Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deps: bumps ws version which patches a security vulnerability #14186

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

Deps: bumps ws version which patches a security vulnerability #14186

wants to merge 1 commit into from

Conversation

pranshuchittora
Copy link

@pranshuchittora pranshuchittora commented Jun 25, 2024
edited by codiumai-pr-agent-pro bot
Loading

User description

Thanks for contributing to Selenium!
A PR well described will help maintainers to quickly review and merge it

Before submitting your PR, please check our contributing guidelines.
Avoid large PRs, help reviewers by making them as simple and short as possible.

Description

Related to facebook/react-native#45147
[INTERNAL] [SECURITY] - Fixes CVE-2024-37890
https://github.com/websockets/ws/releases/tag/8.17.1

Motivation and Context

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • I have read the contributing document.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

PR Type

dependencies

Description

  • Updated the ws dependency version from >=8.16.0 to >=8.17.1 in package.json to address security vulnerability CVE-2024-37890.
  • Updated the ws dependency version in package-lock.json to ensure consistency with package.json.

Changes walkthrough 📝

Relevant files
Dependencies
package.json
Bump `ws` dependency version to address security vulnerability

javascript/node/selenium-webdriver/package.json

  • Updated the ws dependency version from >=8.16.0 to >=8.17.1.
 +1/-1     
package-lock.json
Update `ws` version in lock file to match package.json     

package-lock.json

  • Updated the ws dependency version from >=8.16.0 to >=8.17.1.
 +1/-1     

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

@CLAassistant
Copy link

CLAassistant commented Jun 25, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@codiumai-pr-agent-pro codiumai-pr-agent-pro bot added dependencies Pull requests that update a dependency file Review effort [1-5]: 1 labels Jun 25, 2024
@codiumai-pr-agent-pro CodiumAI PR-Agent Pro
Copy link

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5] 1
🧪 Relevant tests No
🔒 Security concerns No
⚡ Key issues to review None

@codiumai-pr-agent-pro CodiumAI PR-Agent Pro
Copy link

PR Code Suggestions ✨

No code suggestions found for PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file Review effort [1-5]: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pranshuchittora @CLAassistant