From 1bded3574318ca5bc90826cdb751db3d0290c762 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sat, 20 Jun 2026 12:57:43 +0000
Subject: [PATCH] chore(deps): bump ws to ^8.21.0 via overrides
 (GHSA-96hv-2xvq-fx4p)

Add npm overrides to force ws >= 8.21.0, resolving the memory exhaustion
DoS vulnerability (CVE-2026-48779 / GHSA-96hv-2xvq-fx4p) in the transitive
dependency pulled in by jsdom@^24.1.3.

jsdom@24.1.3 declares ws@^8.18.0; no jsdom v24.x release has updated this
range to require ws >= 8.21.0, so an npm override is used as the appropriate
fallback.

Fixes Dependabot alert #277.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 package-lock.json | 13 +++++++------
 package.json      |  3 +++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 58fe65c9..64df0f0a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -28069,9 +28069,10 @@
       }
     },
     "node_modules/ws": {
-      "version": "8.18.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
-      "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+      "version": "8.21.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
+      "license": "MIT",
       "engines": {
         "node": ">=10.0.0"
       },
@@ -52847,9 +52848,9 @@
       }
     },
     "ws": {
-      "version": "8.18.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
-      "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw=="
+      "version": "8.21.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g=="
     },
     "xml-name-validator": {
       "version": "5.0.0",
diff --git a/package.json b/package.json
index 2edbe4b8..87468dd6 100644
--- a/package.json
+++ b/package.json
@@ -51,5 +51,8 @@
     "depcheck": "^1.4.7",
     "husky": "^9.1.7",
     "lerna": "^9.0.7"
+  },
+  "overrides": {
+    "ws": "^8.21.0"
   }
 }