chore: updating lavamoat allow-scripts dependencies

[georgewrmarshall]

Description

This PR updates dependencies and resolves the @lavamoat/allow-scripts configuration for the esbuild package used by Storybook.

1. Reason for the change:

   • Ensure all dependencies are up-to-date
   • Resolve configuration issues with @lavamoat/allow-scripts
   • Improve project stability and security

2. Improvement/solution:

   • Updated all project dependencies to their latest compatible versions
   • Configured @lavamoat/allow-scripts for esbuild package
   • Ensured smooth installation process without warnings or errors

Related issues

Fixes: #733

Manual testing steps

1. Clone the updated branch
2. Run yarn install to ensure all dependencies are correctly installed
3. Verify that no warnings or errors related to @lavamoat/allow-scripts appear during installation

Pre-merge author checklist

• I've followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I've properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/collect-v8-coverage@1.0.2, npm/istanbul-lib-report@3.0.1, npm/convert-source-map@1.9.0, npm/make-dir@4.0.0, npm/deepmerge@4.3.1, npm/anymatch@3.1.3, npm/fb-watchman@2.0.2, npm/jest-pnp-resolver@1.2.3, npm/@sinonjs/commons@1.8.6, npm/word-wrap@1.2.5, npm/has@1.0.4, npm/json-buffer@3.0.1, npm/function.prototype.name@1.1.6, npm/detect-libc@1.0.3, npm/supports-hyperlinks@2.3.0, npm/spdx-correct@3.2.0, npm/keyv@4.5.4, npm/fast-diff@1.3.0, npm/array.prototype.flat@1.3.2, npm/eslint-import-resolver-node@0.3.9, npm/jsesc@3.0.2, npm/@joshwooding/vite-plugin-react-docgen-typescript@0.3.0, npm/es-shim-unscopables@1.0.2, npm/punycode@2.3.1, npm/@types/istanbul-lib-coverage@2.0.6, npm/@types/istanbul-reports@3.0.4, npm/@types/istanbul-lib-report@3.0.3, npm/@types/babel__template@7.4.4, npm/@types/stack-utils@2.0.3, npm/@types/yargs-parser@21.0.3, npm/istanbul-lib-coverage@3.2.2, npm/flat-cache@3.2.0, npm/merge-descriptors@1.0.3, npm/tsconfig-paths@3.15.0, npm/@types/babel__generator@7.6.8, npm/assertion-error@2.0.1, npm/pathval@2.0.0, npm/is-data-view@1.0.1, npm/arraybuffer.prototype.slice@1.0.3, npm/fastq@1.17.1, npm/safe-regex-test@1.0.3, npm/get-symbol-description@1.0.2, npm/@jridgewell/resolve-uri@3.1.2, npm/spdx-exceptions@2.5.0, npm/http-proxy-agent@7.0.2, npm/eslint-plugin-jest@27.9.0, npm/is-negative-zero@2.0.3, npm/has-proto@1.0.3, npm/istanbul-reports@3.1.7, npm/typed-array-buffer@1.0.2, npm/typed-array-byte-offset@1.0.2, npm/es-set-tostringtag@2.0.3, npm/is-shared-array-buffer@1.0.3, npm/typed-array-byte-length@1.0.1, npm/flatted@3.3.1, npm/@parcel/watcher@2.4.1, npm/@parcel/watcher-android-arm64@2.4.1, npm/@parcel/watcher-darwin-arm64@2.4.1, npm/@parcel/watcher-darwin-x64@2.4.1, npm/@parcel/watcher-freebsd-x64@2.4.1, npm/@parcel/watcher-linux-arm-glibc@2.4.1, npm/@parcel/watcher-linux-arm64-glibc@2.4.1, npm/@parcel/watcher-linux-arm64-musl@2.4.1, npm/@parcel/watcher-linux-x64-glibc@2.4.1, npm/@parcel/watcher-linux-x64-musl@2.4.1, npm/@parcel/watcher-win32-arm64@2.4.1, npm/@parcel/watcher-win32-ia32@2.4.1, npm/@parcel/watcher-win32-x64@2.4.1, npm/@ampproject/remapping@2.3.0, npm/data-view-buffer@1.0.1, npm/data-view-byte-offset@1.0.0, npm/data-view-byte-length@1.0.1, npm/safe-array-concat@1.1.2, npm/hasown@2.0.2, npm/binary-extensions@2.3.0, npm/es-object-atoms@1.0.0, npm/string.prototype.trimend@1.0.8, npm/string.prototype.trim@1.2.9, npm/object.values@1.2.0, npm/array-includes@3.1.8, npm/string.prototype.trimstart@1.0.8, npm/typed-array-length@1.0.6, npm/@tsconfig/node10@1.0.11, npm/encodeurl@2.0.0, npm/es-abstract@1.23.3, npm/agent-base@7.1.1, npm/@humanwhocodes/object-schema@2.0.3, npm/@npmcli/agent@2.2.2, npm/@humanwhocodes/config-array@0.13.0, npm/react-is@18.3.1, npm/optionator@0.9.4, npm/@npmcli/run-script@8.1.0, npm/make-fetch-happen@13.0.1, npm/globalthis@1.0.4, npm/ssri@10.0.6, npm/@npmcli/promise-spawn@7.0.2, npm/cmd-shim@6.0.3, npm/nopt@7.2.1, npm/json-parse-even-better-errors@3.0.2, npm/minipass-fetch@3.0.5, npm/hosted-git-info@7.0.2, npm/bin-links@4.0.4, npm/validate-npm-package-name@5.0.1, npm/@npmcli/fs@3.1.1, npm/check-error@2.1.1, npm/chai@5.1.1, npm/path-scurry@1.11.1, npm/@types/mdast@4.0.4, npm/braces@3.0.3, npm/fill-range@7.1.1, npm/@types/babel__traverse@7.20.6, npm/ini@4.1.3, npm/minipass@7.1.2, npm/mdast-util-from-markdown@2.0.1, npm/recast@0.23.9, npm/bundle-require@4.2.1, npm/deep-eql@5.0.2, npm/webpack-virtual-modules@0.6.2, npm/@adobe/css-tools@4.4.0, npm/lilconfig@3.1.2, npm/@esbuild/aix-ppc64@0.21.5, npm/@esbuild/android-arm64@0.21.5, npm/@esbuild/android-x64@0.21.5, npm/@esbuild/darwin-arm64@0.21.5, npm/@esbuild/darwin-x64@0.21.5, npm/@esbuild/freebsd-arm64@0.21.5, npm/@esbuild/freebsd-x64@0.21.5, npm/@esbuild/linux-arm@0.21.5, npm/@esbuild/linux-arm64@0.21.5, npm/@esbuild/linux-ia32@0.21.5, npm/@esbuild/linux-mips64el@0.21.5, npm/@esbuild/linux-ppc64@0.21.5, npm/@esbuild/linux-riscv64@0.21.5, npm/@esbuild/linux-s390x@0.21.5, npm/@esbuild/linux-x64@0.21.5, npm/@esbuild/netbsd-x64@0.21.5, npm/@esbuild/openbsd-x64@0.21.5, npm/@esbuild/sunos-x64@0.21.5, npm/@esbuild/win32-arm64@0.21.5, npm/@esbuild/win32-ia32@0.21.5, npm/@esbuild/win32-x64@0.21.5, npm/@esbuild/android-arm@0.21.5, npm/@esbuild/linux-loong64@0.21.5, npm/esbuild@0.21.5, npm/unified@11.0.5, npm/object-inspect@1.13.2, npm/v8-to-istanbul@9.3.0, npm/es-module-lexer@1.5.4, npm/normalize-package-data@6.0.2, npm/minimatch@9.0.5, npm/https-proxy-agent@7.0.5, npm/socks-proxy-agent@8.0.4, npm/@storybook/csf@0.1.11, npm/acorn@8.12.1, npm/ws@8.18.0, npm/micromark-extension-gfm-autolink-literal@2.1.0, npm/micromark-extension-gfm-footnote@2.1.0, npm/micromark-extension-gfm-strikethrough@2.1.0, npm/micromark-extension-gfm-table@2.1.0, npm/micromark-extension-gfm-task-list-item@2.1.0, npm/esquery@1.6.0, npm/glob@10.4.5, npm/@npmcli/git@5.0.8, npm/npm-pick-manifest@9.1.0, npm/lru-cache@10.4.3, npm/@jridgewell/sourcemap-codec@1.5.0, npm/node-gyp@10.2.0, npm/tinyrainbow@1.2.0, npm/jackspeak@3.4.3, npm/@lavamoat/aa@4.3.0, npm/@lavamoat/preinstall-always-fail@2.1.0, npm/cacache@18.0.4, npm/node-addon-api@7.1.1, npm/semver@7.6.3, npm/eslint-plugin-promise@6.6.0, npm/node-releases@2.0.18, npm/import-local@3.2.0, npm/immutable@4.3.7, npm/@testing-library/dom@10.4.0, npm/npm-package-arg@11.0.3, npm/esbuild-register@3.6.0, npm/magic-string@0.30.11, npm/@vitest/expect@2.0.5, npm/@vitest/pretty-format@2.0.5, npm/@vitest/spy@2.0.5, npm/@vitest/utils@2.0.5, npm/qs@6.13.0, npm/jsdoc-type-pratt-parser@4.1.0, npm/@types/yargs@17.0.33, npm/foreground-child@3.3.0, npm/ignore@5.3.2, npm/babel-preset-current-node-syntax@1.1.0, npm/@types/unist@3.0.3, npm/@esbuild/aix-ppc64@0.23.1, npm/@esbuild/android-arm@0.23.1, npm/@esbuild/android-arm64@0.23.1, npm/@esbuild/android-x64@0.23.1, npm/@esbuild/darwin-arm64@0.23.1, npm/@esbuild/darwin-x64@0.23.1, npm/@esbuild/freebsd-arm64@0.23.1, npm/@esbuild/freebsd-x64@0.23.1, npm/@esbuild/linux-arm@0.23.1, npm/@esbuild/linux-arm64@0.23.1, npm/@esbuild/linux-ia32@0.23.1, npm/@esbuild/linux-loong64@0.23.1, npm/@esbuild/linux-mips64el@0.23.1, npm/@esbuild/linux-ppc64@0.23.1, npm/@esbuild/linux-riscv64@0.23.1, npm/@esbuild/linux-s390x@0.23.1, npm/@esbuild/linux-x64@0.23.1, npm/@esbuild/netbsd-x64@0.23.1, npm/@esbuild/openbsd-arm64@0.23.1, npm/@esbuild/openbsd-x64@0.23.1, npm/@esbuild/sunos-x64@0.23.1, npm/@esbuild/win32-arm64@0.23.1, npm/@esbuild/win32-ia32@0.23.1, npm/@esbuild/win32-x64@0.23.1, npm/esbuild@0.23.1, npm/markdown-to-jsx@7.5.0, npm/mdast-util-gfm-autolink-literal@2.0.1, npm/undici-types@6.19.8, npm/spdx-license-ids@3.0.20, npm/is-core-module@2.15.1, npm/sort-package-json@2.10.1, npm/micromatch@4.0.8, npm/tslib@2.7.0, npm/@testing-library/jest-dom@6.5.0, npm/vfile@6.0.3, npm/escalade@3.2.0, npm/path-to-regexp@0.1.10, npm/picocolors@1.1.0, npm/yaml@2.5.1, npm/@lavamoat/allow-scripts@3.2.1, npm/filesize@10.1.6, npm/debug@4.3.7, npm/@chromatic-com/storybook@1.9.0, npm/cjs-module-lexer@1.4.1, npm/source-map-js@1.2.1, npm/acorn-walk@8.3.4, npm/tinyspy@3.0.2, npm/ansi-regex@6.1.0, npm/body-parser@1.20.3, npm/send@0.19.0, npm/unplugin@1.14.1, npm/serve-static@1.16.2, npm/finalhandler@1.3.1, npm/@types/qs@6.9.16, npm/postcss@8.4.47, npm/@eslint-community/regexpp@4.11.1, npm/@eslint/js@8.57.1, npm/eslint@8.57.1, npm/@types/prop-types@15.7.13, npm/@npmcli/package-json@5.2.1, npm/@types/estree@1.0.6, npm/@storybook/icons@1.2.12, npm/aria-query@5.3.2, npm/rollup@3.29.5, npm/chokidar@4.0.1, npm/@rollup/pluginutils@5.1.2, npm/browserslist@4.24.0, npm/vite@5.4.8, npm/@types/express-serve-static-core@4.19.6, npm/package-json-from-dist@1.0.1, npm/eslint-module-utils@2.12.0, npm/update-browserslist-db@1.1.1, npm/hast-util-to-string@3.0.1, npm/@vitejs/plugin-react@4.3.2, npm/@rollup/rollup-darwin-arm64@4.24.0, npm/@rollup/rollup-android-arm64@4.24.0, npm/@rollup/rollup-win32-arm64-msvc@4.24.0, npm/@rollup/rollup-linux-arm64-gnu@4.24.0, npm/@rollup/rollup-linux-arm64-musl@4.24.0, npm/@rollup/rollup-android-arm-eabi@4.24.0, npm/@rollup/rollup-linux-arm-gnueabihf@4.24.0, npm/@rollup/rollup-linux-arm-musleabihf@4.24.0, npm/@rollup/rollup-win32-ia32-msvc@4.24.0, npm/@rollup/rollup-linux-riscv64-gnu@4.24.0, npm/@rollup/rollup-linux-powerpc64le-gnu@4.24.0, npm/@rollup/rollup-linux-s390x-gnu@4.24.0, npm/@rollup/rollup-darwin-x64@4.24.0, npm/@rollup/rollup-win32-x64-msvc@4.24.0, npm/@rollup/rollup-linux-x64-gnu@4.24.0, npm/@rollup/rollup-linux-x64-musl@4.24.0, npm/rollup@4.24.0, npm/@babel/code-frame@7.25.7, npm/@babel/highlight@7.25.7, npm/@babel/helper-validator-identifier@7.25.7, npm/@babel/helper-plugin-utils@7.25.7, npm/@babel/runtime@7.25.7, npm/@babel/helper-compilation-targets@7.25.7, npm/@babel/helper-string-parser@7.25.7, npm/@babel/helper-validator-option@7.25.7, npm/@babel/plugin-transform-react-display-name@7.25.7, npm/@babel/plugin-syntax-import-attributes@7.25.7, npm/@babel/plugin-syntax-typescript@7.25.7, npm/@babel/generator@7.25.7, npm/@babel/helper-module-imports@7.25.7, npm/@babel/helper-module-transforms@7.25.7, npm/@babel/helper-simple-access@7.25.7, npm/@babel/helpers@7.25.7, npm/@babel/plugin-syntax-jsx@7.25.7, npm/@babel/template@7.25.7, npm/@babel/traverse@7.25.7, npm/@babel/plugin-transform-react-jsx@7.25.7, npm/@babel/helper-annotate-as-pure@7.25.7, npm/@babel/plugin-transform-react-jsx-development@7.25.7, npm/@babel/plugin-transform-react-pure-annotations@7.25.7, npm/@babel/plugin-transform-react-jsx-self@7.25.7, npm/@babel/plugin-transform-react-jsx-source@7.25.7, npm/@babel/preset-react@7.25.7, npm/@types/react@18.3.11, npm/@vitest/utils@2.1.2, npm/@vitest/pretty-format@2.1.2, npm/regexp.prototype.flags@1.5.3, npm/@types/lodash@4.17.10, npm/readdirp@4.0.2, npm/@vue/compiler-core@3.5.11, npm/@vue/shared@3.5.11, npm/@vue/compiler-dom@3.5.11, npm/@vue/compiler-sfc@3.5.11, npm/@vue/compiler-ssr@3.5.11, npm/cookie@0.7.1, npm/caniuse-lite@1.0.30001667, npm/@storybook/addon-actions@8.3.5, npm/@storybook/addon-backgrounds@8.3.5, npm/@storybook/addon-controls@8.3.5, npm/@storybook/addon-docs@8.3.5, npm/@storybook/addon-essentials@8.3.5, npm/@storybook/addon-highlight@8.3.5, npm/@storybook/addon-interactions@8.3.5, npm/@storybook/addon-links@8.3.5, npm/@storybook/addon-measure@8.3.5, npm/@storybook/addon-outline@8.3.5, npm/@storybook/addon-toolbars@8.3.5, npm/@storybook/addon-viewport@8.3.5, npm/@storybook/blocks@8.3.5, npm/@storybook/components@8.3.5, npm/@storybook/core@8.3.5, npm/@storybook/csf-plugin@8.3.5, npm/@storybook/instrumenter@8.3.5, npm/@storybook/react-dom-shim@8.3.5, npm/@storybook/test@8.3.5, npm/@storybook/theming@8.3.5, npm/storybook@8.3.5, npm/@storybook/preview-api@8.3.5, npm/@storybook/react@8.3.5, npm/@storybook/manager-api@8.3.5, npm/@storybook/builder-vite@8.3.5, npm/@storybook/react-vite@8.3.5, npm/synckit@0.9.2, npm/loupe@3.1.2, npm/@types/node@22.7.5, npm/prettier-plugin-packagejson@2.5.3, npm/express@4.21.1, npm/chromatic@11.12.5, npm/@babel/compat-data@7.25.8, npm/@babel/core@7.25.8, npm/@babel/parser@7.25.8, npm/@babel/types@7.25.8, npm/electron-to-chromium@1.5.36, npm/sass@1.79.5

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

[metamaskbot]

Builds ready [24883e4]

Storybook: Storybook

[georgewrmarshall]

@SocketSecurity ignore-all

[socket-security]

Report too large to display inline

View full report↗︎