Issue #5049 didn't fix ws for socket.io-adapter

[miszczu-drako]

npm audit --audit-level=high --package-lock-only --omit=dev --omit=optional

npm audit report
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - GHSA-3h5v-q93c-6h6q
fix available via npm audit fix --force
Will install socket.io@4.5.4, which is a breaking change
node_modules/socket.io-adapter/node_modules/ws
socket.io-adapter >=2.5.2
Depends on vulnerable versions of ws
node_modules/socket.io-adapter
socket.io >=4.6.0-alpha1
Depends on vulnerable versions of socket.io-adapter
node_modules/socket.io

3 high severity vulnerabilities

[sordu]

npm update socket.io-adapter
and
npm update engine.io

bumps ws in both and resolves the CVE on my local machine

[darrachequesne]

This should be fixed by socketio/socket.io-adapter@93fe190, included in socket.io-adapter@2.5.5.

@miszczu-drako could you please check?

[miszczu-drako]

yes, no more vulnerabilities found. Thanks a lot for a quick response!