Pin "secure" version of ws
Summary: This is causing our OSS requirements to fail because the dependency resolution causes ws 1.x to be pulled in, which has a security vuln. Not in any exploitable code paths for us, ruining a perfectly good otherwise green checkmark. Reviewed By: jknoxville Differential Revision: D18807775 fbshipit-source-id: e2391d957183ba25ec8ad02854c4e821ec8dc3aa
This commit is contained in:
Pascal Hartig
committed by
Facebook Github Bot
Facebook Github Bot
parent
c16625c278
commit
199e7e3268
@@ -21,12 +21,12 @@
|
||||
"mkdirp": "^0.5.1",
|
||||
"p-map": "^3.0.0",
|
||||
"recursive-readdir": "2.2.2",
|
||||
"ws": "7.2.0",
|
||||
"xdg-basedir": "^4.0.0",
|
||||
"yargs": "^15.0.1"
|
||||
},
|
||||
"devDependencies": {},
|
||||
"resolutions": {
|
||||
"metro/temp": "0.9.0"
|
||||
"metro/temp": "0.9.0",
|
||||
"ws": "7.2.0"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2999,11 +2999,6 @@ once@^1.3.0, once@^1.3.1, once@^1.4.0:
|
||||
dependencies:
|
||||
wrappy "1"
|
||||
|
||||
options@>=0.0.5:
|
||||
version "0.0.6"
|
||||
resolved "https://registry.yarnpkg.com/options/-/options-0.0.6.tgz#ec22d312806bb53e731773e7cdaefcf1c643128f"
|
||||
integrity sha1-7CLTEoBrtT5zF3Pnza788cZDEo8=
|
||||
|
||||
os-homedir@^1.0.0:
|
||||
version "1.0.2"
|
||||
resolved "https://registry.yarnpkg.com/os-homedir/-/os-homedir-1.0.2.tgz#ffbc4988336e0e833de0c168c7ef152121aa7fb3"
|
||||
@@ -3836,11 +3831,6 @@ uglify-es@^3.1.9:
|
||||
commander "~2.13.0"
|
||||
source-map "~0.6.1"
|
||||
|
||||
ultron@1.0.x:
|
||||
version "1.0.2"
|
||||
resolved "https://registry.yarnpkg.com/ultron/-/ultron-1.0.2.tgz#ace116ab557cd197386a4e88f4685378c8b2e4fa"
|
||||
integrity sha1-rOEWq1V80Zc4ak6I9GhTeMiy5Po=
|
||||
|
||||
unicode-canonical-property-names-ecmascript@^1.0.4:
|
||||
version "1.0.4"
|
||||
resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-1.0.4.tgz#2619800c4c825800efdd8343af7dd9933cbe2818"
|
||||
@@ -3987,21 +3977,13 @@ write-file-atomic@^1.2.0:
|
||||
imurmurhash "^0.1.4"
|
||||
slide "^1.1.5"
|
||||
|
||||
ws@7.2.0:
|
||||
ws@7.2.0, ws@^1.1.5:
|
||||
version "7.2.0"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-7.2.0.tgz#422eda8c02a4b5dba7744ba66eebbd84bcef0ec7"
|
||||
integrity sha512-+SqNqFbwTm/0DC18KYzIsMTnEWpLwJsiasW/O17la4iDRRIO9uaHbvKiAS3AHgTiuuWerK/brj4O6MYZkei9xg==
|
||||
dependencies:
|
||||
async-limiter "^1.0.0"
|
||||
|
||||
ws@^1.1.5:
|
||||
version "1.1.5"
|
||||
resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.5.tgz#cbd9e6e75e09fc5d2c90015f21f0c40875e0dd51"
|
||||
integrity sha512-o3KqipXNUdS7wpQzBHSe180lBGO60SoK0yVo3CYJgb2MkobuWuBX6dhkYP5ORCLd55y+SaflMOV5fqAB53ux4w==
|
||||
dependencies:
|
||||
options ">=0.0.5"
|
||||
ultron "1.0.x"
|
||||
|
||||
xdg-basedir@^4.0.0:
|
||||
version "4.0.0"
|
||||
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"
|
||||
|
||||
Reference in New Issue
Block a user