security: vulnerability remediation

[kernel-internal]

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA	Package	Ecosystem	Old Version	New Version	Manifest	Confirmation
GHSA-58qx-3vcg-4xpx	ws	None	8.19.0	8.20.1		confirmed

Not Included

• Deferred by batch limit: 6 advisories. They will be considered by future runs.
• Other deferred scanner findings: 0.
• Unconfirmed attempted fixes: 0.

---

Note

Low Risk
Lockfile-only dependency bump in an e2e test package with no production runtime impact.

Overview
Bumps the direct ws dependency in server/e2e/bidi from 8.19.0 to 8.20.1 (package.json and package-lock.json) to address GHSA-58qx-3vcg-4xpx.

No application or test source changes—only the BiDi e2e package manifest and lockfile.

^{Reviewed by Cursor Bugbot for commit 28eddfc. Bugbot is set up for automated code reviews on this repo. Configure here.}

[firetiger-agent]

Firetiger deploy monitoring skipped

This PR didn't match the auto-monitor filter configured on your GitHub connection:

PRs in the kernel, infra, hypeman, and hypeship repos. kernel is a ~mono repo with many logical services underneath, ensure to focus on the implicated service for the PR

Reason: PR is a dependency vulnerability update with no clear indication of which service in the kernel monorepo is affected; author should manually opt in if this impacts a monitored service.

To monitor this PR anyway, reply with @firetiger monitor this.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​ws@​8.19.0 ⏵ 8.20.1		+2

View full report

[ulziibay-kernel]

lgtm