Closed idanielsteven closed 7 years ago
I feel like it's not actionable for now, it's socket.io issue. I've added Snyk to watch these vulnerabilities regularly.
I opened an issue on Socket.IO's git/issues. I'll keep you apprised of a potential fix/release.
This should resolve the problem: https://github.com/RafalWilinski/express-status-monitor/pull/62/files
NSP found these packages need to be moved from/to to fix security vulnerabilties
WS from 1.1.0 to 1.1.1 (patch fix) Module ws has a known vulnerability: "DoS due to excessively large websocket message"
Negotiator from 0.4.9 to 0.6.1 (patch fix) ISSUE: Module negotiator has a known vulnerability: "Regular Expression Denial of Service"