Critical security vulnerability
skhilliard opened this issue · 1 comments
skhilliard commented
Any chance of updating the socket.io/socket.io-client to a newer version to eliminate this vulnerability?
express-status-monitor@1.3.3 ->socket.io@2.3.0 -> socket.io-client@2.3.0 -> engine.io-client@3.4.4 -> xmlhttprequest-ssl@1.5.5
Thanks
lamweili commented
This is closed with the 1.3.4 release (be7b8fc) as they have upgraded socket.io@2.3.0 to socket.io@2.4.1
Nevertheless, there is 1 outstanding security vulnerability, GHSA-j4f2-536g-r55m.
express-status-monitor@1.3.4 > socket.io@2.4.1 > engine.io@3.5.0
This has been committed as 1a38ae5 (or PR #188), upgraded socket.io@2.4.1 to socket.io@4.4.1, but yet to have a release.