A vulnerability was detected in the ws package.

apollographql / subscriptions-transport-ws

:arrows_clockwise: A WebSocket client + server for GraphQL subscriptions

https://www.npmjs.com/package/subscriptions-transport-ws

MIT License

1.52k stars 342 forks source link

A vulnerability was detected in the ws package. #878

Closed PabloJomer closed 3 years ago

PabloJomer commented 3 years ago

Upgrade ws to version 6.2.2 or later.

https://snyk.io/vuln/SNYK-JS-WS-1296835

https://github.com/apollographql/subscriptions-transport-ws/blob/ffc6b674fd3c3ebcc8b66025b3b272afc4133887/package.json#L16

RishikeshDarandale commented 3 years ago

There are breaking changes in v6.0.0. If they are not a breaking change here, then IMO this can be updated to v6.2.2!

glasser commented 3 years ago

You can now upgrade to ws@5.2.3 which has the security fix with no major version changes. Alternatively, you can upgrade to subscriptions-transport-ws@0.9.19 which allows you to use ws 6 or 7.