Commit 9fec7d7
Bump ws to 8.20.1 in yoga yarn.lock (CVE-2026-45736) (#1983)
Summary:
Pull Request resolved: #1983
Pull Request resolved: #1982
Remediates a medium-severity security vulnerability in the `ws` npm package reported for the `facebook/yoga` repository (GHSA-58qx-3vcg-4xpx / CVE-2026-45736), which affects `ws >= 8.0.0, < 8.20.1`.
Updates the `ws@^8.13.0, ws@^8.19.0` entry in `xplat/yoga/yarn.lock` from `8.19.0` to the fixed `8.20.1`, including the new `resolved` URL and `integrity` hash from the npm registry. Both existing semver ranges are satisfied by `8.20.1`, so no `package.json` change is needed. `ws` is a transitive dependency.
The separate `ws@^7.3.1` (7.5.10) entry is below 8.0.0 and is not affected, so it is left unchanged.
Reviewed By: javache
Differential Revision: D1086186381 parent 6847182 commit 9fec7d7
1 file changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11415 | 11415 | | |
11416 | 11416 | | |
11417 | 11417 | | |
11418 | | - | |
11419 | | - | |
11420 | | - | |
| 11418 | + | |
| 11419 | + | |
| 11420 | + | |
11421 | 11421 | | |
11422 | 11422 | | |
11423 | 11423 | | |
| |||
0 commit comments