Bump ws from 8.17.1 to 8.20.1 in /packages/vscode-graphql-execution (#4306)

Bumps [ws](https://github.com/websockets/ws) from 8.17.1 to 8.20.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/websockets/ws/releases">ws's
releases</a>.</em></p>
<blockquote>
<h2>8.20.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an uninitialized memory disclosure issue in
<code>websocket.close()</code>
(c0327ec1).</li>
</ul>
<p>Providing a <code>TypedArray</code> (e.g. <code>Float32Array</code>)
as the <code>reason</code> argument for
<code>websocket.close()</code>, rather than the supported string or
<code>Buffer</code> types, caused
uninitialized memory to be disclosed to the remote peer.</p>
<pre lang="js"><code>import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
<p>const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(<code>ws://localhost:${port}</code>, {
skipUTF8Validation: true
});</p>
<pre><code>ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});
</code></pre>
<p>}
);</p>
<p>wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});
</code></pre></p>
<p>The issue was privately reported by <a
href="https://github.com/ChALkeR">Nikita Skovoroda</a>.</p>
<h2>8.20.0</h2>
<h1>Features</h1>
<ul>
<li>Added exports for the <code>PerMessageDeflate</code> class and
utilities for the
<code>Sec-WebSocket-Extensions</code> and
<code>Sec-WebSocket-Protocol</code> headers (d3503c1f).</li>
</ul>
<h2>8.19.0</h2>
<h1>Features</h1>
<ul>
<li>Added the <code>closeTimeout</code> option (<a
href="https://redirect.github.com/websockets/ws/issues/2308">#2308</a>).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Handled a forthcoming breaking change in Node.js core
(19984854).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f"><code>5d9b316</code></a>
[dist] 8.20.1</li>
<li><a
href="https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"><code>c0327ec</code></a>
[security] Fix uninitialized memory disclosure in
<code>websocket.close()</code></li>
<li><a
href="https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867"><code>ce2a3d6</code></a>
[ci] Test on node 26</li>
<li><a
href="https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0"><code>58e45b8</code></a>
[ci] Do not test on node 25</li>
<li><a
href="https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f"><code>5f26c24</code></a>
[ci] Run the lint step on node 24</li>
<li><a
href="https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f"><code>8439255</code></a>
[dist] 8.20.0</li>
<li><a
href="https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67"><code>d3503c1</code></a>
[minor] Export the <code>PerMessageDeflate</code> class and header
utils</li>
<li><a
href="https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481"><code>3ee5349</code></a>
[api] Convert the <code>isServer</code> and <code>maxPayload</code>
parameters to options</li>
<li><a
href="https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4"><code>91707b4</code></a>
[doc] Add missing space</li>
<li><a
href="https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3"><code>8b55319</code></a>
[pkg] Update eslint to version 10.0.1</li>
<li>Additional commits viewable in <a
href="https://github.com/websockets/ws/compare/8.17.1...8.20.1">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Trevor Scheer <trevor.scheer@gmail.com>

Author: dependabot[bot]

.changeset/ws-security-update.md

@@ -0,0 +1,5 @@
+---
+'vscode-graphql-execution': patch
+---
+
+Bump `ws` to 8.20.1 to address [GHSA-58qx-3vcg-4xpx](https://github.com/advisories/GHSA-58qx-3vcg-4xpx) (uninitialized memory disclosure in `websocket.close()`).

packages/vscode-graphql-execution/package.json

@@ -113,6 +113,6 @@
     "nullthrows": "1.1.1",
     "svelte": "^4.2.19",
     "svelte2tsx": "^0.6.16",
-    "ws": "8.17.1"
+    "ws": "8.20.1"
   }
 }

yarn.lock

@@ -21657,7 +21657,7 @@ __metadata:
     ovsx: "npm:0.8.3"
     svelte: "npm:^4.2.19"
     svelte2tsx: "npm:^0.6.16"
-    ws: "npm:8.17.1"
+    ws: "npm:8.20.1"
   languageName: unknown
   linkType: soft
 
@@ -22684,9 +22684,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ws@npm:>=8.7.0, ws@npm:^8.18.0, ws@npm:^8.18.3, ws@npm:^8.20.0":
-  version: 8.20.0
-  resolution: "ws@npm:8.20.0"
+"ws@npm:8.20.1, ws@npm:>=8.7.0, ws@npm:^8.18.0, ws@npm:^8.18.3, ws@npm:^8.20.0":
+  version: 8.20.1
+  resolution: "ws@npm:8.20.1"
   peerDependencies:
     bufferutil: ^4.0.1
     utf-8-validate: ">=5.0.2"
@@ -22695,7 +22695,7 @@ __metadata:
       optional: true
     utf-8-validate:
       optional: true
-  checksum: 10c0/956ac5f11738c914089b65878b9223692ace77337ba55379ae68e1ecbeae9b47a0c6eb9403688f609999a58c80d83d99865fe0029b229d308b08c1ef93d4ea14
+  checksum: 10c0/ce162433218399cdedeb76fd33363d4d86a7d910058d4e3c679dce08cea65d6da6b39f11baa4d7808d024cf46ed88f6a05c17611621aaad8fc5e62edacc30c5d
   languageName: node
   linkType: hard