express-status-monitor icon indicating copy to clipboard operation
express-status-monitor copied to clipboard

Published 20 hours ago • verified publisher icon RafalWilinski

Critical security vulnerability

Open skhilliard opened this issue 3 years ago • 1 comments

Any chance of updating the socket.io/socket.io-client to a newer version to eliminate this vulnerability?

[email protected] ->[email protected] -> [email protected] -> [email protected] -> [email protected]

https://github.com/advisories/GHSA-72mh-269x-7mh5

Thanks

skhilliard avatar Jan 12 '22 22:01 skhilliard

This is closed with the 1.3.4 release (https://github.com/RafalWilinski/express-status-monitor/commit/be7b8fcfc6d24a45fee9c0c815ec2636ee621cfb) as they have upgraded [email protected] to [email protected]

Nevertheless, there is 1 outstanding security vulnerability, https://github.com/advisories/GHSA-j4f2-536g-r55m. [email protected] > [email protected] > [email protected]

This has been committed as https://github.com/RafalWilinski/express-status-monitor/commit/1a38ae56dfdb1808aa68ce196db008b28efce49f (or PR #188), upgraded [email protected] to [email protected], but yet to have a release.

lamweili avatar May 02 '22 17:05 lamweili