fix: resolve secp256k1 to latest version

[NicholasEllul]

Description

This pull request resolves the secp256k1 library to the latest version. Currently we use a variety of versions under 4.0.x, this would unify them under 4.0.4.

This is the state of the library before this resolution - as you can see, only patch changes will apply.

Manual testing steps

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: npm/secp256k1@4.0.3

View full report↗︎

[legobeat]

@metamaskbot update-policies

.

[metamaskbot]

Policies updated.
👀 Please review the diff for suspicious new powers.

🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

[legobeat]

@NicholasEllul related:

• fix(deps): gridplus-sdk@2.5.1->~2.6.0 #27973

[legobeat]

Hm, this also tries to pin the 3.x versions, which should go to 3.8.1?

[NicholasEllul]

@legobeat yarn why didn't highlight any cases of 3.x versions for extension. Do you recommend being more explicit about the resolution for each sub-dependency to avoid too wide of a scope in the event that other deps using v3 are introduced?

[metamaskbot]

Builds ready [6ff4f08]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1864 ± 58 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1726	2353	1867	133	64
		domContentLoaded	1678	2198	1828	110	53
		load	1729	2289	1864	121	58
		domInteractive	27	81	48	17	8
		backgroundConnect	11	99	37	24	11
		firstReactRender	46	286	97	51	24
		getState	5	78	26	25	12
		initialActions	0	1	0	0	0
		loadScripts	1204	1653	1347	95	45
		setupStore	11	70	25	19	9
		uiStartup	1905	2954	2093	227	109

Bundle size diffs [🚀 Bundle size reduced!]

• background: -91.73 KiB (-1.84%)
• ui: 0 Bytes (0.00%)
• common: 222 Bytes (0.00%)

[danjm]

LGTM (unless the answer to the question from Nic to lego changes my understanding of what exactly needs to be pinned here)

[legobeat]

@danjm Maybe we can consider superseding this by #27973?

[NicholasEllul]

@legobeat yes, looks like your pull request covers all the relevant changes here. Thanks!