Update ws version #7885
Update ws version #7885
Conversation
| @@ -51,7 +51,7 @@ | |||
| "stacktrace-parser": "^0.1.3", | |||
| "use-subscription": "^1.0.0", | |||
| "whatwg-fetch": "^3.0.0", | |||
| "ws": "^6.1.4" | |||
| "ws": "^7.4.6" | |||
There was a problem hiding this comment.
Is this the way RN apps consume the native WS implementation, or is this a separate WS library?
There was a problem hiding this comment.
By looking at https://github.com/websockets/ws/tree/7.4.6, I can confirm this is a third-party JS-only library.
@dannyvv for my education, why is this library needed, if RNW already provides a native WS implementation?
There was a problem hiding this comment.
Most of the public developer tooling for RN is written in Javascript. Some of those will run a websocket server. I would look for usages of this in the "react-native" package.
It could be Android/iOS only, but we need to sync our packages with upstream dependencies because they can add or remove usages in their code.
|
The versions in "package.json" in "react-native-windows" and "@office-iss/react-native-win32" are synchronized by script to match "react-native", and will be overwritten on next integration. So we shouldn't change those versions, but can fix in upstream react-native (if needed by other rn consumers), or add a resolution. |
|
Following up, but Facebook SREs should be getting bugged to bump the package if it has a CVE attached. |
|
Confirmed FB has 30 day SLA to address the issue in their master branch, which they detected on Friday. |
|
taking in favor of Jon's update |
Microsoft Reviewers: Open in CodeFlow