chore: pin eciesjs to exact version 0.4.17

[chakra-guy]

Summary

Pin eciesjs from ^0.4.15 to exact 0.4.17 in all packages and apps (core, web-demo, rn-demo, integration-tests, load-tests).

No source code changes needed - all KeyManager implementations already use the 0.4.x API correctly.

Why

Cross-repo eciesjs version alignment effort. All three repos that share the ECIES encryption channel (metamask-mobile, connect-monorepo, mobile-wallet-protocol) should use the identical eciesjs version to eliminate any possibility of version-related surprises.

Companion PRs:

• metamask-mobile: upgrading from 0.3.x to exact 0.4.17
• connect-monorepo: pinning from ^0.4.15 to exact 0.4.17

Changes

• packages/core/package.json (devDependency)
• apps/web-demo/package.json
• apps/rn-demo/package.json
• apps/integration-tests/package.json
• apps/load-tests/package.json

All: "^0.4.15" -> "0.4.17"

Test plan

• yarn build passes
• yarn test passes (59 unit tests)
• yarn lint passes
• No source code changes needed

---

Note

Low Risk
Dependency-only change that pins eciesjs (and updates its lockfile transitive deps), with no source code modifications; risk is limited to potential runtime/crypto behavior differences from the patch upgrade.

Overview
Pins eciesjs from ^0.4.15 to exact 0.4.17 across the monorepo (core, demos, and test apps) to ensure consistent ECIES dependency resolution.

Updates yarn.lock accordingly, including bumped transitive packages like @ecies/ciphers and @noble/curves.

^{Written by Cursor Bugbot for commit b117c33. This will update automatically on new commits. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eciesjs@​0.4.15 ⏵ 0.4.17	+1		+1

View full report