fix (cherry-pick): Fix audit failures v12.5.1

[danjm]

Cherry-picks #28145 to v12.5.1, and brings #28177 into v12.5.1 as well. The latter originally targeted v12.6.0, but we need it for a hotfix ahead of that. The PR description for that was:

Description

Forcing resolutions to fix yarn audit warnings and more specifically this issue:

• GHSA-584q-6j8j-r5pm

I decided to be very explicit about the resolution itself based on the output of:

$ yarn why secp256k1
├─ ethereum-cryptography@npm:0.1.3
│  └─ secp256k1@npm:4.0.4 (via npm:^4.0.1)
│
├─ ganache@npm:7.9.2
│  └─ secp256k1@npm:4.0.3 (via npm:4.0.3)
│
├─ ganache@patch:ganache@npm%3A7.9.2#~/.yarn/patches/ganache-npm-7.9.2-a70dc8da34.patch::version=7.9.2&hash=7d7c66
│  └─ secp256k1@npm:4.0.3 (via npm:4.0.3)
│
├─ gridplus-sdk@npm:2.5.1
│  └─ secp256k1@npm:4.0.2 (via npm:4.0.2)
│
└─ hdkey@npm:2.1.0
   └─ secp256k1@npm:4.0.4 (via npm:^4.0.0)

We could also have a more straightforward resolution like:

  ...
  "resolutions": {
    ...
    "secp256k1": "4.0.4"
  }
  ...

But that could also catch version with different major.

Let me know what would be the preferred solution here.

Related issues

Fixes: GHSA-584q-6j8j-r5pm

Manual testing steps

N/A

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: npm/secp256k1@4.0.3

View full report↗︎

[Gudahtt]

LGTM!

[metamaskbot]

Builds ready [9e71592]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1822 ± 71 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1640	2289	1817	145	69
		domContentLoaded	1624	2169	1776	129	62
		load	1642	2312	1822	148	71
		domInteractive	24	79	43	17	8

[dbrans]

LGTM