From bf9e1638e767e73c3c1ee89e0a6d7f14078cfc30 Mon Sep 17 00:00:00 2001 From: Vesa Laakso Date: Thu, 9 Nov 2017 10:31:54 +0200 Subject: [PATCH] Bump ws dependency to ^3.3.1 to fix DoS vulnerability --- package.json | 2 +- yarn.lock | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 1e5b7778..1ad295ed 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "lodash": "^4.17.4", "mkdirp": "^0.5.1", "opener": "^1.4.3", - "ws": "^2.3.1" + "ws": "^3.3.1" }, "devDependencies": { "babel-core": "6.24.1", diff --git a/yarn.lock b/yarn.lock index 62442b46..c978d5a3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -182,6 +182,10 @@ async-each@^1.0.0: version "1.0.1" resolved "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz#19d386a1d9edc6e7c1c85d388aedbcc56d33602d" +async-limiter@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.0.tgz#78faed8c3d074ab81f22b4e985d79e8738f720f8" + async@^1.5.2: version "1.5.2" resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" @@ -4367,10 +4371,14 @@ rx-lite@^3.1.2: version "3.1.2" resolved "https://registry.npmjs.org/rx-lite/-/rx-lite-3.1.2.tgz#19ce502ca572665f3b647b10939f97fd1615f102" -safe-buffer@^5.0.1, safe-buffer@~5.0.1: +safe-buffer@^5.0.1: version "5.0.1" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.0.1.tgz#d263ca54696cd8a306b5ca6551e92de57918fbe7" +safe-buffer@~5.1.0: + version "5.1.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" + samsam@1.x, samsam@^1.1.3: version "1.2.1" resolved "https://registry.npmjs.org/samsam/-/samsam-1.2.1.tgz#edd39093a3184370cb859243b2bdf255e7d8ea67" @@ -5252,11 +5260,12 @@ write@^0.2.1: dependencies: mkdirp "^0.5.1" -ws@^2.3.1: - version "2.3.1" - resolved "https://registry.npmjs.org/ws/-/ws-2.3.1.tgz#6b94b3e447cb6a363f785eaf94af6359e8e81c80" +ws@^3.3.1: + version "3.3.1" + resolved "https://registry.yarnpkg.com/ws/-/ws-3.3.1.tgz#d97e34dee06a1190c61ac1e95f43cb60b78cf939" dependencies: - safe-buffer "~5.0.1" + async-limiter "~1.0.0" + safe-buffer "~5.1.0" ultron "~1.1.0" "xtend@>=4.0.0 <4.1.0-0", xtend@^4.0.0, xtend@~4.0.1: