chore: bump @metamask/gator-permissions-controller from ^3.0.0 to ^4.0.0

[jeffsmale90]

Description

Bumps

• @metamask/gator-permissions-controller from ^3.0.0 to ^4.0.0
• @metamask/signature-controller from ^39.1.2 to ^39.2.0

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Although the diff is dependency-only, it upgrades a major version of the permissions controller and updates signature-related transitive controllers, which could change runtime behavior in permission/signing flows.

Overview
Updates dependencies to use @metamask/gator-permissions-controller ^4.0.0 (from ^3.0.0) and @metamask/signature-controller ^39.2.0 (from ^39.1.2).

Refreshes yarn.lock for the new controller versions and their updated transitive requirements (notably newer @metamask/* controller/messenger packages).

^{Reviewed by Cursor Bugbot for commit 2b3b762. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

⏭️ Smart E2E selection skipped - draft PR

All E2E tests pre-selected.

View GitHub Actions results

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​signature-controller@​39.1.2 ⏵ 39.2.0
	npm/​@​metamask/​gator-permissions-controller@​3.0.0 ⏵ 4.0.0			+1	+1

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
11 value mismatches detected (expected — fixture represents an existing user).
View details