Upgrade ws package to ^8.18.0

[ansmonjol]

Hey, I use webpack-bundle-analyzer at Lago.

We receive a high security dependabot alert about ws affected by a DoS when handling a request with many HTTP headers which is related to this security note GHSA-3h5v-q93c-6h6q

I wanted to upgrade the ws version of this package and fix the 8.0.0 breaking changes listed here (or at least pass to 7.5.10 which is also a patched version)

But once I fork, clone and run the project locally, installing the dependencies npm i locally makes a HUGE change in the package lock file that you can see here.
I'm a bit afraid having to continue on top of that and I don't think such PR would be approved, just because of this enormous change.
Is there something I missed to avoid such changes?

I'm using npm v10.2.4 locally

[valscion]

There is a 7.x version which is fixed.

No need for us to do anything here. See #636 (comment)

[ansmonjol]

You used ^ version of it so it was containing the fix indeed.

Had to remove and add this package again to have the fix, as it seems the be the only way to update deep dependency with yarn today

Sorry for the noise!