[Snyk] Security upgrade ws from 8.20.1 to 8.21.1#14933
Conversation
…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-17988732
|
This is a patch version upgrade for The primary change in version 8.21.1 is a security fix for a high-severity vulnerability (CVE-2026-62389). The vulnerability allowed for potential memory exhaustion and denial of service by sending incomplete fragmented WebSocket messages. This upgrade patches the vulnerability and is not expected to introduce any breaking changes to the API. Source: GitHub Advisory
|
|
E2E Tests 🚀 Note No feature tags detected. If this PR needs feature coverage, add the tag above and retrigger the workflow. |
|
@timtmok, is this one of the dependencies we update as part of upstream merges? I believe so? |
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
remote/package.jsonremote/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-WS-17988732
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling