Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Remove CVE-2024-37890 vulnerability by updating the ws package #4683

Merged
merged 1 commit into from
Jun 19, 2024
Merged

fix: Remove CVE-2024-37890 vulnerability by updating the ws package #4683

merged 1 commit into from
Jun 19, 2024

Conversation

sw-joelmut
Copy link
Collaborator

@sw-joelmut sw-joelmut commented Jun 19, 2024
edited
Loading

Addresses #4684
#minor

Description

This PR updates the version of the ws package from 7.1.2 to 7.5.10 to fix the CVE-2024-37890 vulnerability.
Along the way, to address this ws package issue for the browser-functional/browser-echo project, we have updated all webpack related packages to the latest supported node 16 version, fixing the following vulnerabilities.

Specific Changes

  • Updated ws from 7.1.2 to 7.5.10.
  • Updated webpack, webpack-dev-server and webpack-cli to latest version of each that support node 16.
  • Updated webpack plugins to latest versions.
  • Updated webpack config based on the new version.

Testing

The following images show the ws package updated version, the reduction of vulnerable packages, and the browser-functional/browser-echo working.
image
image
image

@sw-joelmut sw-joelmut requested a review from a team as a code owner June 19, 2024 20:09
@coveralls
Copy link

coveralls commented Jun 19, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9587628438

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.4%) to 84.075%
Totals Coverage Status
Change from base Build 9568802742: -0.4%
Covered Lines: 20343
Relevant Lines: 22900
💛 - Coveralls

@coveralls
Copy link

coveralls commented Jun 19, 2024
edited
Loading

Pull Request Test Coverage Report for Build 9587628438

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 84.431%
Totals Coverage Status
Change from base Build 9568802742: 0.0%
Covered Lines: 20425
Relevant Lines: 22900
💛 - Coveralls

@tracyboehrer tracyboehrer merged commit 7868ad5 into main Jun 19, 2024
13 checks passed
@tracyboehrer tracyboehrer deleted the southworks/update/ws branch June 19, 2024 20:29
This was referenced Jul 18, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tracyboehrer tracyboehrer tracyboehrer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sw-joelmut @coveralls @tracyboehrer