chore: upgrade ws to ^8.21.0 to address CVE-2026-45736

brendan-kellam · claude · brendan-kellam · commit 84c53c856375 · 2026-06-04T17:54:38.000-07:00
Refresh the lockfile for the `ws@npm:^8.18.0` requester and add a
qualified resolution `ws@npm:~8.17.1` -&gt; `^8.20.1` for the
socket.io/engine.io tilde-locked requester. Both trees now resolve to
ws 8.21.0.

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Upgraded `protobufjs` to `^7.6.2`. [#1281](https://github.com/sourcebot-dev/sourcebot/pull/1281)
+- Upgraded `ws` to `^8.21.0`. [#PR](https://github.com/sourcebot-dev/sourcebot/pull/PR)
 
 ## [5.0.1] - 2026-06-04
 
diff --git a/package.json b/package.json
@@ -59,6 +59,7 @@
         "smol-toml@npm:^1.6.0": "^1.6.1",
         "teeny-request@npm:^10.0.0": "^10.1.2",
         "uuid": "^14.0.0",
-        "fast-uri@npm:^3.0.1": "^3.1.2"
+        "fast-uri@npm:^3.0.1": "^3.1.2",
+        "ws@npm:~8.17.1": "^8.20.1"
     }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -23401,9 +23401,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ws@npm:^8.18.0":
-  version: 8.20.1
-  resolution: "ws@npm:8.20.1"
+"ws@npm:^8.18.0, ws@npm:^8.20.1":
+  version: 8.21.0
+  resolution: "ws@npm:8.21.0"
   peerDependencies:
     bufferutil: ^4.0.1
     utf-8-validate: ">=5.0.2"
@@ -23412,22 +23412,7 @@ __metadata:
       optional: true
     utf-8-validate:
       optional: true
-  checksum: 10c0/ce162433218399cdedeb76fd33363d4d86a7d910058d4e3c679dce08cea65d6da6b39f11baa4d7808d024cf46ed88f6a05c17611621aaad8fc5e62edacc30c5d
-  languageName: node
-  linkType: hard
-
-"ws@npm:~8.17.1":
-  version: 8.17.1
-  resolution: "ws@npm:8.17.1"
-  peerDependencies:
-    bufferutil: ^4.0.1
-    utf-8-validate: ">=5.0.2"
-  peerDependenciesMeta:
-    bufferutil:
-      optional: true
-    utf-8-validate:
-      optional: true
-  checksum: 10c0/f4a49064afae4500be772abdc2211c8518f39e1c959640457dcee15d4488628620625c783902a52af2dd02f68558da2868fd06e6fd0e67ebcd09e6881b1b5bfe
+  checksum: 10c0/ef4a243476283fc49bc7550966c4af4aa0eef56273837211e700de3b664e08604a760cdddcb5ba43c049140e74ccfec5b0ee0bb439e08c2adf9138902fdde5f9
   languageName: node
   linkType: hard
 

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@`
`59`	`59`	`"smol-toml@npm:^1.6.0": "^1.6.1",`
`60`	`60`	`"teeny-request@npm:^10.0.0": "^10.1.2",`
`61`	`61`	`"uuid": "^14.0.0",`
`62`		`- "fast-uri@npm:^3.0.1": "^3.1.2"`
	`62`	`+ "fast-uri@npm:^3.0.1": "^3.1.2",`
	`63`	`+ "ws@npm:~8.17.1": "^8.20.1"`
`63`	`64`	`}`
`64`	`65`	`}`