[Snyk] Security upgrade express-ws from 2.0.0 to 5.0.1 #27

snyk-bot · 2021-06-08T03:37:26Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-ws

The new version differs by 25 commits.

9eeefd0 Merge branch 'hartmutobendorf-master'
2810f22 updated dependencies
5af5fab updated dependencies
8efedd5 Merge pull request #102 from OmgImAlexis/master
685e64b remove babel for esm
11ef5f2 bump ws to ^6.0.0
e107c8d ignore lock files
11928f2 Release version 4.0.0
92e755b Use Snyk to check for vulnerabilities
52252f0 Update dependencies
0ae2ecb Merge pull request #92 from mdvanes/master
09c4c6c Fix https://github.com/Crash with fallback GET route HenningM/express-ws#64 by setting a string in the _header property of the response.
00c160d Merge pull request #74 from DiBuz/master
0f20335 Added supported ws@3.0.0
3d517cc Merge pull request #60 from joepie91/patch-1
074b52b Clarify that module loading order matters (fixes #49)
7afeb2f Release version 3.0.0
8527d88 Remove CHANGELOG.md
1ca8412 Update README.md
5e8f2b5 Minor cleanup
ca7e342 Update dependencies to latest versions
f5462c0 Merge pull request #55 from kraenhansen/fix/error-handling
86b2831 If an error is thrown while calling the WS middleware, let's next that
a07ba57 Merge pull request #42 from alvarocastro/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835

fix: package.json to reduce vulnerabilities

cc27dbb

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835

aahutsal merged commit f4dd156 into master Jul 29, 2021

aahutsal deleted the snyk-fix-48e1537fb44dd7237cf481a85443a52a branch July 29, 2021 08:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade express-ws from 2.0.0 to 5.0.1 #27

[Snyk] Security upgrade express-ws from 2.0.0 to 5.0.1 #27

snyk-bot commented Jun 8, 2021

[Snyk] Security upgrade express-ws from 2.0.0 to 5.0.1 #27

[Snyk] Security upgrade express-ws from 2.0.0 to 5.0.1 #27

Conversation

snyk-bot commented Jun 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: