Regular Expression Denial of Service vulerability in "ws" package #31646
Description
Description
React Native is using version 6.1.4 of ws. A new moderate vulnerability has been found for versions below 7.4.6: https://www.npmjs.com/advisories/1748.
Please consider upgrading ws to 7.4.6.
React Native version:
System:
OS: macOS 11.4
CPU: (8) x64 Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz
Memory: 48.56 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 12.16.3 - /usr/local/bin/node
Yarn: 1.22.4 - /usr/local/bin/yarn
npm: 6.14.4 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Managers:
CocoaPods: 1.10.1 - /usr/local/bin/pod
SDKs:
iOS SDK:
Platforms: iOS 14.5, DriverKit 20.4, macOS 11.3, tvOS 14.5, watchOS 7.4
Android SDK: Not Found
IDEs:
Android Studio: 4.2 AI-202.7660.26.42.7322048
Xcode: 12.5/12E262 - /usr/bin/xcodebuild
Languages:
Java: 13.0.2 - /usr/bin/javac
npmPackages:
@react-native-community/cli: ~4.14.0 => 4.14.0
react: ~17.0.1 => 17.0.1
react-native: ~0.64.1 => 0.64.1
react-native-macos: Not Found
npmGlobalPackages:
*react-native*: Not Found
Steps To Reproduce
- install [email protected]
- run
npm audit - observe new vulnerability
Expected Results
No vulnerabilities found
Snack, code example, screenshot, or link to a repository:
