Dependency update: ws (due to ReDOS)
thernstig opened this issue · comments
Or maybe no update is needed, since https://github.com/socketio/engine.io-client/blob/master/package.json shows "ws": "~7.4.2"
?
Or maybe no update is needed, since https://github.com/socketio/engine.io-client/blob/master/package.json shows
"ws": "~7.4.2"
?
There is already a dependabot PR related to this here: #666
Thanks @Jakesterwars, closing.
Or maybe no update is needed, since https://github.com/socketio/engine.io-client/blob/master/package.json shows "ws": "~7.4.2"?
@thernstig yes, running npm audit fix
(or npm update --depth 9999 ws
) should fix the issue, since we use the ~
operator.
@Jakesterwars please note that the PR only applies to the package-lock.json
file of the project, which is not published.