fix: ws dependency vulnerability #1543

MarcAstr0 · 2024-07-25T19:59:17Z

Description

This PR fixes vulnerability CVE-2024-37890 found in the ws library which is listed as a dependency in several Booster packages.

what-the-diff · 2024-07-25T19:59:43Z

Added new update tracking file
A new file ws_version_bump_2024-07-25-19-50.json was added to the common/changes/@boostercloud/framework-core directory, which is used to keep track of the changes within the project.
Updated ws dependency version in multiple packages
The version of the ws dependency was upgraded from 8.12.0 to 8.17.1 across multiple package files. This update helps to ensure the use of the latest version of the library, with new updates, error fixes and potential performance improvements. The packages affected are as follows:
- packages/application-tester/package.json
- packages/framework-core/package.json
- packages/framework-integration-tests/package.json
- packages/framework-provider-local/package.json
- packages/framework-types/package.json

MarcAstr0 · 2024-07-25T20:01:48Z

/integration sha=290e67b190d0e40c8332131934fba4bfcf201e28

github-actions · 2024-07-25T20:02:09Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-07-25T20:50:00Z

✅ Integration tests have finished successfully!

Castro, Mario added 2 commits July 25, 2024 15:47

Bump ws version (fixes CVE-2024-37890)

59c570c

Add rush change file

290e67b

MarcAstr0 added the dependencies Pull requests that update a dependency file label Jul 25, 2024

NickSeagull approved these changes Jul 26, 2024

View reviewed changes

NickSeagull merged commit 229be3f into boostercloud:main Jul 26, 2024
6 checks passed