twilio-client.js icon indicating copy to clipboard operation
twilio-client.js copied to clipboard
verified publisher icon twilio

[Security Vulnerability] Upgrade ws dependency

Open adibsaad opened this issue 1 year ago • 1 comments

https://github.com/advisories/GHSA-3h5v-q93c-6h6q

Can we upgrade ws to 7.5.10?

Thanks

adibsaad avatar Jul 30 '24 19:07 adibsaad

@adibsaad this version of Voice JS SDK will EOL soon and we strongly recommend to upgrade to 2.x. On the security vulnerability you mentioned for the ws package, it is only applicable if the package is used as a WebSocket server, which the Voice SDK doesn't do.

charliesantos avatar Jul 31 '24 16:07 charliesantos