conductor

conductor copied to clipboard

Reame
Issues

Upgrade ws package to 8.x (CVE-2024-37890)

Open nthmost-orkes opened this issue 1 month ago • 0 comments

Security Issue

The ws package version 7.5.8 has a Denial of Service vulnerability (CVE-2024-37890).

Current State

Current version: [email protected]
Target version: [email protected] (latest stable)
File: ui/package.json, ui/yarn.lock

Vulnerability Details

CVE-2024-37890 - DoS vulnerability when the number of received headers exceeds the server.maxHeadersCount threshold.

Fixed in [email protected] and backported to [email protected]. We should upgrade to the latest 8.x for long-term support.

Required Changes

Update ui/package.json to use [email protected]
Run yarn install to update yarn.lock
Test UI build and Cypress tests

Related

Part of #640 Closes #188

Nov 08 '25 00:11 nthmost-orkes