Skip to content

Commit d350f37

Browse files
prog1devkelset
prog1dev
authored and
kelset
committed
Bump ws package to 1.1.5 due to vulnerability issues (facebook#21769)
Summary: Update `ws` package from 1.1.0 to 1.1.5 due to vulnerability issues. Here is `npm audit` report: ``` === npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ ws │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >= 1.1.5 <2.0.0 || >=3.3.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │ │ │ > react-devtools-core > ws │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/550 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ``` Pull Request resolved: facebook#21769 Reviewed By: hramos Differential Revision: D10379892 Pulled By: cpojer fbshipit-source-id: 9d03f8231a90c5f55eb95ccac029aedd45a49a2d
1 parent 8d1d47a commit d350f37

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,7 @@
196196
"serve-static": "^1.13.1",
197197
"shell-quote": "1.6.1",
198198
"stacktrace-parser": "^0.1.3",
199-
"ws": "^1.1.0",
199+
"ws": "^1.1.5",
200200
"xcode": "^1.0.0",
201201
"xmldoc": "^0.4.0",
202202
"yargs": "^9.0.0"

yarn.lock

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6453,7 +6453,7 @@ write@^0.2.1:
64536453
dependencies:
64546454
mkdirp "^0.5.1"
64556455

6456-
ws@^1.1.0, ws@^1.1.1:
6456+
ws@^1.1.0, ws@^1.1.1, ws@^1.1.5:
64576457
version "1.1.5"
64586458
resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.5.tgz#cbd9e6e75e09fc5d2c90015f21f0c40875e0dd51"
64596459
integrity sha512-o3KqipXNUdS7wpQzBHSe180lBGO60SoK0yVo3CYJgb2MkobuWuBX6dhkYP5ORCLd55y+SaflMOV5fqAB53ux4w==

0 commit comments

Comments
 (0)