fix security vulnerabilities - Githubissues

RafalWilinski / express-status-monitor

🚀 Realtime Monitoring solution for Node.js/Express.js apps, inspired by status.github.com, sponsored by https://dynobase.dev

https://dynobase.dev/

MIT License

3.61k stars 255 forks source link

fix security vulnerabilities #180

Closed LetsMelon closed 2 years ago

lamweili commented 2 years ago

Mostly closed in the 1.3.4 release (https://github.com/RafalWilinski/express-status-monitor/commit/be7b8fcfc6d24a45fee9c0c815ec2636ee621cfb).

Nevertheless, there is 1 outstanding security vulnerability, https://github.com/advisories/GHSA-j4f2-536g-r55m. express-status-monitor@1.3.4 > socket.io@2.4.1 > engine.io@3.5.0

This has been committed as https://github.com/RafalWilinski/express-status-monitor/commit/1a38ae56dfdb1808aa68ce196db008b28efce49f (or PR #188), upgraded socket.io@2.4.1 to socket.io@4.4.1, but yet to have a release.

Thus, this PR is no longer required.