Merge pull request #1082 from drik98/update-vulnerable-dependency

benedekh · web-flow · commit 03e00dfe7b1d · 2024-09-24T11:26:46.000+02:00
build(deps): fix version of ws to mitigate CVE-2024-37890
diff --git a/kotlin-js-store/yarn.lock b/kotlin-js-store/yarn.lock
@@ -974,6 +974,11 @@ ws@8.5.0:
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.5.0.tgz#bfb4be96600757fe5382de12c670dab984a1ed4f"
   integrity sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==
 
+ws@^8.17.1:
+  version "8.18.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
+  integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
+
 ws@^8.9.0:
   version "8.12.1"
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.12.1.tgz#c51e583d79140b5e42e39be48c934131942d4a8f"
diff --git a/model-client/build.gradle.kts b/model-client/build.gradle.kts
@@ -75,6 +75,9 @@ kotlin {
                 implementation(npm("uuid", "^8.3.0"))
                 implementation(npm("js-sha256", "^0.9.0"))
                 implementation(npm("js-base64", "^3.4.5"))
+
+                // Version fixed because of CVE-2024-37890
+                implementation(npm("ws", "^8.17.1"))
             }
         }
     }
