Backport of fix code scanning alert ws affected by a dos when handlin…

…g a request with many http headers into release/1.8.x (#25166) * no-op commit due to failed cherry-picking * fix code scanning alert ws affected by a dos when handling a request with many http headers (#25159) * Pin socket ws for ui * Website ws pinned --------- Co-authored-by: temp <[email protected]> Co-authored-by: Phil Renaud <[email protected]>
hashicorp · Feb 20, 2025 · 177aaf2 · 177aaf2
1 parent 9f6a2f6
commit 177aaf2
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 136 deletions.
diff --git a/ui/package.json b/ui/package.json
@@ -185,6 +185,7 @@
     "prop-types": "^15.8.1",
     "**/express/**/path-to-regexp": "0.1.10",
     "**/nise/**/path-to-regexp": "1.9.0",
-    "cross-spawn": "7.0.5"
+    "cross-spawn": "7.0.5",
+    "**/socket.io/**/ws": "^8.18.0"
   }
 }
diff --git a/ui/yarn.lock b/ui/yarn.lock
@@ -13493,10 +13493,10 @@ ws@^8.0.0:
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
   integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
-ws@~8.11.0:
-  version "8.11.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.11.0.tgz#6a0d36b8edfd9f96d8b25683db2f8d7de6e8e143"
-  integrity sha512-HPG3wQd9sNQoT9xHyNCXoDUa+Xw/VevmY9FoHyQ+g+rrMn4j6FB4np7Z0OhdTgjx6MgQLK7jwSy1YecU1+4Asg==
+ws@^8.18.0, ws@~8.11.0:
+  version "8.18.0"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
+  integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
 
 xdg-basedir@^4.0.0:
   version "4.0.0"

diff --git a/website/package-lock.json b/website/package-lock.json
diff --git a/website/package.json b/website/package.json
@@ -15,6 +15,10 @@
     "next": "14.0.4",
     "prettier": "^3.2.4"
   },
+  "overrides": {
+    "eslint-plugin-prettier": "5.0.0",
+    "ws": "^7.5.10"
+  },
   "scripts": {
     "build": "./scripts/website-build.sh",
     "format": "next-hashicorp format",