fix: Add resolution for rpc-websockets to handle deps audit failure

[danjm]

Description

fixes this test-deps-audit failure:

└─ rpc-websockets
   ├─ ID: rpc-websockets (deprecation)
   ├─ Issue: deprecate 7.11.1
   ├─ Severity: moderate
   ├─ Vulnerable Versions: 7.11.1
   │ 
   ├─ Tree Versions
   │  └─ 7.11.1
   │ 
   └─ Dependents
      └─ @solana/web3.js@npm:1.91.8

Exited with code exit status 1

The next version after 7.11.1 is a major version bump, 8.0.1. The release notes for that version say "Switched to ESNext (ESM). Make sure to use import instead of require to import this package." The one package in our dependency tree that uses this package already uses import (https://github.com/solana-labs/solana-web3.js/blob/abbdc5b1d373cb555b1aab6d450854939407a8ab/packages/library-legacy/src/rpc-websocket.ts#L1). So bumping the version should be safe.

Manual testing steps

This change doesn't affect our functionality. The Trezor functionality that depends on this package is not used in our usage of trezor.

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/rpc-websockets@8.0.1	None	0	0 B

🚮 Removed packages: npm/bufferutil@4.0.8, npm/utf-8-validate@5.0.10

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[Gudahtt]

LGTM!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.67%. Comparing base (af8ef25) to head (01825d3).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #25112   +/-   ##
========================================
  Coverage    65.67%   65.67%           
========================================
  Files         1359     1359           
  Lines        54015    54015           
  Branches     14017    14017           
========================================
  Hits         35469    35469           
  Misses       18546    18546           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Gudahtt]

@SocketSecurity ignore npm/utf-8-validate@5.0.10
@SocketSecurity ignore npm/bufferutil@4.0.8

These both appear to be false positives. These are not introduced by this PR.

[legobeat]

The one package in our dependency tree that uses this package already uses import. So bumping the version should be safe.

Just noting that unless something changed very recently, @solana/web3.js imports rpc-websockets modules directly from .cjs paths as of integrating 7.11.1.

https://github.com/solana-labs/solana-web3.js/pull/2758/files#diff-20d78b28ed2c239f472fb2e5693cb19b45530c9bb2d14654465cc1d78ba65adc

EDIT: But the cjs files are all still there despite the module being advertised as "ESM only now". So looks like yes, it's safe. But may not the last we hear on this package and its ESM migration...

https://www.npmjs.com/package/rpc-websockets?activeTab=code

[metamaskbot]

Builds ready [01825d3]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (206 ± 316 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	69	249	93	37	18
		domContentLoaded	9	17	11	2	1
		load	43	3073	206	658	316
		domInteractive	9	17	11	2	1

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Missing release label release-12.0.0 on PR. Adding release label release-12.0.0 on PR and removing other release labels(release-12.1.0), as PR was added to branch 12.0.0 when release was cut.

[metamaskbot]

Missing release label release-11.16.8 on PR. Adding release label release-11.16.8 on PR and removing other release labels(release-12.0.0), as PR was cherry-picked in branch 11.16.8.