fix: node forge audit issue cp-13.25.0

[bergarces]

Description

Resolution to resolve node-forge audit issue.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk dependency-only change: bumps node-forge via Yarn resolutions, which could affect transitive crypto/PKI behavior but has no direct code changes.

Overview
Resolves a security/audit finding by forcing node-forge to ^1.4.0 via package.json resolutions.

Updates yarn.lock accordingly to pull node-forge@1.4.0 (previously 1.3.2).

^{Written by Cursor Bugbot for commit f108bf9. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[metamaskbotv2]

Builds ready [f108bf9]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• webpack builds: chrome, firefox
• webpack builds (beta): chrome, firefox
• webpack builds (flask): chrome, firefox
• webpack builds (test): chrome, firefox
• webpack builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	300	264	345	32	325	345
	total	300	264	345	32	325	345
Confirm Tx	confirm_tx	6060	6046	6076	12	6069	6076
	total	6060	6046	6076	12	6069	6076
Bridge User Actions	bridge_load_page	229	215	258	16	235	258
	bridge_load_asset_picker	265	251	278	10	274	278
	bridge_search_token	773	761	785	10	785	785
	total	1268	1236	1298	24	1294	1298

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Chrome Browserify Startup Standard Home	uiStartup	1509	1245	2006	121	1577	1706
	load	1254	1029	1660	116	1327	1450
	domContentLoaded	1247	1022	1654	114	1319	1444
	domInteractive	31	18	123	22	27	95
	firstPaint	175	71	1205	162	210	317
	backgroundConnect	228	202	325	17	234	266
	firstReactRender	21	13	45	5	22	33
	initialActions	1	0	10	2	2	4
	loadScripts	1037	818	1428	111	1098	1223
	setupStore	13	7	40	6	16	25
	numNetworkReqs	39	31	89	16	34	80
Chrome Browserify Startup Power User Home	uiStartup	4436	2117	13015	1891	5304	7886
	load	1364	1165	2868	197	1411	1661
	domContentLoaded	1336	1157	2715	182	1371	1630
	domInteractive	43	23	168	32	38	127
	firstPaint	264	92	1426	142	320	353
	backgroundConnect	1535	311	10442	1615	2365	4772
	firstReactRender	28	17	52	7	32	40
	initialActions	1	0	4	1	1	3
	loadScripts	1105	960	1500	108	1117	1365
	setupStore	17	6	52	9	20	34
	numNetworkReqs	167	99	392	49	179	265

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	219	218	220	1	219	220
	srpButtonToSrpForm	94	91	97	2	95	97
	confirmSrpToPwForm	22	21	22	0	22	22
	pwFormToMetricsScreen	15	15	15	0	15	15
	metricsToWalletReadyScreen	15	15	16	0	15	16
	doneButtonToHomeScreen	648	527	933	161	720	933
	openAccountMenuToAccountListLoaded	3032	2920	3151	109	3131	3151
	total	3940	3805	4214	163	4042	4214
Onboarding New Wallet	createWalletToSocialScreen	220	218	221	1	220	221
	srpButtonToPwForm	120	111	133	9	128	133
	createPwToRecoveryScreen	9	9	9	0	9	9
	skipBackupToMetricsScreen	40	39	40	0	40	40
	agreeButtonToOnboardingSuccess	17	16	19	1	18	19
	doneButtonToAssetList	514	487	533	18	532	533
	total	922	883	968	32	947	968
Asset Details	assetClickToPriceChart	82	63	102	14	87	102
	total	82	63	102	14	87	102
Solana Asset Details	assetClickToPriceChart	72	61	84	8	77	84
	total	72	61	84	8	77	84
Import Srp Home	loginToHomeScreen	2454	2311	2555	97	2531	2555
	openAccountMenuAfterLogin	61	52	72	7	66	72
	homeAfterImportWithNewWallet	426	278	527	98	498	527
	total	3103	2979	3213	83	3113	3213
Send Transactions	openSendPageFromHome	37	30	51	9	36	51
	selectTokenToSendFormLoaded	57	27	87	22	75	87
	reviewTransactionToConfirmationPage	925	900	974	29	914	974
	total	1026	1005	1058	22	1037	1058
Swap	openSwapPageFromHome	91	51	135	29	101	135
	fetchAndDisplaySwapQuotes	2693	2691	2694	1	2694	2694
	total	2786	2754	2826	25	2795	2826

🌐 Dapp Page Load Benchmarks

Current Commit: f108bf9 | Date: 3/27/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.04s (±71ms) 🟡 | historical mean value: 1.03s ⬆️ (historical data)
• domContentLoaded-> current mean value: 735ms (±69ms) 🟢 | historical mean value: 730ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 85ms (±10ms) 🟢 | historical mean value: 84ms ⬆️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.04s	71ms	1.00s	1.32s	1.26s	1.32s
domContentLoaded	735ms	69ms	699ms	1.00s	936ms	1.00s
firstPaint	85ms	10ms	68ms	160ms	104ms	160ms
firstContentfulPaint	85ms	10ms	68ms	160ms	104ms	160ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs

• background: 58 Bytes (0%)
• ui: 5 Bytes (0%)
• common: 42 Bytes (0%)