Bump ws package to 1.1.5 due to vulnerability issues

[prog1dev]

Update ws package from 1.1.0 to 1.1.5 due to vulnerability issues.

Here is npm audit report:

                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 1.1.5 <2.0.0 || >=3.3.1                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
│               │ > react-devtools-core > ws                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

[pull-bot]

	Warnings
⚠️	🔒 package.json - Changes were made to package.json. This will require a manual import by a Facebook employee.
⚠️	📋 Test Plan - This PR appears to be missing a Test Plan.
⚠️	📋 Release Notes - This PR appears to be missing Release Notes.

Generated by 🚫 dangerJS

[RSNara]

Wow! thanks for this PR. 😁

[facebook-github-bot]

RSNara is landing this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

[prog1dev]

@RSNara Just noticed that I forgot to update yarn.lock. Also tests are red and Im not sure why

[kelset]

@prog1dev don't worry about AppVeyor, it's currently broken for other reasons. Thanks for the PR btw :)

[facebook-github-bot]

I tried to merge this pull request into the Facebook internal repo but some checks failed. To unblock yourself please check the following: Does this pull request pass all open source tests on GitHub? If not please fix those. Does the code still apply cleanly on top of GitHub master? If not can please rebase. In all other cases this means some internal test failed, for example a part of a fb app won't work with this pull request. I've added the Import Failed label to this pull request so it is easy for someone at fb to find the pull request and check what failed. If you don't see anyone comment in a few days feel free to comment mentioning one of the core contributors to the project so they get a notification.

[prog1dev]

@RSNara I updated yarn.lock and squished commits. Could you check this Import Failed issue?

[hramos]

@prog1dev your PR is fine. Anything that touches package.json and yarn.lock needs to be imported by hand, however (as @pull-bot mentioned above). React Native is hosted internally at Facebook in a monorepo with other JavaScript projects, and in this case we'll need to do some additional work in order to upgrade the ws dependency across all surfaces. We'll merge this eventually.

[incarnateTheGreat]

@prog1dev your PR is fine. Anything that touches package.json and yarn.lock needs to be imported by hand, however (as @pull-bot mentioned above). React Native is hosted internally at Facebook in a monorepo with other JavaScript projects, and in this case we'll need to do some additional work in order to upgrade the ws dependency across all surfaces. We'll merge this eventually.

Thank you. Looking forward to this. Unless you can recommend a workaround for the time-being?

[facebook-github-bot]

@cpojer has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

[facebook-github-bot]

@cpojer has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

[cpojer]

Let me ship this. Sorry for making you wait and thank you for submitting a pull request to react native :)

[react-native-bot]

@prog1dev merged commit 96ce6f9 into facebook:master.