Closed Cal-L closed 2 weeks ago
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/socket.io-client@4.7.5 | Transitive: filesystem, network, shell | +5 |
2.2 MB | darrachequesne |
npm/ws@6.2.3 | None | 0 |
0 B |
🚮 Removed packages: npm/socket.io-client@4.6.1, npm/ws@7.4.6
@Cal-L see also #10018
closed in favor of https://github.com/MetaMask/metamask-mobile/pull/10018
Description
PR to resolve
ws
advisory - https://github.com/advisories/GHSA-3h5v-q93c-6h6q In the change, we resolve thews
packages to use versions with backfilled fixes. https://github.com/advisories/GHSA-3h5v-q93c-6h6qRelated issues
Fixes:
Manual testing steps
Running
yarn audit:ci
should not showws
vulnerabilityScreenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist