You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Morning! This is the week of the medium and high severity vulns I guess!!!
This is happening in all RXDB versions.
# npm audit report
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/rxdb/node_modules/ws
node_modules/ws
engine.io-client 0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3
Depends on vulnerable versions of ws
node_modules/engine.io-client
rxdb >=13.0.0-beta.1
Depends on vulnerable versions of ws
node_modules/rxdb
3 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
This got mitigated on our side by forcing 8.17.1 which has the fix for this in place, I can work on a PR later to get this approved in Main branch but is there a way to make an additional upgrade for <15?
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed soon. Please update it or it may be closed to keep our repository organized. The best way is to add some more information or make a pull request with a test case. Also you might get help in fixing it at the RxDB Community Chat If you know you will continue working on this, just write any message to the issue (like "ping") to remove the stale tag.
Morning! This is the week of the medium and high severity vulns I guess!!!
This is happening in all RXDB versions.
This got mitigated on our side by forcing 8.17.1 which has the fix for this in place, I can work on a PR later to get this approved in Main branch but is there a way to make an additional upgrade for <15?
The text was updated successfully, but these errors were encountered: