search

Azure / azure-iot-sdk-node

A Node.js SDK for connecting devices to Microsoft Azure IoT services
https://docs.microsoft.com/en-us/azure/iot-hub/
Other
261 stars 227 forks source link

WS dependency fails npm audit #979

Closed ddavis-hitachi closed 3 years ago

ddavis-hitachi commented 3 years ago

After running 'npm audit' in my project I get the following error:

=== npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ ws │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=7.4.6 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ azure-iothub │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ azure-iothub > azure-iot-amqp-base > ws │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1748 │ └───────────────┴──────────────────────────────────────────────────────────────┘

anthonyvercolano commented 3 years ago

Patch should be going out this coming Monday.

anthonyvercolano commented 3 years ago

@DaveDHitachi Might take an extra day or two. Unless your application is actually creating it's own service as well as being a device, you shouldn't be subject to this vulnerability.

anthonyvercolano commented 3 years ago

Released