chore: bump compliance controller to 2.1.0

[geositta]

Description

This PR updates mobile to consume @metamask/compliance-controller@2.1.0 and wires the mobile compliance setup to use the configured Compliance API URL.

The reason for this change is to bring mobile onto the latest compliance-controller release that supports explicit API URL configuration and shared wallet-blocked selectors. That support is needed for the broader compliance work so mobile can resolve compliance checks through build configuration instead of relying only on the controller package’s environment fallback.

The solution bumps the compliance-controller dependency, passes COMPLIANCE_API_URL into ComplianceService, adds the URL to mobile build configuration, and updates the mobile selector wrapper to use the core batch blocked-wallet selector. Tests were updated to cover the configured API URL wiring and the EVM case-insensitive address matching behavior from the released controller package.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes which compliance API URL the wallet uses and how blocked-address lookups behave (including EVM case-insensitivity), which can affect send/receive gating if misconfigured.

Overview
Upgrades @metamask/compliance-controller from 2.0.0 to 2.1.0 and threads a configurable compliance backend URL through mobile builds.

ComplianceService now receives apiUrl from COMPLIANCE_API_URL (with existing prod/dev env unchanged). That variable is added to .js.env.example, shared builds.yml public envs, jest.config.js, and apply-build-config.js so CI and local builds hit the production compliance host by default.

The Redux selectAreAnyWalletsBlocked wrapper delegates to the package’s coreSelectAreAnyWalletsBlocked instead of looping selectIsWalletBlocked locally, aligning multichain “any blocked” checks with controller logic (including case-insensitive EVM matching). Tests and the Jest manual mock were updated for apiUrl wiring and address matching behavior.

^{Reviewed by Cursor Bugbot for commit a6652a8. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​compliance-controller@​2.0.0 ⏵ 2.1.0	+1

View full report

[gambinish]

This comment is nice but I feel like it's something that could easily be missed and cause confusion, I'd opt to omit the version number entirely here

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeSwap, SmokeStake, SmokeWalletPlatform, SmokeMoney, SmokePerps, SmokeMultiChainAPI, SmokePredictions, SmokeSeedlessOnboarding, SmokeBrowser, SmokeSnaps
• Selected Performance tags: @PerformanceAccountList, @PerformanceOnboarding, @PerformanceLogin, @PerformanceSwaps, @PerformanceLaunch, @PerformanceAssetLoading, @PerformancePredict, @PerformancePreps
• Risk Level: high
• AI Confidence: 100%

click to see 🤖 AI reasoning details

E2E Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/compliance-controller. Running all tests.

Performance Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/compliance-controller. Running all tests.

View GitHub Actions results