Skip to content

fix(vercel/sandbox): bump ws package to v8.21.0#228

Merged
marc-vercel merged 2 commits into
mainfrom
bump-ws-package
Jun 16, 2026
Merged

fix(vercel/sandbox): bump ws package to v8.21.0#228
marc-vercel merged 2 commits into
mainfrom
bump-ws-package

Conversation

@marc-vercel

@marc-vercel marc-vercel commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Bump ws from 8.13.3 to 8.21.0.

Addresses CVE-2026-48779

@vercel

vercel Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sandbox Ready Ready Preview, Comment, Open in v0 Jun 16, 2026 8:24am
sandbox-cli Ready Ready Preview, Comment Jun 16, 2026 8:24am
sandbox-sdk-ai-example Ready Ready Preview, Comment Jun 16, 2026 8:24am
workflow-code-runner Ready Ready Preview, Comment Jun 16, 2026 8:24am

Request Review

@socket-security

socket-security Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​ws@​8.21.09910010094100

View full report

@marc-vercel marc-vercel merged commit 13e36b3 into main Jun 16, 2026
12 checks passed
@marc-vercel marc-vercel deleted the bump-ws-package branch June 16, 2026 08:27
@github-actions github-actions Bot mentioned this pull request Jun 16, 2026
Merged
marc-vercel pushed a commit that referenced this pull request Jun 16, 2026
@github-actions
Version Packages (#229)
0fa84cf 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## sandbox@3.2.2

### Patch Changes

- Bump `ws` from `^8.18.3` to `^8.21.0` to address CVE-2026-48779, a
high-severity memory exhaustion DoS triggered by a high volume of tiny
fragments and data chunks.
([#228](#228))

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@QuiiBz QuiiBz QuiiBz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marc-vercel @QuiiBz