Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Added resolutions in package.json file to resolve CVE-2024-378… (
#2125) …90 CG Issue #### Details WS (Web Socket)'s latest version is vulnerable and unmaintained. Our repo don't use it directly but it uses as dependency from other packages like **puppeteer-core**. So the fix is available in latest WS version, which we added now in our package json under resolutions. WS repo issue link: websockets/ws#2230 WS version 8.18.0 Release notes - https://github.com/websockets/ws/releases/tag/8.18.0 ##### Motivation This change will fix [CVE-2024-37890](https://dev.azure.com/mseng/1ES/_componentGovernance/1010/alert/203269?typeId=286939&pipelinesTrackingFilter=0) ##### Context <!-- Are there any parts that you've intentionally left out-of-scope for a later PR to handle? --> <!-- Were there any alternative approaches you considered? What tradeoffs did you consider? --> #### Pull request checklist <!-- If a checklist item is not applicable to this change, write "n/a" in the checkbox --> - [x] Addresses an existing issue: [CVE-2024-37890](https://dev.azure.com/mseng/1ES/_componentGovernance/1010/alert/203269?typeId=286939&pipelinesTrackingFilter=0) - [ NA] Added relevant unit test for your changes. (`yarn test`) - [ NA] Verified code coverage for the changes made. Check coverage report at: `<rootDir>/test-results/unit/coverage` - [x] Ran precheckin (`yarn precheckin`)
- Loading branch information