chore: bump Ledger Bridge to 11.2.0 and Keyring API to 21.4.0

[gantunesr]

Description

• Bump @metamask/eth-ledger-bridge-keyring to 11.2.0
• Bump @metamask/keyring-api to 21.4.0

Changelog

CHANGELOG entry: null

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/MUL-1440

Manual testing steps

1. Using the MetaMask test Dapp, ensure that the following operations are successful,
   • Legacy send
   • 1559 send
   • Personal sign
   • Typed data V4

Screenshots/Recordings

Not applicable

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Dependency-only change, but it touches hardware wallet/keyring packages where regressions could affect Ledger interactions or signing flows.

Overview
Bumps keyring-related dependencies to pick up upstream changes: @metamask/eth-ledger-bridge-keyring 11.1.0 → 11.2.0 and @metamask/keyring-api 21.3.0 → 21.4.0.

Updates yarn.lock accordingly, including refreshed transitive dependency versions (notably @metamask/keyring-utils 3.1.0 → 3.2.0 and new keyring-api dependencies like uuid/async-mutex).

^{Written by Cursor Bugbot for commit fafda4a. This will update automatically on new commits. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​eth-ledger-bridge-keyring@​11.1.0 ⏵ 11.2.0	+1		+2	-2
	npm/​@​metamask/​keyring-api@​21.3.0 ⏵ 21.4.0				+5

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• npm/@metamask/eth-ledger-bridge-keyring@11.2.0

View full report

[gantunesr]

@SocketSecurity ignore npm/@metamask/eth-ledger-bridge-keyring@11.2.0

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeNetworkExpansion, FlaskBuildTests
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 75%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR updates two core keyring-related packages:

1. @metamask/eth-ledger-bridge-keyring (11.1.0 → 11.2.0): Ledger hardware wallet integration package used in app/core/Ledger/Ledger.ts and app/core/Engine/controllers/keyring-controller-init.ts. The update adds new dependencies for keyring-api and keyring-utils.

2. @metamask/keyring-api (^21.3.0 → ^21.4.0): Widely used package providing account types (EthAccountType, SolAccountType), scope types (EthScope, SolScope, BtcScope, TrxScope), and utility functions (isEvmAccountType). Used across 50+ files including confirmations, network selection, multi-chain features, and account management.

Selected tags rationale:

• SmokeAccounts: Directly tests account management, SRP flows, and keyring functionality. The keyring packages are core to account creation and management.
• SmokeConfirmations: Tests transaction and signature confirmations which rely on keyring for signing operations. The keyring-api update includes new signing-related dependencies.
• SmokeNetworkExpansion: Tests multi-chain support including Solana which uses SolAccountType and SolScope from keyring-api extensively.
• FlaskBuildTests: Tests Snaps functionality which uses keyring for snap account management and key derivation (BIP-32/BIP-44).

While these are minor version bumps (typically backward-compatible), the wide usage of keyring-api across the codebase and the addition of new dependencies in the update warrant testing core wallet functionality.

Performance Test Selection:
These dependency updates are for keyring packages which handle account management and signing operations. They don't directly impact UI rendering performance, data loading, or app startup times. The changes are internal to the keyring layer and don't affect the performance-critical paths like account list rendering, login flow, swap execution, or asset loading. No performance tests are needed for these package version bumps.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud