78d77cdc0dc9fb8a4bd4dc24b89"
 criteria = "safe-to-deploy"
 
 [[exemptions.ledger-proto]]
-version = "0.1.0@git:035789ec436d47b938e8a3d2085ffb2fbf6f0559"
+version = "0.1.0@git:c8ed12e89788e78d77cdc0dc9fb8a4bd4dc24b89"
 criteria = "safe-to-deploy"
 
 [[exemptions.libdbus-sys]]

supply-chain/config.toml

@@ -1430,8 +1430,8 @@ user-login = "cpu"
 user-name = "Daniel McCarney"
 
 [[publisher.rustls-webpki]]
-version = "0.103.10"
-when = "2026-03-20"
+version = "0.103.12"
+when = "2026-04-14"
 user-id = 2751
 user-login = "ctz"
 user-name = "Joe Birr-Pixton"

supply-chain/imports.lock

@@ -86,7 +86,7 @@ fn emulator_apdu_port() -> u16 {
 }
 
 fn should_auto_confirm() -> bool {
-    bool_from_env("LEDGER_TESTS_AUTO_CONFIRM").unwrap().unwrap_or(false)
+    bool_from_env("LEDGER_TESTS_AUTO_CONFIRM").unwrap().unwrap_or(true)
 }
 
 async fn auto_confirmer(mut control_msg_rx: mpsc::Receiver<ControlMessage>, handle: Handle) {