chore: update @metamask/transaction-pay-controller

[jpuri]

Description

Update @metamask/transaction-pay-controller, to add change to accountOverride property.

Changelog

CHANGELOG entry:

Related issues

Ref: https://consensyssoftware.atlassian.net/browse/CONF-1187

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

NA

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Dependency bumps pull in newer @metamask/* controller and keyring packages, which can subtly change transaction/payment and bridge behavior at runtime. App code changes are minimal, but lockfile/resolution shifts increase integration/regression risk.

Overview
Upgrades @metamask/transaction-pay-controller to ^19.3.0 and updates the lockfile/resolutions to align on newer @metamask/* packages (notably @metamask/keyring-api 23.0.1, plus related bridge/assets/keyring client/internal deps).

Updates accountsControllerTestUtils.ts to recognize Stellar (XlmAccountType.Account -> XlmScope.Pubnet) when generating mock account scopes.

^{Reviewed by Cursor Bugbot for commit e677792. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​metamask/​assets-controller@​6.0.0 ⏵ 6.1.0			+1	+1
	npm/​@​metamask/​assets-controllers@​104.2.0 ⏵ 104.3.0	-25		+1
	npm/​@​metamask/​keyring-internal-api@​10.0.1 ⏵ 10.1.1	+1		+1	+2
	npm/​@​metamask/​bridge-controller@​70.1.1 ⏵ 70.2.0	+1		+1
	npm/​@​metamask/​transaction-pay-controller@​19.2.2 ⏵ 19.3.0	+1		+1	+1
	npm/​@​metamask/​account-api@​1.0.0 ⏵ 1.0.3	+1		+25	+8

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• npm/@metamask/assets-controllers@104.3.0

View full report

[jpuri]

@SocketSecurity ignore npm/@metamask/assets-controllers@104.3.0

[ccharly]

I think we could use a resolution to align the keyring-api version for all controllers (until we update all other deps) so we avoid doing this kind of type-cast.

Let me try that locally

[ccharly]

Indeed, could you instead use resolution:

diff --git a/package.json b/package.json
index 180a943a47..a40b116569 100644
--- a/package.json
+++ b/package.json
@@ -204,7 +204,8 @@
     "@metamask/messenger@^0.3.0": "^1.0.0",
     "@metamask/accounts-controller": "^37.2.0",
     "@metamask/profile-sync-controller": "^28.0.2",
-    "@metamask/transaction-controller@^63.0.0": "^64.2.0"
+    "@metamask/transaction-controller@^63.0.0": "^64.2.0",
+    "@metamask/keyring-api": "^23.0.1"
   },
   "dependencies": {
     "@braze/react-native-sdk": "patch:@braze/react-native-sdk@npm%3A19.1.0#~/.yarn/patches/@braze-react-native-sdk-npm-19.1.0-076-reactmoduleinfo.patch",

We're currently working on updating all clients to update all accounts deps, so we'll remove the resolutions once everything has been updated.

[jpuri]

Good point, I updated the PR.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 9704c3e. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeAccounts, SmokeConfirmations, SmokeIdentity, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeTrade, SmokeWalletPlatform, SmokeCard, SmokePerps, SmokeRamps, SmokeMultiChainAPI, SmokePredictions, SmokeSeedlessOnboarding, SmokeBrowser, FlaskBuildTests
• Selected Performance tags: @PerformanceAccountList, @PerformanceOnboarding, @PerformanceLogin, @PerformanceSwaps, @PerformanceLaunch, @PerformanceAssetLoading, @PerformancePredict, @PerformancePreps
• Risk Level: high
• AI Confidence: 100%

click to see 🤖 AI reasoning details

E2E Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/transaction-controller@^63.0.0, @metamask/transaction-pay-controller. Running all tests.

Performance Test Selection:
Hard rule (controller-version-update): @MetaMask controller package version updated in package.json: @metamask/transaction-controller@^63.0.0, @metamask/transaction-pay-controller. Running all tests.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
12 value mismatches detected (expected — fixture represents an existing user).
View details

[ccharly]

LGTM for accounts (not tested)

[ccharly]

For tracking purposes: This is expected and we're going to re-align all accounts deps very soon!