Skip to content

Commit

Permalink
Bump ws package to 1.1.5 due to vulnerability issues (#21769)
Browse files Browse the repository at this point in the history 
Summary:
Update `ws` package from 1.1.0 to 1.1.5 due to vulnerability issues.

Here is `npm audit` report:
```

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 1.1.5 <2.0.0 || >=3.3.1                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
│               │ > react-devtools-core > ws                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
Pull Request resolved: #21769

Reviewed By: hramos

Differential Revision: D10379892

Pulled By: cpojer

fbshipit-source-id: 9d03f8231a90c5f55eb95ccac029aedd45a49a2d
  • Loading branch information
@prog1dev @grabbou
prog1dev authored and grabbou committed Dec 17, 2018
1 parent 370fde3 commit d8f28ce
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@
"serve-static": "^1.13.1",
"shell-quote": "1.6.1",
"stacktrace-parser": "^0.1.3",
"ws": "^1.1.0",
"ws": "^1.1.5",
"xcode": "^1.0.0",
"xmldoc": "^0.4.0",
"yargs": "^9.0.0"
Expand Down
2 changes: 1 addition & 1 deletion yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6577,7 +6577,7 @@ write@^0.2.1:
dependencies:
mkdirp "^0.5.1"

ws@^1.1.0, ws@^1.1.1:
ws@^1.1.0, ws@^1.1.1, ws@^1.1.5:
version "1.1.5"
resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.5.tgz#cbd9e6e75e09fc5d2c90015f21f0c40875e0dd51"
integrity sha512-o3KqipXNUdS7wpQzBHSe180lBGO60SoK0yVo3CYJgb2MkobuWuBX6dhkYP5ORCLd55y+SaflMOV5fqAB53ux4w==
Expand Down

0 comments on commit d8f28ce

Please sign in to comment.