fix code scanning alert ws affected by a dos when handling a request …

…with many http headers (#25159) * Pin socket ws for ui * Website ws pinned
hashicorp · Feb 20, 2025 · 98ef844 · 98ef844
1 parent b0e5632
commit 98ef844
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 137 deletions.
diff --git a/ui/package.json b/ui/package.json
@@ -185,6 +185,7 @@
     "prop-types": "^15.8.1",
     "**/express/**/path-to-regexp": "0.1.10",
     "**/nise/**/path-to-regexp": "1.9.0",
-    "cross-spawn": "7.0.5"
+    "cross-spawn": "7.0.5",
+    "**/socket.io/**/ws": "^8.18.0"
   }
 }
diff --git a/ui/yarn.lock b/ui/yarn.lock
@@ -13493,10 +13493,10 @@ ws@^8.0.0:
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
   integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
-ws@~8.11.0:
-  version "8.11.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.11.0.tgz#6a0d36b8edfd9f96d8b25683db2f8d7de6e8e143"
-  integrity sha512-HPG3wQd9sNQoT9xHyNCXoDUa+Xw/VevmY9FoHyQ+g+rrMn4j6FB4np7Z0OhdTgjx6MgQLK7jwSy1YecU1+4Asg==
+ws@^8.18.0, ws@~8.11.0:
+  version "8.18.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
+  integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
 
 xdg-basedir@^4.0.0:
   version "4.0.0"

diff --git a/website/package-lock.json b/website/package-lock.json
diff --git a/website/package.json b/website/package.json
@@ -13,7 +13,11 @@
     "dart-linkcheck": "^2.0.15",
     "husky": "^9.0.7",
     "next": "14.0.4",
-    "prettier": "^3.2.4"
+    "prettier": "^3.4.1"
+  },
+  "overrides": {
+    "eslint-plugin-prettier": "5.0.0",
+    "ws": "^7.5.10"
   },
   "scripts": {
     "build": "./scripts/website-build.sh",