fix code scanning alert ws affected by a dos when handling a request …

…with many http headers (#25159) * Pin socket ws for ui * Website ws pinned
hashicorp · Feb 20, 2025 · 6a091b4 · 6a091b4
1 parent 8bce0b0
commit 6a091b4
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 139 deletions.
diff --git a/ui/package.json b/ui/package.json
@@ -184,6 +184,7 @@
     "prop-types": "^15.8.1",
     "**/express/**/path-to-regexp": "0.1.10",
     "**/nise/**/path-to-regexp": "1.9.0",
-    "cross-spawn": "7.0.5"
+    "cross-spawn": "7.0.5",
+    "**/socket.io/**/ws": "^8.18.0"
   }
 }
diff --git a/ui/yarn.lock b/ui/yarn.lock
@@ -14518,16 +14518,11 @@ ws@^7.4.6:
   resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
   integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 
-ws@^8.17.1:
+ws@^8.17.1, ws@^8.18.0, ws@~8.11.0:
   version "8.18.0"
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
   integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
 
-ws@~8.11.0:
-  version "8.11.0"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.11.0.tgz#6a0d36b8edfd9f96d8b25683db2f8d7de6e8e143"
-  integrity sha512-HPG3wQd9sNQoT9xHyNCXoDUa+Xw/VevmY9FoHyQ+g+rrMn4j6FB4np7Z0OhdTgjx6MgQLK7jwSy1YecU1+4Asg==
-
 xdg-basedir@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-4.0.0.tgz#4bc8d9984403696225ef83a1573cbbcb4e79db13"

diff --git a/website/package-lock.json b/website/package-lock.json
diff --git a/website/package.json b/website/package.json
@@ -16,7 +16,8 @@
     "prettier": "^3.4.1"
   },
   "overrides": {
-    "eslint-plugin-prettier": "5.0.0"
+    "eslint-plugin-prettier": "5.0.0",
+    "ws": "^7.5.10"
   },
   "scripts": {
     "build": "./scripts/website-build.sh",