Skip to content

Commit fbad853

Browse files
committed
pm2@7.0.2
1 parent 2204a95 commit fbad853

2 files changed

Lines changed: 10 additions & 3 deletions

File tree

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,15 @@
1616

1717
### Core Refactor
1818

19+
- Drop old vizion module, refactor to support only git and drop 3 submodules
1920
- Replace the bundled `pm2-sysmonit` module and `systeminformation` with `lib/tools/SysMetrics.js` (Linux/macOS); `pm2 slist`/`getSystemData` and the Docker metrics path now read this collector. Covered by `test/programmatic/sysmetrics.mocha.js`
2021

22+
### Security
23+
24+
- Bump `js-yaml` 4.1.1 → 4.3.0 — fixes quadratic-complexity DoS in merge-key handling (GHSA-h67p-54hq-rp68) #6122
25+
- Bump `ws` 8.20.0 → 8.21.0 — fixes uninitialized-memory disclosure and tiny-fragment DoS (GHSA-58qx-3vcg-4xpx, GHSA-96hv-2xvq-fx4p) #6116
26+
- Bump `@pm2/js-api` 0.8.0 → 0.8.1, pulling in patched `ws@8.21.0` (its transitive `ws` was pinned to the vulnerable 7.x). Production deps are now advisory-free (`npm audit --omit=dev` clean)
27+
2128
## 7.0.1
2229

2330
### Bug Fixes

package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@
123123
},
124124
"dependencies": {
125125
"@pm2/blessed": "0.1.81",
126-
"@pm2/js-api": "0.8.0",
126+
"@pm2/js-api": "0.8.1",
127127
"@pm2/pm2-version-check": "1.0.4",
128128
"amp": "0.3.1",
129129
"amp-message": "0.1.2",
@@ -137,13 +137,13 @@
137137
"debug": "4.4.3",
138138
"eventemitter2": "6.4.9",
139139
"fast-json-patch": "3.1.1",
140-
"js-yaml": "4.1.1",
140+
"js-yaml": "4.3.0",
141141
"pidusage": "4.0.1",
142142
"pm2-deploy": "1.0.2",
143143
"proxy-agent": "6.5.0",
144144
"semver": "7.7.2",
145145
"tx2": "1.0.5",
146-
"ws": "8.20.0"
146+
"ws": "8.21.0"
147147
},
148148
"overrides": {
149149
"debug": "4.4.3"

0 commit comments

Comments
 (0)