-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop deprecated socket.io dependency #64
Comments
Another way around this is to upgrade to the newer |
IIRC, socket.io v2 is the reason socket.io became deprecated, as it lacked the features necessary to have the same API we currently offer for it. |
Hey @espadrine, would you be willing to drop the vulnerable dependencies from Dropping them from |
The only remaining vulnerabilites are in scoutcamp: espadrine/sc#64.
@paulmelnikow Is that related to galkn/parsejson#4? I can remove socket.io for security reasons. Can you pinpoint what the target is? When I run … OK, I figured it out. The latest commit is not part of an npm version. Pushing one now… |
v17.2.2 published. |
This fixes remaining vulnerabilities raised by `npm audit`. Follow-up to badges#2258. Related issues from dependencies: - camp upgrade: espadrine/sc#64 - socket.io vulnerability: galkn/parsejson#4
The only remaining vulnerabilites are in scoutcamp: espadrine/sc#64.
Thanks so much! |
This fixes remaining vulnerabilities raised by `npm audit`. Follow-up to badges#2258. Related issues from dependencies: - camp upgrade: espadrine/sc#64 - socket.io vulnerability: galkn/parsejson#4
This fixes remaining vulnerabilities raised by `npm audit`. Follow-up to #2258. Related issues from dependencies: - camp upgrade: espadrine/sc#64 - socket.io vulnerability: galkn/parsejson#4
Hello!
ScoutCamp's
socket.io
has been marked as deprecated for a while, and a security bot recently detected 16 vulnerabilities in the version we import (but don't use) in Janitor.Maybe this is a good time to remove
socket.io
from ScoutCamp's dependencies entirely? Does any ScoutCamp-based project still usesocket.io
, e.g. https://github.com/garden/tree ? (It doesn't seem so).The text was updated successfully, but these errors were encountered: