fix: bump ws to 8.20.1 to resolve advisory

[lawrence-forooghian]

Summary

• Bumps ws from 8.17.1 to 8.20.1 (lockfile only) to resolve GHSA-58qx-3vcg-4xpx (uninitialised memory disclosure, ws 8.0.0 - 8.20.0).
• This was failing the npm audit --production step in the lint CI job on main.
• No package.json change needed — the existing ^8.17.1 range already permits 8.20.1.

Supersedes #2224 (closed due to branch rename).

Test plan

• npm audit --production runs clean locally
• Lint CI job passes

---

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a109f1e2-e4ac-47fc-a4e0-d1f54241c378

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-05-20-fix-npm-audit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}