release(runway): cherry-pick fix: update package to avoid yarn audit issue

[runway-github]

• fix: update package to avoid yarn audit issue (fix: update package to avoid yarn audit issue cp-13.11.0 #38348)

Description

Resolve node-forge to ^1.3.2 in order to pass the audit.

DO NOT MERGE unless someone with security privileges clears it.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor
  Docs and MetaMask
  Extension Coding
  Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format
  if applicable
• I’ve applied the right labels on the PR (see labeling
  guidelines).
  Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the
  app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described
  in the ticket it closes and includes the necessary testing evidence such
  as recordings and or screenshots.

---

Note

Adds a safe click helper for the backup reminder and updates affected e2e tests to use it post-onboarding.

• E2E:
  • Page Object (test/e2e/page-objects/pages/home/homepage.ts): Add clickBackupRemindMeLaterButtonSafe using driver.clickElementSafe.
  • Tests:
    • Update test/e2e/tests/account/incremental-security.spec.ts to use clickBackupRemindMeLaterButtonSafe after onboarding.
    • Update test/e2e/tests/settings/change-password.spec.ts to use clickBackupRemindMeLaterButtonSafe after onboarding.

^{Written by Cursor Bugbot for commit 17f5b4a. This will update automatically on new commits. Configure here.}

---

Co-authored-by: Mark Stacey [email protected] 54fd624

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[seaona]

LGTM

[metamaskbot]

✨ Files requiring CODEOWNER review ✨

🧪 @MetaMask/qa (1 files, +4 -0)

• 📁 test/
  • 📁 e2e/
    • 📁 page-objects/
      • 📁 pages/
        • 📁 home/
          • 📄 homepage.ts +4 -0

[gauthierpetetin]

Note for myself:

The conflict we had to resolve to create this cherry-pick PR are due to the fact this PR was merged to main after release 13.11.0 was cut.

[metamaskbot]

Builds ready [17f5b4a]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• user-actions-benchmark: User Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16
  • content-script: 0
  • offscreen: 0

UI Startup Metrics (1293 ± 109 ms)

Platform	BuildType	Page	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P 75 (ms)	P 95 (ms)
Chrome	Browserify	Standard Home	uiStartup	1293	1135	1624	109	1348	1501
			load	1056	914	1305	92	1107	1241
			domContentLoaded	1050	911	1300	91	1101	1233
			domInteractive	26	14	99	20	20	80
			firstPaint	595	86	1270	423	1042	1222
			backgroundConnect	218	197	278	12	222	242
			firstReactRender	37	23	150	14	39	57
			getState	55	20	125	19	63	97
			initialActions	1	0	6	1	1	3
			loadScripts	839	698	1063	91	891	1010
			setupStore	13	6	37	6	15	25
			numNetworkReqs	41	28	144	33	31	141
	Browserify	Power User Home	uiStartup	1847	1587	2528	165	1958	2121
			load	983	877	1802	154	966	1377
			domContentLoaded	968	870	1796	154	950	1364
			domInteractive	34	16	171	33	30	131
			firstPaint	533	89	1813	379	908	1297
			backgroundConnect	219	203	247	10	226	240
			firstReactRender	81	39	143	22	92	127
			getState	172	131	271	29	189	221
			initialActions	1	0	9	1	1	3
			loadScripts	766	665	1592	154	745	1161
			setupStore	21	9	83	12	24	44
			numNetworkReqs	144	68	304	54	178	271
	Webpack	Standard Home	uiStartup	875	785	1303	99	888	1122
			load	640	584	969	78	641	843
			domContentLoaded	635	572	962	77	636	836
			domInteractive	26	15	94	19	22	79
			firstPaint	233	106	714	146	230	617
			backgroundConnect	12	6	40	9	11	33
			firstReactRender	43	20	191	29	41	114
			getState	55	17	136	24	71	98
			initialActions	1	0	4	1	1	3
			loadScripts	632	570	949	75	634	826
			setupStore	18	5	73	13	20	45
			numNetworkReqs	41	28	148	33	30	142
	Webpack	Power User Home	uiStartup	1427	1211	2041	148	1534	1687
			load	671	586	1265	111	668	943
			domContentLoaded	660	579	1258	111	653	934
			domInteractive	35	17	215	34	31	133
			firstPaint	293	104	1277	203	283	680
			backgroundConnect	15	7	31	4	17	23
			firstReactRender	80	42	113	15	88	100
			getState	150	125	211	15	158	178
			initialActions	1	0	3	1	1	2
			loadScripts	657	577	1248	109	651	926
			setupStore	20	10	49	10	23	40
			numNetworkReqs	154	67	306	54	187	295
Firefox	Browserify	Standard Home	uiStartup	1321	1177	1782	121	1349	1607
			load	1040	947	1263	81	1075	1224
			domContentLoaded	1039	947	1263	81	1075	1223
			domInteractive	60	30	231	41	81	137
			firstPaint	-	-	-	-	-	-
			backgroundConnect	49	25	313	34	50	112
			firstReactRender	24	18	59	8	26	46
			getState	21	10	68	8	22	34
			initialActions	1	0	3	1	2	2
			loadScripts	1019	927	1234	77	1053	1201
			setupStore	21	8	178	20	19	57
			numNetworkReqs	39	28	125	26	33	117
	Browserify	Power User Home	uiStartup	2409	1954	3094	232	2552	2810
			load	1118	928	1621	159	1131	1425
			domContentLoaded	1117	928	1621	159	1131	1425
			domInteractive	120	30	550	105	110	403
			firstPaint	-	-	-	-	-	-
			backgroundConnect	106	33	472	67	121	197
			firstReactRender	79	36	149	21	91	123
			getState	293	58	856	233	427	807
			initialActions	2	1	8	1	2	7
			loadScripts	1084	900	1597	155	1100	1402
			setupStore	133	10	831	176	118	583
			numNetworkReqs	91	51	201	37	116	164
	Webpack	Standard Home	uiStartup	1497	1338	2144	134	1544	1802
			load	1227	1104	1616	100	1273	1423
			domContentLoaded	1226	1104	1616	100	1273	1422
			domInteractive	62	27	206	42	80	179
			firstPaint	-	-	-	-	-	-
			backgroundConnect	49	18	159	21	58	88
			firstReactRender	30	20	71	7	34	42
			getState	21	10	192	19	21	37
			initialActions	2	0	3	1	2	2
			loadScripts	1204	1090	1543	93	1251	1385
			setupStore	21	7	104	15	19	54
			numNetworkReqs	39	28	126	25	34	116
	Webpack	Power User Home	uiStartup	2652	2095	3573	302	2753	3260
			load	1379	1098	1935	208	1550	1780
			domContentLoaded	1378	1097	1935	208	1550	1780
			domInteractive	121	28	715	132	104	405
			firstPaint	-	-	-	-	-	-
			backgroundConnect	108	23	555	88	126	262
			firstReactRender	80	37	225	26	89	126
			getState	292	77	910	232	462	810
			initialActions	3	1	43	5	3	7
			loadScripts	1335	1082	1895	204	1480	1755
			setupStore	91	5	728	145	82	565
			numNetworkReqs	90	60	186	35	111	162

📊 Page Load Benchmark Results

Current Commit: 17f5b4a | Date: 11/27/2025

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.05s (±71ms) 🟡 | historical mean value: 1.04s ⬆️ (historical data)
• domContentLoaded-> current mean value: 738ms (±70ms) 🟢 | historical mean value: 725ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 75ms (±10ms) 🟢 | historical mean value: 78ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.05s	71ms	1.00s	1.34s	1.27s	1.34s
domContentLoaded	738ms	70ms	695ms	1.01s	949ms	1.01s
firstPaint	75ms	10ms	60ms	156ms	88ms	156ms
firstContentfulPaint	75ms	10ms	60ms	156ms	88ms	156ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

[metamaskbot]

No release label on PR. Adding release label release-13.11.0 on PR, as PR was cherry-picked in branch 13.11.0.