[security] Upgrades the version of the WS package

ojengwa commented 2 months ago

PR Checklist

Please check if your PR fulfills the following requirements:

[x] The commit message follows our guidelines: https://github.com/nestjs/nest/blob/master/CONTRIBUTING.md
[x] Tests for the changes have been added (for bug fixes / features)
[ ] Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

[x] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Build related changes
[ ] CI related changes
[ ] Other... Please describe:

What is the current behavior?

Issue Number: 3215

What is the new behavior? https://github.com/advisories/GHSA-3h5v-q93c-6h6q

Does this PR introduce a breaking change?

[ ] Yes
[x] No

Other information

sawilde commented 2 months ago

this package has a dependancy on subscriptions-transport-ws which in turn has a dependancy on ws 5,6,7 and so we are still exposed to the reported ws vulnerability

This package however is no longer maintained and it is recommended to switch to graphql-ws instead

kamilmysliwiec commented 2 months ago

https://github.com/nestjs/graphql/pull/3217

nestjs / graphql

[security] Upgrades the version of the WS package #3216