Open JimmyTournemaine opened 3 years ago
yarn audit
report issues for 2.X versions. HTTPS is not used in the demo
project but it still an enormous vulnerability.
critical | Improper Verification of Cryptographic Signature |
---|---|
Package | xmlhttprequest-ssl |
Patched in | >=1.6.1 |
Dependency of | socket.io-client |
Path | socket.io-client > engine.io-client > xmlhttprequest-ssl |
More info | https://www.npmjs.com/advisories/1746 |
Is your feature request related to a problem? Please describe.
From Migrating from 2.x to 3.0 :
Describe the solution you'd like
SocketIO should be migrated to SocketIO 3 or be replaced by a plain WebSocket API.
Describe alternatives you've considered An alternative will be to replace SocketIO by fully WebSocket API. From SocketIO developers in the SocketIO 3 release blog post: