chore: bump assets-controllers and phishing controller

[sahar-fehri]

Description

• Bump @metamask/assets-controllers from ^99.4.0 to 100.0.2 and @metamask/phishing-controller from ^15.0.0 to ^16.3.0
• Wire up the new PhishingController:bulkScanTokens action into the MultichainAssetsController messenger so the assets controller can leverage bulk token phishing detection

Changelog

CHANGELOG entry: bump assets-controllers and phishing-controller versions

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Primarily dependency upgrades plus a new phishing-scan action routed through the controller messenger; risk is moderate due to behavior changes coming from external controller version bumps and new security-alerts API traffic.

Overview
Bumps @metamask/assets-controllers to ^100.0.2 and @metamask/phishing-controller to ^16.3.0 (with corresponding yarn.lock updates).

Wires the new PhishingController:bulkScanTokens action into getMultichainAssetsControllerMessenger, and updates API test mocks to handle POST https://security-alerts.api.cx.metamask.io/token/scan-bulk.

^{Written by Cursor Bugbot for commit 908ef8a. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​phishing-controller@​16.2.0 ⏵ 16.3.0			+1	+7
	npm/​@​metamask/​assets-controllers@​100.0.2
	npm/​@​metamask/​network-enablement-controller@​4.1.0 ⏵ 4.1.2				+2

View full report

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeTrade, SmokeWalletPlatform, SmokeCard, SmokePerps, SmokeRamps, SmokeMultiChainAPI, SmokePredictions, FlaskBuildTests
• Selected Performance tags: @PerformanceAccountList, @PerformanceOnboarding, @PerformanceLogin, @PerformanceSwaps, @PerformanceLaunch, @PerformanceAssetLoading, @PerformancePredict, @PerformancePreps
• Risk Level: high
• AI Confidence: 100%

click to see 🤖 AI reasoning details

E2E Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/assets-controllers, @metamask/phishing-controller. Running all tests.

Performance Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/assets-controllers, @metamask/phishing-controller. Running all tests.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud