The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.
Note from the ws maintainers:
Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.
Bug Fixes
- clean up resources upon WebTransport handshake failure (f86b95f)