From f76fe03422d224771b29744619774c38f6838066 Mon Sep 17 00:00:00 2001 From: kanywst Date: Mon, 25 May 2026 20:09:00 +0900 Subject: [PATCH] fix(deps): bump ws to 8.21.0 to resolve GHSA-58qx-3vcg-4xpx Resolves a moderate severity advisory (uninitialized memory disclosure) in ws <=8.20.0, pulled in transitively via happy-dom. CI's npm audit step (--audit-level=moderate) was failing on main and on every open Dependabot PR because of this. --- package-lock.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index fbc9f52..8e67869 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7141,7 +7141,9 @@ } }, "node_modules/ws": { - "version": "8.20.0", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "license": "MIT", "engines": {