[tor-commits] [snowflake-webext/main] Bump ws package to satisfy npm audit

arlo at torproject.org arlo at torproject.org
Thu Jul 15 18:55:36 UTC 2021 

commit ca66dbc13b5f074d2c73979c06a6cd625a2d0320
Author: Arlo Breault <arlolra at gmail.com>
Date:   Thu Jul 15 14:52:39 2021 -0400

    Bump ws package to satisfy npm audit
    
    From https://github.com/advisories/GHSA-6fc8-4gx4-v693
    
    Only affects ws servers, which aren't used here so a release isn't
    necessary.
    
    The breaking changes between major versions 3 - 5 seem fine.
---
 package-lock.json | 15 ++++-----------
 package.json      |  2 +-
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cea574b..a53f6c2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1503,11 +1503,6 @@
       "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==",
       "dev": true
     },
-    "ultron": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz",
-      "integrity": "sha512-UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og=="
-    },
     "unicoderegexp": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/unicoderegexp/-/unicoderegexp-0.4.1.tgz",
@@ -1587,13 +1582,11 @@
       }
     },
     "ws": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz",
-      "integrity": "sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==",
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-5.2.3.tgz",
+      "integrity": "sha512-jZArVERrMsKUatIdnLzqvcfydI85dvd/Fp1u/VOpfdDWQ4c9qWXe+VIeAbQ5FrDwciAkr+lzofXLz3Kuf26AOA==",
       "requires": {
-        "async-limiter": "~1.0.0",
-        "safe-buffer": "~5.1.0",
-        "ultron": "~1.1.0"
+        "async-limiter": "~1.0.0"
       }
     },
     "xmldom": {
diff --git a/package.json b/package.json
index ff59a7d..0a2ede4 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
   },
   "dependencies": {
     "wrtc": "^0.4.4",
-    "ws": "^3.3.1",
+    "ws": "^5.2.3",
     "xmlhttprequest": "^1.8.0"
   }
 }

More information about the tor-commits mailing list