chore(security): patch 3 Dependabot alerts

[PMerlet]

👋 First-level support: see Handling automated security PRs for how to triage and merge this PR.

Summary

3 fixed, 1 ignored, 4 deferred, 2 resolutions added, 4 resolutions removed. | label: 🔒 security applied

Fixed

Done	Alert	Package	Ecosystem	From → To	Severity	Change
- [x]	#364	ws	npm	8.17.1 → 8.21.0	medium	Bumped direct dep ws in packages/forest-cloud/package.json from ^8.16.0 → ^8.20.1
- [x]	#358	fast-uri	npm	2.3.0 → 3.1.2	high	Added scoped resolutions **/@fastify/ajv-compiler/fast-uri and **/fast-json-stringify/fast-uri → ^3.1.2
- [x]	#357	fast-uri	npm	2.3.0 → 3.1.2	high	Same resolutions as #358 (covers both ranges; 3.1.2 ≥ both 3.1.1 and 3.1.2 patches)

Ignored

Dismissed	Alert	Package	Reason
- [x]	#349	ip-address	Vulnerable code path unreachable. Hoisted ip-address@10.2.0 already exceeds the patched 10.1.1. The only remaining instance, ip-address@5.9.4, is pulled in solely by forest-ip-utils, which calls only Address6 + Address6.bigInteger() (verified by reading forest-ip-utils/dist/index.js). None of the vulnerable HTML-emitting methods (group(), link(), spanAll(), AddressError.parseMessage) are reached from our code (verified by grep -rE "Address6\\.(group\|link\|spanAll)\|parseMessage" packages/*/src packages/*/test). The advisory itself notes "zero consumers of group(), link(), or spanAll() across published npm packages."

Deferred (opened < 7 days ago — next run)

• #365 @tootallnate/once (6d)
• #366 uuid (6d)
• #367 qs (4d)
• #368 tmp (1d)

Resolutions added

Alert	Package + pin	Parent chain tried	Why bump wasn't viable	File	Form
#357, #358	fast-uri: ^3.1.2	@fastify/ajv-compiler@^2.x → fast-uri@^2.0.0; bumping @fastify/ajv-compiler to 3.x requires Fastify 4.x→5.x (breaking)	Patched @fastify/ajv-compiler releases still pin fast-uri@^2.x; only a major bump publishes a 3.x fast-uri	root package.json	scoped (**/@fastify/ajv-compiler/fast-uri)
#357, #358	fast-uri: ^3.1.2	fast-json-stringify@^5.x → fast-uri@^2.1.0 (transitively via fastify4's @fastify/fast-json-stringify-compiler)	Same — fast-json-stringify@5.x still depends on fast-uri@^2.1.0; 3.x of fast-uri lands only in fast-json-stringify@6.x (peer of Fastify 5)	root package.json	scoped (**/fast-json-stringify/fast-uri)

Resolutions removed

File	Pinned package + version	Reason
root package.json	**/socks/ip-address: ^10.1.1	Redundant — socks declares ip-address: ^10.0.1, which now naturally resolves to 10.2.0 (≥ 10.1.1). Verified by removing the entry and re-running yarn install; the resolved version was unchanged.
root package.json	**/ajv/fast-uri: ^3.1.2	Redundant — ajv declares fast-uri: ^3.0.1, which naturally resolves to 3.1.2. Verified by removing the entry and re-running yarn install.
root package.json	**/@langchain/langgraph-sdk/uuid: ^13.0.1	Redundant — @langchain/langgraph-sdk declares uuid: ^13.0.0, which naturally resolves to 13.0.2. Verified.
root package.json	**/@modelcontextprotocol/sdk/hono: ^4.12.18	Redundant — @modelcontextprotocol/sdk declares hono: ^4.11.4, which naturally resolves to 4.12.21. Verified.

Risks

• ws 8.17.1 → 8.21.0 (3 minor versions in the 8.x line): no API breakage between minors; the changelog covers bug fixes, perf tweaks, and the buffer-disclosure fix that is the point of this bump. forest-cloud uses ws only via apollo-link-ws + subscriptions-transport-ws for a single GraphQL subscription client — no behavior change beyond the patched vuln.
• fast-uri 2.3.0 → 3.1.2 (major bump, applied via Yarn resolution on transitive deps of Fastify's ajv-compiler and fast-json-stringify): API change is minimal (fast-uri exposes parse/serialize/equal and a couple of helpers; the 3.x line keeps the same surface but fixes percent-encoded authority and dot-segment parsing). Risk: if Fastify's compilers exercise edge cases that 3.x parses differently, we'd see it in route-validation tests. Our fastify/fastify2/fastify4 matrix is exercised by packages/agent integration tests.
• Removed resolutions: no version changes — each removal was verified to leave the resolved version identical.

Manual testing

Covered by CI.

Validation

✅ CI green

[qltysh]

Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.