From 0cb1f024c7156ab732537aa80156e239c9750359 Mon Sep 17 00:00:00 2001
From: Sam Joffe <sam@gamma.app>
Date: Thu, 21 May 2026 00:30:03 -0700
Subject: [PATCH] fix: bump ws from 8.20.0 to 8.20.1 (CVE-2026-45736)

Bumps ws from 8.20.0 to 8.20.1 to fix an uninitialized memory
disclosure vulnerability in websocket.close() when a TypedArray
is passed as the reason argument.

See: https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx
Fixes: https://github.com/Unitech/pm2/issues/6116
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 651baa561..c87e6e132 100644
--- a/package.json
+++ b/package.json
@@ -196,7 +196,7 @@
     "semver": "7.7.2",
     "tx2": "1.0.5",
     "vizion": "2.2.1",
-    "ws": "8.20.0"
+    "ws": "8.20.1"
   },
   "overrides": {
     "debug": "4.4.3"