Skip to content

fix: update ws to resolve CVE-2026-45736#158

Open
dannyneira wants to merge 1 commit into
mainfrom
independabot/ws-cve-2026-45736
Open

fix: update ws to resolve CVE-2026-45736#158
dannyneira wants to merge 1 commit into
mainfrom
independabot/ws-cve-2026-45736

Conversation

@dannyneira
Copy link
Copy Markdown
Member

@dannyneira dannyneira commented May 29, 2026

Summary

  • Updates the transitive ws lockfile entry from 8.20.0 to 8.20.1.
  • Resolves CVE-2026-45736 / GHSA-58qx-3vcg-4xpx for uninitialized memory disclosure in ws.
  • ws is pulled in transitively by @nuxt/devtools; no source changes or overrides were needed.

Security

Verification

  • npm --prefix /workspace/independabot/docs ci
  • npm --prefix /workspace/independabot/docs audit --json confirmed ws is no longer reported and CVE-2026-45736 is absent.
  • npm --prefix /workspace/independabot/docs run typecheck
  • npm --prefix /workspace/independabot/docs run build

Conversation: https://staging.warp.dev/conversation/0c8f2993-34c5-4cb5-a823-4c8f08e5c513
Run: https://oz.staging.warp.dev/runs/019e7476-c5fe-7af5-a049-1972af960420
This PR was generated with Oz.

@oz-agent
fix: update ws to resolve CVE-2026-45736
f3d9115 
Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira dannyneira requested a review from hongyi-chen May 29, 2026 16:06
@cla-bot cla-bot Bot added the cla-signed label May 29, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 29, 2026 4:08pm

Request Review

@dannyneira dannyneira marked this pull request as ready for review May 29, 2026 17:39
@oz-for-oss
Copy link
Copy Markdown
Contributor

oz-for-oss Bot commented May 29, 2026
edited
Loading

@dannyneira

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

oz-for-oss[bot]
oz-for-oss Bot reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@oz-for-oss oz-for-oss Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overview

This PR updates the transitive ws lockfile entry from 8.20.0 to 8.20.1 to address CVE-2026-45736, with no source changes.

Concerns

  • No blocking concerns found in the annotated diff.
  • The attached spec context reports no approved or repository spec context for this PR.

Verdict

Found: 0 critical, 0 important, 0 suggestions

Approve

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oz-for-oss oz-for-oss[bot] oz-for-oss[bot] left review comments

@hongyi-chen hongyi-chen Awaiting requested review from hongyi-chen

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dannyneira @oz-agent