Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerable dependency: ws via jsdom #8244

Closed
1 task done
lsim opened this issue Jul 4, 2024 · 2 comments
Closed
1 task done

Vulnerable dependency: ws via jsdom #8244

lsim opened this issue Jul 4, 2024 · 2 comments
Labels
issue: bug Describes why the code or behaviour is wrong

Comments

@lsim
Copy link

lsim commented Jul 4, 2024

Check for duplicates

  • I have searched for similar issues before opening a new one.

Description

Please see following snyk report: https://security.snyk.io/vuln/SNYK-JS-WS-7266574

Looks like your jsdom is lagging behind a fair bit.

Reproduction steps

Stack trace

No response

Screenshots

CleanShot 2024-07-04 at 13 49 08

Browsers

No response
@lsim lsim added issue: bug Describes why the code or behaviour is wrong issue: triage Issues awaiting triage by a Blockly team member labels Jul 4, 2024
@BeksOmega
Copy link
Collaborator

Thanks for reporting this @lsim!

For team folks: It looks like we held v23 of jsdom until v11 of Blockly because it dropped node 16 support (relevant PR). Since v24 of jsdom doesn't do that, I think we can release a new version of Blockly with the updated jsdom whenever.

@rachel-fenichel rachel-fenichel removed the issue: triage Issues awaiting triage by a Blockly team member label Jul 12, 2024
@johnnesky johnnesky mentioned this issue Jul 19, 2024
Closed
@gonfunko gonfunko mentioned this issue Nov 4, 2024
Closed
1 task
@gonfunko
Copy link
Contributor

gonfunko commented Jan 6, 2025

jsdom and ws have both been updated in Blockly 11.2. ws is now at 8.18.0, which is out of the vulnerable range. Thanks for flagging!

@gonfunko gonfunko closed this as completed Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: bug Describes why the code or behaviour is wrong
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gonfunko @lsim @rachel-fenichel @BeksOmega