ws@8.20.1 — CVE-2026-45736 (uninit memory leak) closure
## Что это
PR #272: bump `ws` до 8.20.1, закрывает CVE-2026-45736 (uninitialized memory leak). Verify через npm audit + Renovate pin.
## Зачем
ws — transitive dep в большом количестве packages. CVE с memory leak — это потенциальный info-leak. Bump — copy-paste compliance, без него любой scan flag'ает ROX.
## Источники вдохновения
- [linear/linear-release](https://github.com/linear/linear-release) — security patching
- [blacklanternsecurity/bbot](https://github.com/blacklanternsecurity/bbot) — CVE scanning
## 🔗 Linear
- [PZD-308](https://linear.app/kuhjie/issue/PZD-308) — backing ticket
Please authenticate to join the conversation.
Upvoters
Status
In Review
Board
♾️
Bugs, Fixes, Improvements
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.
Upvoters
Status
In Review
Board
♾️
Bugs, Fixes, Improvements
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.