recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Aphlict: Bump NodeJS package ws from 7.5.0 to 7.5.10

Summary:
Avoid "1 high severity vulnerability" warnings after following https://we.phorge.it/book/phorge/article/notifications/#installing-node-and-modules.

Official NPM security advisor:

> ws affected by a DoS when handling a request with many HTTP headers
>
> https://github.com/advisories/GHSA-3h5v-q93c-6h6q

Closes T16037

Test Plan: Run Aphlict, still see real time notifications.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T16037

Differential Revision: https://we.phorge.it/D25967

Andre Klapper de2b5363 c5100239

+30 -7
+29 -6
support/aphlict/server/package-lock.json
··· 1 1 { 2 2 "name": "aphlict-server", 3 + "lockfileVersion": 3, 3 4 "requires": true, 4 - "lockfileVersion": 1, 5 - "dependencies": { 6 - "ws": { 7 - "version": "7.5.0", 8 - "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.0.tgz", 9 - "integrity": "sha512-6ezXvzOZupqKj4jUqbQ9tXuJNo+BR2gU8fFRk3XCP3e0G6WT414u5ELe6Y0vtp7kmSJ3F7YWObSNr1ESsgi4vw==" 5 + "packages": { 6 + "": { 7 + "name": "aphlict-server", 8 + "license": "Apache-2.0", 9 + "dependencies": { 10 + "ws": "^7.5.10" 11 + } 12 + }, 13 + "node_modules/ws": { 14 + "version": "7.5.10", 15 + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", 16 + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", 17 + "license": "MIT", 18 + "engines": { 19 + "node": ">=8.3.0" 20 + }, 21 + "peerDependencies": { 22 + "bufferutil": "^4.0.1", 23 + "utf-8-validate": "^5.0.2" 24 + }, 25 + "peerDependenciesMeta": { 26 + "bufferutil": { 27 + "optional": true 28 + }, 29 + "utf-8-validate": { 30 + "optional": true 31 + } 32 + } 10 33 } 11 34 } 12 35 }
+1 -1
support/aphlict/server/package.json
··· 7 7 }, 8 8 "license": "Apache-2.0", 9 9 "dependencies": { 10 - "ws": "^7.5.0" 10 + "ws": "^7.5.10" 11 11 } 12 12 }