A framework for building native applications using React
build: Bump ws to 6.2.2 due to ReDoS vulnerability (#34759)
Summary: A moderate vulnerability was found in all versions of `ws` below 7.4.6 June last year. React native current uses v6.1.4 which is susceptible to it, fortunately this security fix has been backported to v6.X.X and we don't need to upgrade any major versions/worry about breaking changes. This PR bumps `ws` to 6.2.2 ([CHANGELOG](https://github.com/websockets/ws/releases/tag/6.2.2)) due to this ReDoS vulnerability More information about this vulnerability can be found here -> https://github.com/advisories/GHSA-6fc8-4gx4-v693 Closes https://github.com/facebook/react-native/issues/31646 ## Changelog [Internal] [Security] - Bump ws to 6.2.2 due to ReDoS vulnerability Pull Request resolved: https://github.com/facebook/react-native/pull/34759 Test Plan: Ensure WebSocket tests are working as expected Tested HMR working on Twilight | iOS | Android | | https://pxl.cl/2g70M | https://pxl.cl/2g70V | Reviewed By: hramos, cortinico Differential Revision: D39722905 fbshipit-source-id: 12088ab5ea26d904675de484e2014949d6696465
G
Gabriel Donadel Dall'Agnol committed
fa22a6e2d738df294de713152fc4de0a6228133f
Parent: b24f60f
Committed by Facebook GitHub Bot <facebook-github-bot@users.noreply.github.com>
on 10/10/2022, 9:58:40 AM