codecov[bot]
commented
3 years ago Codecov Report
Merging #446 (6f306ee) into master (994465d) will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #446 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 8 8
Lines 342 342
Branches 35 51 +16
=========================================
Hits 342 342 | Flag | Coverage Δ | |
|---|---|---|
| unittests | 100.00% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 994465d...6f306ee. Read the comment docs.
This PR contains the following updates:
7.4.2->7.4.6GitHub Vulnerability Alerts
CVE-2021-32640
Impact
A specially crafted value of the
Sec-Websocket-Protocolheader can be used to significantly slow down a ws server.Proof of concept
Patches
The vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).
Workarounds
In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the
--max-http-header-size=sizeand/or themaxHeaderSizeoptions.Credits
The vulnerability was responsibly disclosed along with a fix in private by Robert McLaughlin from University of California, Santa Barbara.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.