fix(#1285): use all RPCs defined in fallbackRPCs

[ndrpp]

Fixes #1285 .

Changes proposed in this PR:

• make sure FallbackProvider uses all available RPCs, including those defined in fallbackRPCs
• use priority, quorum and stallTimeout properties to call RPCs sequentially in case of failures

[dnsi0]

/run-security-scan

[ndrpp]

/run-security-scan

[alexcos20]

/run-security-scan

[alexcos20]

what happens if configs is empty?
We have an empty provider ?

[ndrpp]

This will not happen in practice, because there are checks for existing rpcs when the Blockchain class is initialized. This line is just a fix for a test that explicitly tries to create the chain with unreachable RPCs and expects a failure.

[alexcos20]

are this necessary in this PR?

[ndrpp]

Nope, not necessary. I did an npm audit fix here, I can remove it if you think it's not necessary.

[alexcos20]

/run-security-scan

[alexcos20]

AI automated code review (Gemini 3).

Overall risk: medium

Summary:
This pull request includes dependency updates, a crucial bug fix candidate in the C2D component, a test timeout increase, and significant refactoring of the blockchain provider handling to improve RPC fallback logic. The changes to the Blockchain class are a positive step towards more robust and efficient RPC management, but a critical bug with await removal needs to be addressed.

Comments:
• [ERROR][bug] The getKeyManager().getEthAddress() method is an async function and returns a Promise<string>. Removing the await keyword here will assign a Promise object to nodeAddress instead of the resolved string value. This will likely cause runtime errors when nodeAddress is later used as a string (e.g., in getLocks). Please revert this change and keep await.
• [INFO][other] Adding a check for balocks being empty or undefined is a good defensive programming practice. This helps prevent potential runtime errors if getLocks() returns unexpected data.
• [INFO][performance] The test timeout for should wait for jobWithOutputURL status 70 and download output from URL has been increased from 130s to 180s. While this might be necessary to prevent test flakiness, it's worth investigating if the underlying operation (waitForAllJobsToFinish) is consistently taking longer. Long test execution times can sometimes indicate performance bottlenecks or reliance on external services that are slow. Please ensure this timeout increase is truly necessary and not masking a deeper performance issue.
• [INFO][other] The getProvider method has been significantly refactored to use ethers.FallbackProvider with explicit priority and stallTimeout settings, as well as quorum: 1. This is a positive change for improving the robustness and efficiency of RPC handling.

Specifically:

• Setting quorum: 1 is excellent, as it allows the provider to accept the first successful response, speeding up interactions.
• Assigning higher stallTimeout (3000ms) to the primary RPC and lower (1500ms) to fallbacks allows the primary to have a fair chance to respond before falling back, which is a sensible strategy if the primary is expected to be the most reliable but can sometimes have higher latency.
• The removal of static signers and providers maps, along with the config parameter, points to a cleaner, more instance-centric design for the Blockchain class, reducing global state dependencies.
  • [INFO][style] The removal of JsonRpcApiProvider and OceanNodeConfig along with the config parameter from the Blockchain class reflects a streamlined approach. The JsonRpcProvider is now directly used, which is fine, and configuration seems to be passed more explicitly via the constructor or getKeyManager.
  • [INFO][other] Multiple dependency updates have been applied. Most are minor patch or minor version bumps (e.g., brace-expansion, fast-xml-parser, handlebars, path-expression-matcher, strnum, node-forge). While node-forge is a cryptography library, the update from 1.3.3 to 1.4.0 is a minor version bump, which typically indicates backward-compatible feature additions or bug fixes, rather than breaking changes or critical security patches requiring immediate deep investigation. Overall, these updates seem routine for dependency maintenance.

[ndrpp]

AI automated code review (Gemini 3).

Comments: • [ERROR][bug] The getKeyManager().getEthAddress() method is an async function and returns a Promise<string>. Removing the await keyword here will assign a Promise object to nodeAddress instead of the resolved string value. This will likely cause runtime errors when nodeAddress is later used as a string (e.g., in getLocks). Please revert this change and keep await.

The function is synchronous 😄