security: vulnerability remediation

[kernel-internal]

Vulnerability Remediation

This PR was generated by the Socket-centric vulnerability remediation workflow. Review the planned dependency changes and confirmation evidence before merging.

Fixed

CVE/GHSA	Package	Ecosystem	Old Version	New Version	Manifest	Confirmation
GHSA-3644-q5cj-c5c7	%40browserbasehq/stagehand	None	3.0.6	3.5.0		confirmed

Not Included

• Deferred by batch limit: 127 advisories. They will be considered by future runs.
• Other deferred scanner findings: 12.
• Unconfirmed attempted fixes: 0.

Deferred details

CVE/GHSA	Package	Reason
Unavailable from detector	json-schema	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	float	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	entities	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	entities	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	basic-ftp	Missing CVE/GHSA identifier required for Socket fix planning.
Unavailable from detector	rimraf	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	hashes	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	cheerio	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	js-tiktoken	Non-CVE alert is not handled by dependency remediation.
Unavailable from detector	anthropic	Non-CVE alert is not handled by dependency remediation.
...	...	2 additional items omitted from PR body. See workflow artifacts for full details.

---

Note

Medium Risk
Minor version jump on a browser-automation dependency with large transitive churn and new Node engine requirements; app code is unchanged but deploy/runtime behavior could shift.

Overview
Bumps @browserbasehq/stagehand from 3.0.6 to 3.5.0 in the ts-stagehand template (package.json + regenerated pnpm-lock.yaml) to address GHSA-3644-q5cj-c5c7. No template source files were modified.

The lockfile refresh pulls in a newer Stagehand stack: updated Vercel AI SDK provider packages, MCP SDK / Hono, and @browserbasehq/sdk versions, adds optional Amazon Bedrock AI SDK support, and drops several former transitive trees (e.g. LangChain, bundled Playwright install, older Puppeteer-related packages). Stagehand 3.5.0 also declares stricter Node engines (^20.19.0 or >=22.12.0) and shifts browser driver peers toward optional playwright-core / patchright-core / puppeteer-core.

^{Reviewed by Cursor Bugbot for commit 13f2035. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​browserbasehq/​stagehand@​3.5.0

View full report

[firetiger-agent]

Created a monitoring plan for this PR.

What this PR does: Remediates GHSA-3644-q5cj-c5c7 in the Stagehand project template bundled with the Kernel CLI — users who scaffold new Stagehand projects after this release will get a clean, vulnerability-free dependency tree.

Intended effect:

• @browserbasehq/stagehand version in scaffolded template: baseline ^3.0.6; confirmed if new CLI release packages ^3.5.0 and pnpm install on a fresh scaffold resolves cleanly without peer-dep errors.
• CLI release pipeline: no production services are deployed from this repo; the gate is a successful CI run and npm publish of @onkernel/cli at the new version.

Risks:

• Template runtime breakage — stagehand 3.5.0 is 5 minor versions ahead of 3.0.6 and changes peer dependencies (adds playwright-core, drops deepmerge/dotenv); alert if the scaffolded index.ts throws on first run after release (manual smoke test: kernel new --template stagehand && pnpm install).
• API session regression — if stagehand 3.5.0 changes browser session lifecycle calls, watch POST /browsers 5xx rate; alert if it exceeds 0.2% for 2+ consecutive hours (baseline: 0.001–0.021%).
• CLI packaging miss — if the release tarball doesn't include the updated template, the vulnerability fix won't reach users; confirmed by checking the published npm package contents after release.

Status updates will be posted automatically on this PR as monitoring progresses.

View monitor

[ulziibay-kernel]

lgtm