Updgrading socketcluster-client to v13.0.0 to resolve DOS vulnerability in ws
0paIescent opened this issue · comments
The current version of the socketcluster-client
package is 5.3.1, which contains a dependency to ws
version 1.1.2. ws
version 1.1.2 contains a Denial of Service vulnerability outlined here: https://nodesecurity.io/advisories/550. I have just finished testing a fork of remote-redux-devtools
using socketcluster-client
version 13.0.0 and everything works as it should. I would make this into a pull request but frankly I have no idea how to submit a PR. I can confidently say that there are no breaking changes when updating socketcluster-client
to version 13.0.0, hopefully administration can get on this as soon as possible, since this is a major vulnerability, and has a non breaking solution.
I submitted a PR for you. Getting this same issue. Have a great day!
It's up in 0.5.13
. Thanks!