Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump ws to 8.17.1 #12605

Merged
merged 1 commit into from
Jun 18, 2024
Merged

fix(deps): bump ws to 8.17.1 #12605

merged 1 commit into from
Jun 18, 2024

Conversation

OrKoN
Copy link
Collaborator

@OrKoN OrKoN commented Jun 18, 2024
edited
Loading

See https://github.com/websockets/ws/releases/tag/8.17.1

(we do not use the ws server though but useful to bump to avoid automated warnings)

@OrKoN OrKoN changed the title build(deps): bump ws to 8.13.0 build(deps): bump ws to 8.17.1 Jun 18, 2024
@OrKoN OrKoN requested a review from Lightning00Blade June 18, 2024 06:20
@OrKoN OrKoN enabled auto-merge (squash) June 18, 2024 06:54
hamirmahal
hamirmahal reviewed Jun 18, 2024
View reviewed changes
Copy link

@hamirmahal hamirmahal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice; I came here because npm audit is failing in a few of my repositories.

npm audit report

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @lhci/cli@0.10.0, which is a breaking change
node_modules/puppeteer-core/node_modules/ws
  puppeteer-core  >=11.0.0
  Depends on vulnerable versions of ws
  node_modules/puppeteer-core
    lighthouse  >=9.6.1
    Depends on vulnerable versions of puppeteer-core
    node_modules/lighthouse
      @lhci/cli  <=0.1.1-alpha.5 || >=0.11.0
      Depends on vulnerable versions of @lhci/utils
      Depends on vulnerable versions of lighthouse
      node_modules/@lhci/cli
      @lhci/utils  >=0.11.0
      Depends on vulnerable versions of lighthouse
      node_modules/@lhci/utils

5 high severity vulnerabilities

@OrKoN OrKoN changed the title build(deps): bump ws to 8.17.1 fix(deps): bump ws to 8.17.1 Jun 18, 2024
@OrKoN OrKoN disabled auto-merge June 18, 2024 07:53
@OrKoN OrKoN enabled auto-merge (squash) June 18, 2024 07:53
@OrKoN OrKoN merged commit 49bcb25 into main Jun 18, 2024
37 checks passed
@OrKoN OrKoN deleted the orkon/bump-ws branch June 18, 2024 08:17
@release-please release-please bot mentioned this pull request Jun 18, 2024
Merged
@Skyler-Wu
Copy link

Hi guys, could I ask when do you ready to release a new version

@yuekui yuekui mentioned this pull request Jun 18, 2024
Merged
@torokati44 torokati44 mentioned this pull request Jun 20, 2024
Merged
@release-please release-please bot mentioned this pull request Sep 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hamirmahal hamirmahal hamirmahal left review comments

@Lightning00Blade Lightning00Blade Lightning00Blade approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@OrKoN @Skyler-Wu @Lightning00Blade @hamirmahal