search

quirrel-dev / quirrel

The Task Queueing Solution for Serverless.
https://quirrel.dev
MIT License
885 stars 67 forks source link

fix(deps): update dependency @fastify/websocket to v7.1.1 [security] - autoclosed #1143

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@fastify/websocket 7.1.0 -> 7.1.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-39386

Impact

Any application using @​fastify/websocket could crash if a specific, malformed packet is sent.

All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched.

Patches

This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3).

Workarounds

No known workaround is available. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

Credits

marcolanaro for finding and patching this vulnerability

For more information

If you have any questions or comments about this advisory:

Release Notes

fastify/fastify-websocket (@​fastify/websocket) ### [`v7.1.1`](https://togithub.com/fastify/fastify-websocket/releases/tag/v7.1.1) [Compare Source](https://togithub.com/fastify/fastify-websocket/compare/v7.1.0...v7.1.1) #### ⚠️ Security Release ⚠️ Fixes https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq. #### What's Changed - Update README.md by [@​hellower](https://togithub.com/hellower) in [https://github.com/fastify/fastify-websocket/pull/227](https://togithub.com/fastify/fastify-websocket/pull/227) - fix/ws-error-handler - Handle WebSocket errors to avoid Node.js crashes by [@​marcolanaro](https://togithub.com/marcolanaro) in [https://github.com/fastify/fastify-websocket/pull/228](https://togithub.com/fastify/fastify-websocket/pull/228) #### New Contributors - [@​hellower](https://togithub.com/hellower) made their first contribution in [https://github.com/fastify/fastify-websocket/pull/227](https://togithub.com/fastify/fastify-websocket/pull/227) - [@​marcolanaro](https://togithub.com/marcolanaro) made their first contribution in [https://github.com/fastify/fastify-websocket/pull/228](https://togithub.com/fastify/fastify-websocket/pull/228) **Full Changelog**: https://github.com/fastify/fastify-websocket/compare/v7.1.0...v7.1.1

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

netlify[bot] commented 1 year ago

Deploy Preview for quirrel-docs canceled.

Name Link
Latest commit 44c419e2dec619ae9847c5a79f5fc1e46f0761d3
Latest deploy log https://app.netlify.com/sites/quirrel-docs/deploys/64ac90726b3c27000808d783
netlify[bot] commented 1 year ago

Deploy Preview for quirrel-development-ui canceled.

Name Link
Latest commit 44c419e2dec619ae9847c5a79f5fc1e46f0761d3
Latest deploy log https://app.netlify.com/sites/quirrel-development-ui/deploys/64ac9072fc572e0008d62c44