From d350f375e38ac016b8f3666224841c271b7106cf Mon Sep 17 00:00:00 2001
From: Ivan Filenko <ivan.filenko@protonmail.com>
Date: Mon, 3 Dec 2018 22:19:18 -0800
Subject: [PATCH] Bump ws package to 1.1.5 due to vulnerability issues (#21769)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Summary:
Update `ws` package from 1.1.0 to 1.1.5 due to vulnerability issues.

Here is `npm audit` report:
```

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 1.1.5 <2.0.0 || >=3.3.1                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ c635d8a886cde7688a0123f573cc5b1f0430780052ba848c8fa1dc8a4c3… │
│               │ > react-devtools-core > ws                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
Pull Request resolved: https://github.com/facebook/react-native/pull/21769

Reviewed By: hramos

Differential Revision: D10379892

Pulled By: cpojer

fbshipit-source-id: 9d03f8231a90c5f55eb95ccac029aedd45a49a2d
---
 package.json | 2 +-
 yarn.lock    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 842bc5ced5c14c..c7069960d6e89a 100644
--- a/package.json
+++ b/package.json
@@ -196,7 +196,7 @@
     "serve-static": "^1.13.1",
     "shell-quote": "1.6.1",
     "stacktrace-parser": "^0.1.3",
-    "ws": "^1.1.0",
+    "ws": "^1.1.5",
     "xcode": "^1.0.0",
     "xmldoc": "^0.4.0",
     "yargs": "^9.0.0"
diff --git a/yarn.lock b/yarn.lock
index 51e921e3060e88..2a0646cd95f06d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6453,7 +6453,7 @@ write@^0.2.1:
   dependencies:
     mkdirp "^0.5.1"
 
-ws@^1.1.0, ws@^1.1.1:
+ws@^1.1.0, ws@^1.1.1, ws@^1.1.5:
   version "1.1.5"
   resolved "https://registry.yarnpkg.com/ws/-/ws-1.1.5.tgz#cbd9e6e75e09fc5d2c90015f21f0c40875e0dd51"
   integrity sha512-o3KqipXNUdS7wpQzBHSe180lBGO60SoK0yVo3CYJgb2MkobuWuBX6dhkYP5ORCLd55y+SaflMOV5fqAB53ux4w==