ibmdotcom-utilities is using websocket version with with high security vulnerability

[AlessandroPomponio]

Issue

Last week GitHub released advisory GHSA-3h5v-q93c-6h6q for the websocket package ws.
The ibmdotcom-web-components package is using a ws version affected by this advisory, as one can see when running:

yarn why ws
yarn why v1.22.18
warning ../../../package.json: No license field
[1/4] 🤔  Why do we have the module "ws"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
   - "@carbon#ibmdotcom-web-components#@carbon#ibmdotcom-utilities#isomorphic-dompurify#jsdom" depends on it
   - Hoisted from "@carbon#ibmdotcom-web-components#@carbon#ibmdotcom-utilities#isomorphic-dompurify#jsdom#ws"
info Disk size without dependencies: "184KB"
info Disk size with unique dependencies: "184KB"
info Disk size with transitive dependencies: "184KB"
info Number of shared

This has been spotted in v1 of the web components. I am unsure (but I assume it does) affect v2 as well.

Done when

Tasks

Preview Give feedback

1. A new release for @carbon/ibmdotcom-web-components v1.X is available which uses ws with a version greater or equals to 8.17.1
2. A new release for @carbon/ibmdotcom-web-components v2.X is available which uses ws with a version greater or equals to 8.17.1