[chore]: bump ws dep

[seanmcguire12]

why

• bumps ws & a few other deps to versions with various security patches

what changed

• bumps direct ws dep from ^8.18.0 to ^8.21.0
• bumps turbo from ^2.8.10 to ^2.9.15
• adds monorepo-wide overrides for qs & ws which are transitive deps brought in by mintlify & braintrust
  • overrides were required here since a direct bump of braintrust & mintlify did not resolve to upgraded qs & ws versions

---

Summary by cubic

Upgrade ws to patched versions across the repo and add overrides for transitive ws and qs to address security fixes. Also bump turbo to the latest minor.

• Dependencies
  • packages/cli and packages/core: ws ^8.18.0 -> ^8.21.0
  • Root overrides: ws ^8.20.1, qs ^6.15.2 (to override transitive deps from mintlify and braintrust)
  • turbo ^2.8.10 -> ^2.9.15

^{Written for commit e8f6ff1. Summary will update on new commits. Review in cubic}

[changeset-bot]

⚠️ No Changeset found

Latest commit: e8f6ff1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cubic-dev-ai]

No issues found across 4 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

Architecture diagram

sequenceDiagram
    participant Root as Monorepo Root
    participant Turbo as Turbo Build System
    participant CLI as CLI Package
    participant Core as Core Package
    participant Mintlify as Mintlify Dep (transitive)
    participant Braintrust as Braintrust Dep (transitive)

    Note over Root,Braintrust: Dependency Resolution Flow

    Root->>Root: Define overrides (ws@^8.20.1, qs@^6.15.2)
    Root->>Turbo: turbo run (build/test/lint)
    Turbo->>CLI: Resolve dependency tree
    Turbo->>Core: Resolve dependency tree

    alt Package has direct ws dependency
        CLI->>CLI: ws@^8.21.0 (direct dep)
        Core->>Core: ws@^8.21.0 (direct dep)
    else Transitive ws from external packages
        CLI->>Mintlify: uses ws (transitive)
        Mintlify->>Root: override applied
        Root-->>Mintlify: ws@^8.20.1 (resolved via override)
        
        Core->>Braintrust: uses ws (transitive)
        Braintrust->>Root: override applied
        Root-->>Braintrust: ws@^8.20.1 (resolved via override)
    end

    Note over CLI,Core: Runtime ws Usage

    CLI->>Core: WebSocket connection (uses ws)
    Core->>Core: ws.send() / ws.on('message')
    
    alt Secure ws connection established
        CLI-->>Core: WebSocket handshake (upgraded ws version)
        Core-->>CLI: Data frames (patched security)
    else Connection error (unlikely due to backwards-compatible bump)
        CLI->>CLI: Retry / fallback logic
    end

    Note over Mintlify,Braintrust: qs override (similar pattern)
    Mintlify->>Root: queries qs (transitive)
    Root-->>Mintlify: qs@^6.15.2 (overridden version)
    Braintrust->>Root: queries qs (transitive)
    Root-->>Braintrust: qs@^6.15.2 (overridden version)

Loading

_{Re-trigger cubic}