Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node security advisory for ws@1.1.2 #3948

Closed
crimeminister opened this issue Nov 29, 2017 · 3 comments · Fixed by #3949
Closed

Node security advisory for ws@1.1.2 #3948

crimeminister opened this issue Nov 29, 2017 · 3 comments · Fixed by #3949
Labels
bug internals P1

Comments

@crimeminister
Copy link
Contributor

Running nsp check on a project that includes lighthouse@2.6.0 as a dependency results in this security advisory against ws@1.1.2. The recommended remediation is to "Upgrade to version 3.3.1 or greater".
@patrickhulce
Copy link
Collaborator

Thanks so much for reporting @crimeminister!

@patrickhulce patrickhulce self-assigned this Nov 29, 2017
@paulirish
Copy link
Member

@crimeminister do you want to give us a PR for this upgrade? a bump to package.json and yarn.lock should hopefully be all that's required.

@crimeminister
Copy link
Contributor Author

@paulirish Sure thing, PR incoming.

@crimeminister crimeminister mentioned this issue Nov 29, 2017
Merged
@patrickhulce patrickhulce removed their assignment Nov 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug internals P1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

deps: Bump ws to 3.3.2
3 participants
@crimeminister @paulirish @patrickhulce