Vulnerable dependency: ws via jsdom

google / blockly

The web-based visual programming editor.

https://developers.google.com/blockly/

Apache License 2.0

12.35k stars 3.69k forks source link

Vulnerable dependency: ws via jsdom #8244

Open lsim opened 1 month ago

lsim commented 1 month ago

Check for duplicates

[X] I have searched for similar issues before opening a new one.

Description

Please see following snyk report: https://security.snyk.io/vuln/SNYK-JS-WS-7266574

Looks like your jsdom is lagging behind a fair bit.

Reproduction steps

Stack trace

No response

Screenshots

CleanShot 2024-07-04 at 13 49 08

Browsers

No response

BeksOmega commented 1 month ago

Thanks for reporting this @lsim!

For team folks: It looks like we held v23 of jsdom until v11 of Blockly because it dropped node 16 support (relevant PR). Since v24 of jsdom doesn't do that, I think we can release a new version of Blockly with the updated jsdom whenever.