Affected versions of the package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
There are 3 more less severe issues all related to engine.io-client as well so once you upgrade engine.io-client it should fix the other 3 issues as well
below info is taken from this report: https://snyk.io/test/npm/dubapi/1.6.8?severity=high&severity=medium&severity=low
There are 3 more less severe issues all related to engine.io-client as well so once you upgrade engine.io-client it should fix the other 3 issues as well