search

webpack / webpack-dev-server

Serves a webpack app. Updates the browser on changes. Documentation https://webpack.js.org/configuration/dev-server/.
MIT License
7.79k stars 1.43k forks source link

Upgrade ws package to address CVE #5216

Closed brahmdev closed 2 months ago

brahmdev commented 3 months ago

Bug report

CVE-2024-37890 - Upgrade ws to 8.17.1 - it is already addressed in ws. Upgrading that should fix this.

Actual Behavior

Expected Behavior

How Do We Reproduce?

Please paste the results of npx webpack-cli info here, and mention other relevant information

brahmdev commented 3 months ago

This seems to be fixed in https://github.com/webpack/webpack-dev-server/pull/5201 but not released yet.

margamraviteja commented 3 months ago

This seems to be fixed in #5201 but not released yet.

I’m also looking for the release with this fix

abnersajr commented 2 months ago

@alexander-akait any ETA when this could be released?

alexander-akait commented 2 months ago

We use ^ https://github.com/webpack/webpack-dev-server/blob/master/package.json#L77, so you can do it on your side, no need to make a release

brahmdev commented 2 months ago

make sense, Thank you for getting back. I will close this one now.