fix(deps): add cipher-base resolution to fix SNYK-JS-CIPHERBASE-12084814

[devin-ai-integration]

Summary

Adds a yarn resolution for cipher-base >= 1.0.5 to fix critical vulnerability SNYK-JS-CIPHERBASE-12084814 (Function Call With Incorrect Argument Type, CVSS 9.8).

What changed

• package.json: Added "**/cipher-base": "^1.0.5" to the resolutions field (alongside the existing 44 resolutions)
• yarn.lock: Updated cipher-base from 1.0.4 → 1.0.5

Why

cipher-base@1.0.4 is deep in the transitive dependency tree via the crypto pipeline:
pbkdf2 → create-hash → cipher-base

The resolution forces all transitive consumers to use the patched version (>= 1.0.5).

Review & Testing Checklist for Human

• Verify cipher-base resolves to >= 1.0.5 in the lockfile
• Confirm no runtime regressions in crypto-related flows (wallet creation, signing, key derivation)
• Run Snyk/security scan to confirm the vulnerability is resolved

Notes

• The project uses yarn v1 with .yarnrc containing ignore-scripts true
• cipher-base dependencies updated: inherits ^2.0.1 → ^2.0.4, safe-buffer ^5.0.1 → ^5.2.1 (both remain compatible with existing resolved versions in the lockfile)

Link to Devin session: https://app.devin.ai/sessions/bdc4e19ef55042deb05aab86eb41a218
Requested by: @abhay-codeium

---

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.