Open epg323 opened 4 years ago
debug is a dependency of socket.io-streams. We'd have to change the dependency, and then test it. But, socket.io-streams hasn't been updated in a while so maybe we should not use it, and implement the video upload by having the browser upload to cloudinary directly, or by switching to S3. For now, lets leave this as a low priority. Also, the risk is a low priority of denial of service which we can tolerate for now.
Sounds good, I also created an issue on socket.io-streams to see if maybe they might be able to make that small change.
This project uses the debug package
Debug has been tagged by the audit package as having low severity vulnerabilities.
Debug should be updated, unless there is a reason not to update it.
https://www.npmjs.com/advisories/534