chore: upgrade ws to ^8.21.0 to address CVE-2026-48779 (#1324)

brendan-kellam · linear-code[bot] · web-flow · commit ed74594601dc · 2026-06-17T15:36:07.000-07:00
Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1342/sourcebot-devsourcebot-cve-2026-48779-ws-memory-exhaustion-dos-from#agent-session-12b72ca1) Co-authored-by: Brendan Kellam <10233483+brendan-kellam@users.noreply.github.com> Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 - Upgraded `@grpc/grpc-js` to `^1.14.4`. [#1315](https://github.com/sourcebot-dev/sourcebot/pull/1315)
 - Upgraded `vite` to `^8.0.16`. [#1313](https://github.com/sourcebot-dev/sourcebot/pull/1313)
+- Upgraded `ws` to `^8.21.0`. [#1324](https://github.com/sourcebot-dev/sourcebot/pull/1324)
 - Upgraded `@babel/core` to `^7.29.6`. [#1333](https://github.com/sourcebot-dev/sourcebot/pull/1333)
 - Upgraded `markdown-it` to `^14.2.0`. [#1321](https://github.com/sourcebot-dev/sourcebot/pull/1321)
 - Upgraded `form-data` to `^4.0.6`. [#1316](https://github.com/sourcebot-dev/sourcebot/pull/1316)
diff --git a/package.json b/package.json
@@ -59,6 +59,7 @@
         "teeny-request@npm:^10.0.0": "^10.1.2",
         "uuid": "^14.0.0",
         "fast-uri@npm:^3.0.1": "^3.1.2",
-        "shell-quote@npm:1.8.3": "^1.8.4"
+        "shell-quote@npm:1.8.3": "^1.8.4",
+        "ws@npm:~8.20.1": "^8.21.0"
     }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -23472,9 +23472,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ws@npm:^8.18.0, ws@npm:~8.20.1":
-  version: 8.20.1
-  resolution: "ws@npm:8.20.1"
+"ws@npm:^8.18.0, ws@npm:^8.21.0":
+  version: 8.21.0
+  resolution: "ws@npm:8.21.0"
   peerDependencies:
     bufferutil: ^4.0.1
     utf-8-validate: ">=5.0.2"
@@ -23483,7 +23483,7 @@ __metadata:
       optional: true
     utf-8-validate:
       optional: true
-  checksum: 10c0/ce162433218399cdedeb76fd33363d4d86a7d910058d4e3c679dce08cea65d6da6b39f11baa4d7808d024cf46ed88f6a05c17611621aaad8fc5e62edacc30c5d
+  checksum: 10c0/ef4a243476283fc49bc7550966c4af4aa0eef56273837211e700de3b664e08604a760cdddcb5ba43c049140e74ccfec5b0ee0bb439e08c2adf9138902fdde5f9
   languageName: node
   linkType: hard
 

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@`
`59`	`59`	`"teeny-request@npm:^10.0.0": "^10.1.2",`
`60`	`60`	`"uuid": "^14.0.0",`
`61`	`61`	`"fast-uri@npm:^3.0.1": "^3.1.2",`
`62`		`- "shell-quote@npm:1.8.3": "^1.8.4"`
	`62`	`+ "shell-quote@npm:1.8.3": "^1.8.4",`
	`63`	`+ "ws@npm:~8.20.1": "^8.21.0"`
`63`	`64`	`}`
`64`	`65`	`}`