wordpress-playground icon indicating copy to clipboard operation
wordpress-playground copied to clipboard
verified publisher icon WordPress

php-wasm/node : 2 high severity vulnerabilities

Open mho22 opened this issue 1 year ago • 0 comments

When installing @php-wasm/node version 0.9.4 from NPM :

⚡ npm install @php-wasm/node

added 89 packages in 4s

14 packages are looking for funding
  run `npm fund` for details
⚡ npm audit
# npm audit report

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @php-wasm/[email protected], which is a breaking change
node_modules/ws
  @php-wasm/node  >=0.1.18
  Depends on vulnerable versions of ws
  node_modules/@php-wasm/node

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

ws dependency seems to be vulnerable at version "ws": "8.13.0" as it is indicated in @php-wasm/node/package.json

Maybe should we add ws package with version 8.18.0 in root /package.json ?

mho22 avatar Jul 07 '24 14:07 mho22