New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update `ws` to fix CVE-2024-37890 #1889

Merged

sjinks merged 1 commit into trunk from fix/ws

Jun 20, 2024

Member

sjinks commented Jun 20, 2024

Description

Update ws and engine.io-client to fix high severity CVE-2024-37890

Ref: GHSA-3h5v-q93c-6h6q

Pull request checklist

Update SETUP.md with any new environmental variables.
Update the documentation.
Manually test the relevant changes.
Follow the pull request checklist
Add/update automated tests as needed.

New release checklist

Automated tests pass.
The Preparing for release checklist is completed.

Steps to Test

N/A


          chore(deps): update ws to fix CVE-2024-37890

97c381c

sjinks self-assigned this

Contributor

github-actions bot commented Jun 20, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files

sonarqubecloud bot commented Jun 20, 2024

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sjinks merged commit 4d1c461 into trunk

16 checks passed

sjinks deleted the fix/ws branch

June 20, 2024 02:40

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet