Fix npm audit findings in TypeScript SDK packages

[ihsraham]

Summary

• Update TypeScript SDK and example package viem ranges so they resolve ws@8.20.1.
• Pin direct ws usage in sdk/ts and app_sessions to the patched 8.20.1 release.
• Add an npm override in sdk/ts so the dev-only ethers dependency dedupes to ws@8.20.1 instead of keeping a vulnerable nested copy.
• Refresh sdk/ts/package-lock.json dev-tool transitive dependencies so brace-expansion resolves to 5.0.6 and diff resolves to 4.0.4.

Validation

• cd sdk/ts && npm audit --package-lock-only --json reports 0 vulnerabilities
• Package-lock audits for sdk/ts, sdk/ts/examples/app_sessions, and sdk/ts/examples/example-app all report 0 vulnerabilities
• cd sdk/ts && npm run typecheck
• cd sdk/ts && npm test (12 suites, 180 tests)

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0ada68e2-0c83-4673-821b-8a69222013ca

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/fix-ws-cve-2026-45736

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}