Chore: bump CI related deps

[Lemonexe]

Description

Followup to #18323: update CI-related dependencies, some of them newly owned by @trezor/suite-foundation.
Not those used in runtime, I'm gonna update those after May freeze ❄️

major version:

• nx (a ton of changes, but we only use a tiny fraction of what nx offers, and I didn't notice anything relevant to us)
• glob (breaking change is only node 20 → 22 ✅)
• sort-package-json
• fake-indexeddb (drops a polyfill that we now have to include)

minor version:

• fs-extra
• prettier
• @eslint/js
• eslint
• eslint-plugin-mdx
• typescript-eslint

patch version:

• eslint-plugin-react

not updated:

• chalk (v5 is ESM only, and some scripts that use it are still CJS)

Bump deps that are related to CI and not runtime.

Only glob is used in build (webpack electron-main bundle), so I checked that part of build.

QA

👁️ Besides CI checks, I have tested locally:

yarn workspace @trezor/suite-desktop build:app  # glob
yarn generate-package @suite-common/something-new  # fs-extra, sort-package-json
yarn workspace @suite-common/message-system sign-config  # fs-extra
yarn workspace @trezor/suite-data build:lib  # fs-extra

---

🔍🖥️ Suite web test results: View in Currents

🔍🖥️ Suite desktop test results: View in Currents

🔍🖥️ Suite native android test results: View in Currents

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• @tybys/wasm-util@0.9.0
• @emnapi/core@1.4.3
• nx@20.8.1

View full report

[trezor-ci]

✅ Previously successful run of [Test] PR Suite Web e2e tests workflow has been found.
⏭️ Skipping tests for this run.
💡 If you are unsure about your latest changes, please rerun the workflow manually. (Use the Re-run all jobs option)

[trezor-ci]

✅ Previously successful run of [Test] PR Suite Desktop e2e tests workflow has been found.
⏭️ Skipping tests for this run.
💡 If you are unsure about your latest changes, please rerun the workflow manually. (Use the Re-run all jobs option)

[Lemonexe]

@SocketSecurity ignore npm/@tybys/wasm-util@0.9.0 uses fetch to load async WASM modules and seems legit
@SocketSecurity ignore npm/@emnapi/core@1.4.3 uses fetch & eval to load WASM modules, but to be honest idk what it does.. But it seems we don't use the part of NX that uses the WASM in browser, so both of these packages are probably not relevant.
@SocketSecurity ignore npm/nx@20.8.1 uses fetch for myriad of purposes - the only case relevant for us is that it fetches remote cache..

[Lemonexe]

Found out that side effects like thsi absolutely must be in its separate file.
I spent a while time debugging Suite Native app crashing during runtime because of infinite loop:

RangeError: Maximum call stack size exceeded

I didn't think this would be the cause, because test-utils are only used in tests.. The file mocks.ts is indirectly included in suite-native tests, but that shouldn't leak into runtime code!

It seems to me, that precisely that is happening. Just because mocks.ts is included in the suite-native packages, even though only in tests, its side effects are performed and leak into runtime code even though never referenced. Idk it's weird AF. Isolating the browser mocks into special file solves this 🙈