fix(deps): bump ws from 8.20.0 to 8.20.1 in /web #900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

AchoArnold merged 1 commit into main from dependabot/npm_and_yarn/web/ws-8.20.1

May 22, 2026

Merged

fix(deps): bump ws from 8.20.0 to 8.20.1 in /web

Codacy Production / Codacy Static Code Analysis required action May 22, 2026 in 0s

3 new issues (0 max.) of at least severity.

web/pnpm-lock.yaml#L240

Insecure dependency npm/qs@6.11.2 (CVE-2026-2391: qs: qs's arrayLimit bypass in comma parsing allows denial of service) (update to 6.14.2)

web/pnpm-lock.yaml#L336

Insecure dependency npm/ajv@6.12.6 (CVE-2025-69873: ajv: ReDoS via $data reference) (update to 6.14.0)

web/pnpm-lock.yaml#L931

Insecure dependency npm/jws@3.2.2 (CVE-2025-65945: node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm) (update to 3.2.3)