Updated the package es5-ext from 0.10.50 to 0.10.63 #455

Tringapps-Dharshan · 2024-03-07T10:51:14Z

Veracode platform identifies a high-level vulnerability in the dependency package es5-ext (Dependency of WebSocket).
I encountered this issue while using WebSocket version 1.0.33, which relies on es5-ext version 0.10.62.
According to the npm WebSocket documentation, the latest version available is 1.0.34, released on April 14, 2021.
Upon installing the latest WebSocket version, 1.0.34, I discovered it still depends on es5-ext version 0.10.62.
To address this, I've updated es5-ext to version 0.10.63.
I kindly request the team to merge this PR to resolve the vulnerability issue.

lox · 2024-05-12T03:54:29Z

Bump!

theturtle32 · 2024-05-12T09:16:24Z

Thanks for the bump! I had missed this before. Merged. Will try to do a release in the morning. 2:15am here :)

theturtle32 · 2024-05-12T17:49:27Z

Published v1.0.35 with this fix. Thanks! Resolves #453

Updated the package es5-ext from 0.10.50 to 0.10.63

1920416

Tringapps-Dharshan mentioned this pull request Mar 7, 2024

Request to Upgrade es5-ext Dependency to Resolve Veracode Vulnerability #453

Closed

theturtle32 merged commit d87afb7 into theturtle32:master May 12, 2024

Provide feedback