Need to update dependencies to fix critical vulnerabilities

[akasalinskiy]

Github Security Alert Digest notified me about vulnerabilities in the used libraries. Some of the vulnerabilities are related to the libraries used by vue-native-websocket.

This is a list of libraries that can be updated to fix the vulnerabilities (the version in which the vulnerability is fixed is indicated in brackets): Critical severity:

• lodash (4.17.5) CVE-2019-10744, CVE-2018-16487, CVE-2021-23337
• xmlhttprequest-ssl (1.6.2) CVE-2021-31597
• minimist (1.2.6) CVE-2021-44906
• set-value (2.0.1) CVE-2019-10747
• mixin-deep (1.3.2) CVE-2019-10746
• growl (1.10.0) CVE-2017-16042

High severity:

• async (2.6.4) CVE-2021-43138
• ansi-regex (4.1.1) CVE-2021-3807
• pathval (1.1.1) CVE-2020-7751
• shelljs (0.8.5) CVE-2022-0144
• follow-redirects (1.14.7) CVE-2022-0155
• trim-newlines (3.0.1) CVE-2021-33623
• glob-parent (5.1.2) CVE-2020-28469
• socket.io-parser (3.3.2) CVE-2020-36049
• acorn (5.7.4) GHSA-6chw-6frg-f759
• kind-of (6.0.3) CVE-2019-20149
• ws (1.1.5) GHSA-5v72-xg48-5rpm
• diff (3.5.0) GHSA-h6ch-v84p-w6p9
• js-yaml (3.13.1) GHSA-8j8c-7jfh-h6hx
• tar (4.4.2) CVE-2018-20834, CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712

Moderate severity:

• karma (6.3.14) CVE-2022-0437, CVE-2021-23495
• ajv (6.12.3) CVE-2020-15366
• log4js (6.4.0) CVE-2022-21704
• jsonpointer (5.0.0) CVE-2021-23807
• path-parse (1.0.7) CVE-2021-23343
• socket.io (2.4.0) CVE-2020-28481
• mem (4.0.0) GHSA-4xcv-9jjx-gfj3
• yargs-parser (13.1.2) CVE-2020-7608

Low severity:

• chownr (1.1.0) CVE-2017-18869
• braces (2.3.1) GHSA-g95f-p29q-9xw4
• debug (2.6.9) CVE-2017-16137

Please update the used libraries.

[weglov]

Hi thanks for the report, fixed in 2.1.0