chore: Bump lavamoat from 9.0.10 to 10.0.0 (#3711)

Bumps
[lavamoat](https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node)
from 9.0.10 to 10.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/LavaMoat/lavamoat/releases">lavamoat's
releases</a>.</em></p>
<blockquote>
<h2>lavamoat: v10.0.0</h2>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.16...lavamoat-v10.0.0">10.0.0</a>
(2025-10-09)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>indicate breaking change propagation: stop overwriting the policy
file while loading. (<a
href="https://redirect.github.com/LavaMoat/LavaMoat/issues/1835">#1835</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>indicate breaking change propagation: stop overwriting the policy
file while loading. (<a
href="https://redirect.github.com/LavaMoat/LavaMoat/issues/1835">#1835</a>)
(<a
href="https://github.com/LavaMoat/LavaMoat/commit/81f2cb0bf00e61c9ddfb637ad20deacba95ca967">81f2cb0</a>)</li>
</ul>
<h2>lavamoat: v9.0.16</h2>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.15...lavamoat-v9.0.16">9.0.16</a>
(2025-10-01)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.7.0 to ^16.7.1</li>
<li>lavamoat-tofu bumped from ^8.0.10 to ^8.0.11</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>lavamoat: v9.0.15</h2>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.14...lavamoat-v9.0.15">9.0.15</a>
(2025-09-25)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.6.2 to ^16.7.0</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>lavamoat: v9.0.14</h2>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.13...lavamoat-v9.0.14">9.0.14</a>
(2025-09-22)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.6.1 to ^16.6.2</li>
<li>lavamoat-tofu bumped from ^8.0.9 to ^8.0.10</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>lavamoat: v9.0.13</h2>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.12...lavamoat-v9.0.13">9.0.13</a>
(2025-09-19)</h2>
<h3>Dependencies</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/LavaMoat/LavaMoat/blob/main/packages/lavamoat-node/CHANGELOG.md">lavamoat's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.16...lavamoat-v10.0.0">10.0.0</a>
(2025-10-09)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>indicate breaking change propagation: stop overwriting the policy
file while loading. (<a
href="https://redirect.github.com/LavaMoat/LavaMoat/issues/1835">#1835</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>indicate breaking change propagation: stop overwriting the policy
file while loading. (<a
href="https://redirect.github.com/LavaMoat/LavaMoat/issues/1835">#1835</a>)
(<a
href="https://github.com/LavaMoat/LavaMoat/commit/81f2cb0bf00e61c9ddfb637ad20deacba95ca967">81f2cb0</a>)</li>
</ul>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.15...lavamoat-v9.0.16">9.0.16</a>
(2025-10-01)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.7.0 to ^16.7.1</li>
<li>lavamoat-tofu bumped from ^8.0.10 to ^8.0.11</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.14...lavamoat-v9.0.15">9.0.15</a>
(2025-09-25)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.6.2 to ^16.7.0</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.13...lavamoat-v9.0.14">9.0.14</a>
(2025-09-22)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.6.1 to ^16.6.2</li>
<li>lavamoat-tofu bumped from ^8.0.9 to ^8.0.10</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2><a
href="https://github.com/LavaMoat/LavaMoat/compare/lavamoat-v9.0.12...lavamoat-v9.0.13">9.0.13</a>
(2025-09-19)</h2>
<h3>Dependencies</h3>
<ul>
<li>The following workspace dependencies were updated
<ul>
<li>dependencies
<ul>
<li>lavamoat-core bumped from ^16.6.0 to ^16.6.1</li>
<li>lavamoat-tofu bumped from ^8.0.8 to ^8.0.9</li>
</ul>
</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/aad7145bb2e5bc772c1b445d60f37cf818ef63ff"><code>aad7145</code></a>
chore: release main (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1836">#1836</a>)</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/81f2cb0bf00e61c9ddfb637ad20deacba95ca967"><code>81f2cb0</code></a>
fix!: indicate breaking change propagation: stop overwriting the policy
file ...</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/86d2258292a10b9bd36b480ebb9fcb789ba210ce"><code>86d2258</code></a>
chore: release main (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1834">#1834</a>)</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/e837fbfedd74d181e6cacbfdc28bda00b0d3a508"><code>e837fbf</code></a>
chore: release main (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1828">#1828</a>)</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/539b980975fb2973f8ceca82285f0f05a26bc932"><code>539b980</code></a>
chore: release main</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/1f4f70a42c2690f2f73f65fbe37b35d71dee4315"><code>1f4f70a</code></a>
chore: release main</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/f80ce42bf356c45888e3723111c7b1d46da39aee"><code>f80ce42</code></a>
chore: release main (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1795">#1795</a>)</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/593ed7cbcb6c17ac5387b5078bcb2917dbc91cc7"><code>593ed7c</code></a>
create <code>@​lavamoat/types</code> (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1033">#1033</a>)</li>
<li><a
href="https://github.com/LavaMoat/LavaMoat/commit/a2c8136677b9540b180b6be82e54257880dbb1ee"><code>a2c8136</code></a>
chore: release main (<a
href="https://github.com/LavaMoat/lavamoat/tree/HEAD/packages/lavamoat-node/issues/1769">#1769</a>)</li>
<li>See full diff in <a
href="https://github.com/LavaMoat/lavamoat/commits/lavamoat-v10.0.0/packages/lavamoat-node">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lavamoat&package-manager=npm_and_yarn&previous-version=9.0.10&new-version=10.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrade lavamoat to 10.0.0 and update LavaMoat policy to reference new
`lavamoat>lavamoat-core`/`lavamoat>lavamoat-tofu` package paths;
lockfile updated for related transitive deps.
> 
> - **Dependencies**:
> - Bump `lavamoat` to `^10.0.0` in
`packages/snaps-execution-environments/package.json`.
> - Update lockfile: `lavamoat-core` to `^17.0.0`, `lavamoat-tofu` to
`^8.0.11`, `@lavamoat/aa` to `^4.3.4`; remove old ranges.
> - **LavaMoat policy**:
> - Switch policy entries from `@lavamoat/webpack>lavamoat-core` to
`lavamoat>lavamoat-core`, and from
`@lavamoat/webpack>lavamoat-core>lavamoat-tofu` to
`lavamoat>lavamoat-tofu` in `lavamoat/build-system/policy.json`.
> - Adjust nested resource paths accordingly while keeping existing
builtins/globals.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
ba709c2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MetaMask Bot <[email protected]>

Author: dependabot[bot]

packages/snaps-execution-environments/lavamoat/build-system/policy.json

@@ -133,7 +133,7 @@
         "depcheck>@babel/parser": true,
         "lavamoat>@lavamoat/aa": true,
         "@lavamoat/webpack>browser-resolve": true,
-        "@lavamoat/webpack>lavamoat-core": true,
+        "lavamoat>lavamoat-core": true,
         "webpack": true
       }
     },
@@ -738,7 +738,7 @@
         "lavamoat>lavamoat-core>merge-deep>kind-of>is-buffer": true
       }
     },
-    "@lavamoat/webpack>lavamoat-core": {
+    "lavamoat>lavamoat-core": {
       "builtin": {
         "node:events": true,
         "node:fs.readFileSync": true,
@@ -753,16 +753,16 @@
       },
       "packages": {
         "@lavamoat/webpack>json-stable-stringify": true,
-        "@lavamoat/webpack>lavamoat-core>lavamoat-tofu": true,
+        "lavamoat>lavamoat-tofu": true,
         "lavamoat>lavamoat-core>merge-deep": true
       }
     },
-    "@lavamoat/webpack>lavamoat-core>lavamoat-tofu": {
+    "lavamoat>lavamoat-tofu": {
       "globals": {
         "console.log": true
       },
       "packages": {
-        "@lavamoat/webpack>lavamoat-core>lavamoat-tofu>@babel/parser": true,
+        "lavamoat>lavamoat-tofu>@babel/parser": true,
         "depcheck>@babel/traverse": true
       }
     },

packages/snaps-execution-environments/package.json

@@ -101,7 +101,7 @@
     "jest-environment-node": "^29.5.0",
     "jest-fetch-mock": "^3.0.3",
     "jest-silent-reporter": "^0.6.0",
-    "lavamoat": "^9.0.10",
+    "lavamoat": "^10.0.0",
     "prettier": "^3.3.3",
     "rimraf": "^4.1.2",
     "serve-handler": "^6.1.5",

yarn.lock

@@ -2727,7 +2727,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@lavamoat/aa@npm:^4.3.3, @lavamoat/aa@npm:^4.3.4":
+"@lavamoat/aa@npm:^4.3.4":
   version: 4.3.4
   resolution: "@lavamoat/aa@npm:4.3.4"
   dependencies:
@@ -4363,7 +4363,7 @@ __metadata:
     jest-environment-node: "npm:^29.5.0"
     jest-fetch-mock: "npm:^3.0.3"
     jest-silent-reporter: "npm:^0.6.0"
-    lavamoat: "npm:^9.0.10"
+    lavamoat: "npm:^10.0.0"
     prettier: "npm:^3.3.3"
     readable-stream: "npm:^3.6.2"
     rimraf: "npm:^4.1.2"
@@ -13672,22 +13672,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lavamoat-core@npm:^16.5.0":
-  version: 16.7.1
-  resolution: "lavamoat-core@npm:16.7.1"
-  dependencies:
-    "@babel/types": "npm:7.27.3"
-    "@lavamoat/types": "npm:^0.1.0"
-    json-stable-stringify: "npm:1.3.0"
-    lavamoat-tofu: "npm:^8.0.11"
-    merge-deep: "npm:3.0.3"
-    ses: "npm:1.14.0"
-  bin:
-    lavamoat-sort-policy: src/policy-sort-cli.js
-  checksum: 10/e15b3d83f2b838942f65159460d5f7394ce0f41122ed682db61c6eb2ad0760814e58bce6e3f9037604bf16f4190c9f5328d75cb0f550e10729092534365f21e7
-  languageName: node
-  linkType: hard
-
 "lavamoat-core@npm:^17.0.0":
   version: 17.0.0
   resolution: "lavamoat-core@npm:17.0.0"
@@ -13704,7 +13688,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lavamoat-tofu@npm:^8.0.11, lavamoat-tofu@npm:^8.0.8":
+"lavamoat-tofu@npm:^8.0.11":
   version: 8.0.11
   resolution: "lavamoat-tofu@npm:8.0.11"
   dependencies:
@@ -13720,25 +13704,25 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lavamoat@npm:^9.0.10":
-  version: 9.0.10
-  resolution: "lavamoat@npm:9.0.10"
+"lavamoat@npm:^10.0.0":
+  version: 10.0.0
+  resolution: "lavamoat@npm:10.0.0"
   dependencies:
     "@babel/code-frame": "npm:7.27.1"
     "@babel/highlight": "npm:7.25.9"
-    "@lavamoat/aa": "npm:^4.3.3"
+    "@lavamoat/aa": "npm:^4.3.4"
     bindings: "npm:1.5.0"
     corepack: "npm:0.33.0"
     htmlescape: "npm:1.1.1"
-    lavamoat-core: "npm:^16.5.0"
-    lavamoat-tofu: "npm:^8.0.8"
+    lavamoat-core: "npm:^17.0.0"
+    lavamoat-tofu: "npm:^8.0.11"
     node-gyp-build: "npm:4.8.4"
     resolve: "npm:1.22.10"
     yargs: "npm:17.7.2"
   bin:
     lavamoat: src/cli.js
     lavamoat-run-command: src/run-command.js
-  checksum: 10/ee1c325354a521ee432542089e1078e15c1e3ff1d6beffd28c7761b6cec6f844c2b9ffb0c4ac6535743ce230fa6aa40565b1eefc262e2fefba972f5c4b4b76b3
+  checksum: 10/3a6e995289a6fe5007f020b7288d22ea98c0eaee8d609cfc172c9a81ab7db1cec7fd7dffb84eb58ddbcefd73195e84a103df27ea76539eded5d77c4356454c5f
   languageName: node
   linkType: hard