Closed curtis-h closed 3 weeks ago
# npm audit report
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install rxdb@12.7.16, which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/rxdb/node_modules/ws
node_modules/ws
engine.io-client 0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3
Depends on vulnerable versions of ws
node_modules/engine.io-client
rxdb >=13.0.0-beta.1
Depends on vulnerable versions of ws
node_modules/rxdb
3 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install rxdb@12.7.16, which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/rxdb/node_modules/ws
node_modules/ws
engine.io-client 0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3
Depends on vulnerable versions of ws
node_modules/engine.io-client
rxdb >=13.0.0-beta.1
Depends on vulnerable versions of ws
node_modules/rxdb
3 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Description:
Fixing Message properties to align with spec.
Making the Message.body a json obj allows us to remove JSON.parse from all it's consumers.
Improved type safety around Protocol class body parsing.
Checklist: