Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade ws package #20222

Closed
wants to merge 1 commit into from
Closed

Upgrade ws package #20222

wants to merge 1 commit into from

Conversation

singingwolfboy
Copy link

Security fix for https://nodesecurity.io/advisories/550 (rating: HIGH)

The ws project uses GitHub releases for a ChangeLog.

Test Plan:

I haven't tested this change yet -- I'm not familiar with how the ws package works, and I expect there are some backwards-incompatible changes between version 1 and version 5. I wanted to make this pull request anyway, in the hopes that someone more familiar with this package would be able to review it and suggest changes for the codebase.

Release Notes:

[INTERNAL] [BUGFIX] [package.json] - Upgrade the ws package, to close a security vulnerability

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Jul 16, 2018
@pull-bot
Copy link

Warnings
⚠️

🔒 package.json - Changes were made to package.json. This will require a manual import by a Facebook employee.

Generated by 🚫 dangerJS

@charpeni
Copy link
Contributor

Thank you for bringing this up!

Be safe, ws shouldn't impact any application since it's only used by the integration tests, RNTester, and the local-cli.

@facebook-github-bot
Copy link
Contributor

@singingwolfboy I tried to find reviewers for this pull request and wanted to ping them to take another look. However, based on the blame information for the files in this pull request I couldn't find any reviewers. This sometimes happens when the files in the pull request are new or don't exist on master anymore. Is this pull request still relevant? If yes could you please rebase? In case you know who has context on this code feel free to mention them in a comment (one person is fine). Thanks for reading and hope you will continue contributing to the project.

facebook-github-bot
facebook-github-bot reviewed Sep 11, 2018
View reviewed changes
Copy link
Contributor

@facebook-github-bot facebook-github-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hramos has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

@hramos
Copy link
Contributor

hramos commented Sep 20, 2018

This has been a surprisingly difficult pull request to land. The ws package can be upgraded in React Native, fairly safely; that is a non-issue. As it happens, React Native is one of several JavaScript projects that share some common JavaScript infrastructure, and upgrades to packages like these need to be synced across all these projects. After doing so, several internal tests have started failing.

Considering this is not exactly blocking React Native, I lean towards closing this PR. Once ws is updated internally, RN will benefit from the upgrade.

@hramos hramos closed this Sep 20, 2018
@digitalIntrospection digitalIntrospection mentioned this pull request Jul 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@facebook-github-bot facebook-github-bot facebook-github-bot left review comments

@vikaskyadav vikaskyadav vikaskyadav approved these changes

@hramos hramos Awaiting requested review from hramos

Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@singingwolfboy @pull-bot @charpeni @facebook-github-bot @hramos @vikaskyadav @react-native-bot