Security Vulnerability: CVE-2024-37890- Security Level: HIGH

[essjayhch]

Reported Security Vulnerability with dependency package "ws"
https://www.mend.io/vulnerability-database/CVE-2024-37890

This impacts numerous downstream packages that source this package for websocket behaviours.

A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6)

[lynoure]

This makes me wonder whether this repo is still alive. Thanks @essjayhch for making setting an override so easy for the rest of us.