Closed renovate[bot] closed 3 years ago
:exclamation: No coverage uploaded for pull request base (
master@0cda3c4
). Click here to learn what that means. The diff coverage isn/a
.
@@ Coverage Diff @@
## master #267 +/- ##
=========================================
Coverage ? 48.27%
=========================================
Files ? 1
Lines ? 29
Branches ? 5
=========================================
Hits ? 14
Misses ? 11
Partials ? 4
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 0cda3c4...1dcdd66. Read the comment docs.
This PR contains the following updates:
7.4.5
->7.4.6
GitHub Vulnerability Alerts
CVE-2021-32640
Impact
A specially crafted value of the
Sec-Websocket-Protocol
header can be used to significantly slow down a ws server.Proof of concept
Patches
The vulnerability was fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff).
Workarounds
In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the
--max-http-header-size=size
and/or themaxHeaderSize
options.Credits
The vulnerability was responsibly disclosed along with a fix in private by Robert McLaughlin from University of California, Santa Barbara.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Enabled.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.