[Aikido] Fix 4 security issues in @metamask/sdk, @metamask/sdk-communication-layer, viem and 1 more

[aikido-autofix]

Upgrading @metamask/sdk, @metamask/sdk-communication-layer, viem, js-yaml to address vulnerabilities.

🚨 4 CVEs resolved by this upgrade, including 1 critical CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
AIKIDO-2025-10854	🚨 CRITICAL	Affected versions of the React Native Community CLI expose a Metro development server that binds to external interfaces and provides an endpoint vulnerable to OS command injection, allowing unauthenticated remote attackers to issue crafted POST requests that execute arbitrary executables. On Windows...
GHSA-qj3p-xc97-xw74	MEDIUM	### Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time
AIKIDO-2024-10466	MEDIUM	Affected versions of this package are vulnerable due to insufficient entropy in the signature algorithm. The nonce (or k) used in transaction signatures must be unique for every message. Reusing the same nonce across different messages allows attackers to exploit the weakness and recover the pri...
AIKIDO-2025-10809	MEDIUM	Affected versions of this package are vulnerable to Prototype Pollution, where the code insufficiently validates properties during merging by checking only own properties with _hasOwnProperty, allowing attackers to craft malicious YAML input that injects keys like __proto__ or constructor into t...

🔗 Related Tasks

• https://linear.app/cube-labs/issue/CUB-2795/major-upgrade-for-react-native-communitycli

---

PR-Codex overview

This PR focuses on updating the package.json and pnpm-lock.yaml files to reflect new dependencies, versions, and configurations, enhancing the project's linting and dependency management.

Detailed summary

• Updated packageManager to pnpm@9.4.0.
• Modified lint-staged configuration for better readability.
• Added new dependencies: @metamask/sdk, @metamask/sdk-communication-layer, viem, and js-yaml.
• Incremented versions for several existing dependencies.
• Updated lockfileVersion in pnpm-lock.yaml.
• Adjusted versions for various packages to ensure compatibility with typescript@5.9.3.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6b5e4d7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR