Closed renovate[bot] closed 1 year ago
netlify[bot]
commented
1 year ago | Name | Link |
|---|---|
| Latest commit | 2974b472d8f3ca2b6ac5a9601ded17ffaaba2565 |
| Latest deploy log | https://app.netlify.com/sites/quirrel-docs/deploys/642aea9258b8530008845f71 |
netlify[bot]
commented
1 year ago | Name | Link |
|---|---|
| Latest commit | 2974b472d8f3ca2b6ac5a9601ded17ffaaba2565 |
| Latest deploy log | https://app.netlify.com/sites/quirrel-development-ui/deploys/642aea92c3a1a900071b74af |
coveralls
commented
1 year ago Coverage: 82.464%. Remained the same when pulling 2974b472d8f3ca2b6ac5a9601ded17ffaaba2565 on renovate/npm-@fastify/websocket-vulnerability into 9344abf9f3c5235736d9802a43ade2fbb0230b6a on main.
This PR contains the following updates:
7.1.0->7.1.1GitHub Vulnerability Alerts
CVE-2022-39386
Impact
Any application using @fastify/websocket could crash if a specific, malformed packet is sent.
All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched.
Patches
This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3).
Workarounds
No known workaround is available. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.
Credits
marcolanaro for finding and patching this vulnerability
For more information
If you have any questions or comments about this advisory:
Release Notes
fastify/fastify-websocket
### [`v7.1.1`](https://togithub.com/fastify/fastify-websocket/releases/tag/v7.1.1) [Compare Source](https://togithub.com/fastify/fastify-websocket/compare/v7.1.0...v7.1.1) #### ⚠️ Security Release ⚠️ Fixes https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq. #### What's Changed - Update README.md by [@hellower](https://togithub.com/hellower) in [https://github.com/fastify/fastify-websocket/pull/227](https://togithub.com/fastify/fastify-websocket/pull/227) - fix/ws-error-handler - Handle WebSocket errors to avoid Node.js crashes by [@marcolanaro](https://togithub.com/marcolanaro) in [https://github.com/fastify/fastify-websocket/pull/228](https://togithub.com/fastify/fastify-websocket/pull/228) #### New Contributors - [@hellower](https://togithub.com/hellower) made their first contribution in [https://github.com/fastify/fastify-websocket/pull/227](https://togithub.com/fastify/fastify-websocket/pull/227) - [@marcolanaro](https://togithub.com/marcolanaro) made their first contribution in [https://github.com/fastify/fastify-websocket/pull/228](https://togithub.com/fastify/fastify-websocket/pull/228) **Full Changelog**: https://github.com/fastify/fastify-websocket/compare/v7.1.0...v7.1.1Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.