security: vulnerability remediation

[kernel-internal]

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA	Package	Ecosystem	Old Version	New Version	Manifest	Confirmation
GHSA-96hv-2xvq-fx4p	ws	None	8.20.1	8.21.0		confirmed

Not Included

• Deferred by batch limit: 6 advisories. They will be considered by future runs.
• Other deferred scanner findings: 2.
• Unconfirmed attempted fixes: 0.

Deferred details

CVE/GHSA	Package	Reason
Unavailable from detector	google.golang.org/grpc	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	puppeteer-core	Non-CVE alert is not handled by dependency remediation.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​ws@​8.20.1 ⏵ 8.21.0	+1	+16

View full report

[firetiger-agent]

Created a monitoring plan for this PR.

What this PR does: Patches a security vulnerability (GHSA-96hv-2xvq-fx4p) in the ws WebSocket library used only by the BiDi end-to-end test harness (server/e2e/bidi/). No production code or deployed images are changed.

Intended effect: This is a CI-only dependency bump with no production deployment. There are no production telemetry signals to measure — confirmation is a passing CI run for the server/e2e/bidi test suite after merge.

Risks:

• e2e test regression — CI server/e2e/bidi suite, alert if tests fail to pass on the merged commit (ws 8.21.0 introduces an API incompatibility with the BiDi test scripts)

View monitor