fix: Remove CVE-2024-37890 vulnerability by updating the ws package #4683
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #4684
#minor
Description
This PR updates the version of the
ws
package from7.1.2
to7.5.10
to fix the CVE-2024-37890 vulnerability.Along the way, to address this
ws
package issue for thebrowser-functional/browser-echo
project, we have updated allwebpack
related packages to the latest supported node 16 version, fixing the following vulnerabilities.Specific Changes
ws
from7.1.2
to7.5.10
.webpack
,webpack-dev-server
andwebpack-cli
to latest version of each that support node 16.Testing
The following images show the
![image](https://private-user-images.githubusercontent.com/62260472/341175470-b3facb24-930e-4169-8193-3282ea02d2c8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzc3MjcsIm5iZiI6MTcyMTYzNzQyNywicGF0aCI6Ii82MjI2MDQ3Mi8zNDExNzU0NzAtYjNmYWNiMjQtOTMwZS00MTY5LTgxOTMtMzI4MmVhMDJkMmM4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIyVDA4MzcwN1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTMyYzM3MmMwM2QxMjBkMjg2NTljYjQ3ZTI0NDQ0ZjMzMDFjMzlkY2Q1NjU1YjdkMzUwZTdjNTI0NjM5MjcxZDUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.wCqK53Ifo2VRilm_wrBNd-1-yu19VWg5dnexCXAvkpQ)
![image](https://private-user-images.githubusercontent.com/62260472/341175486-e0e1fdf3-3b9b-4e37-9d70-8806a2d626c0.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzc3MjcsIm5iZiI6MTcyMTYzNzQyNywicGF0aCI6Ii82MjI2MDQ3Mi8zNDExNzU0ODYtZTBlMWZkZjMtM2I5Yi00ZTM3LTlkNzAtODgwNmEyZDYyNmMwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIyVDA4MzcwN1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE3OWZhMjFkZmFkOGExMTc2ZDg1ZDVmNTFhZjc0ZjczMjdlMzRiYjY1OTQ3N2MxYTAzNDY5M2NkYjczNjYxZTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.X-uT7MmmSj1Ky813YnHU1PeyTbDJ7wTjI2Yc6ZAana0)
![image](https://private-user-images.githubusercontent.com/62260472/341175524-defe5e00-609b-4555-98e7-5f74265068f9.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzc3MjcsIm5iZiI6MTcyMTYzNzQyNywicGF0aCI6Ii82MjI2MDQ3Mi8zNDExNzU1MjQtZGVmZTVlMDAtNjA5Yi00NTU1LTk4ZTctNWY3NDI2NTA2OGY5LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzIyVDA4MzcwN1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTU5YTFkMzM4NGYzMWYwODZlMzQ4M2NlYzk4NmFkMGRiYzcxMjNkMzg0OTMxMWFlNjkwZGYwOTgwYTUyMTQ0MmUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.vQgQaUcgFbX9JDXU15opU6gJhtWWdumTI0a3n6s5jYM)
ws
package updated version, the reduction of vulnerable packages, and the browser-functional/browser-echo working.