Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical security vulnerability #182

Open
skhilliard opened this issue Jan 12, 2022 · 1 comment
Open

Critical security vulnerability #182

skhilliard opened this issue Jan 12, 2022 · 1 comment

Comments

@skhilliard
Copy link

Any chance of updating the socket.io/socket.io-client to a newer version to eliminate this vulnerability?

express-status-monitor@1.3.3 ->socket.io@2.3.0 -> socket.io-client@2.3.0 -> engine.io-client@3.4.4 -> xmlhttprequest-ssl@1.5.5

GHSA-72mh-269x-7mh5

Thanks
@lamweili
Copy link

lamweili commented May 2, 2022
edited

This is closed with the 1.3.4 release (be7b8fc) as they have upgraded socket.io@2.3.0 to socket.io@2.4.1

Nevertheless, there is 1 outstanding security vulnerability, GHSA-j4f2-536g-r55m.
express-status-monitor@1.3.4 > socket.io@2.4.1 > engine.io@3.5.0

This has been committed as 1a38ae5 (or PR #188), upgraded socket.io@2.4.1 to socket.io@4.4.1, but yet to have a release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skhilliard @lamweili