High-severity security alert in dependency: ws

[soryy708]

The dependency ws is vulnerable in versions >= 0.2.6, < 3.3.1.
Patched version: 3.3.1.

Affected version of ws are vulnerable to: "a specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash."

Fixing commit: websockets/ws@c4fe466

How to reproduce?

1. Create a repository.
2. npm install --save discord.io
3. Upload to GitHub (including package-lock.json)
4. See a "We found a potential security vulnerability in one of your dependencies." message at the github page of the repository (powered by WhiteSource)