Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(bug) Update socket.io #213

Open
Yash-Singh1 opened this issue Apr 30, 2022 · 0 comments
Open

(bug) Update socket.io #213

Yash-Singh1 opened this issue Apr 30, 2022 · 0 comments
Assignees
@meinaart
Labels
bug Something isn't working

Comments

@Yash-Singh1
Copy link

Describe the bug
A clear and concise description of what the bug is.

The currently used socket.io is ^2.2.0.
However this version of socket.io has a DOS vulnerability from their dependency engine.io. GHSA-j4f2-536g-r55m

To Reproduce

See URL above. Install cypress-plugin-snapshots. Notice that engine.io version is vulnerable.

Expected behavior
A clear and concise description of what you expected to happen.

Not vulnerable version of socket.io.

Screenshots
If applicable, add screenshots to help explain your problem.

Screenshot from 2022-04-29 18-24-00

Desktop (please complete the following information):

  • OS: Ubuntu
  • Cypress Version 9.5.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@meinaart meinaart

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@meinaart @Yash-Singh1