Closed andersbv closed 6 years ago
Thanks. This is more a concern for the server than the client. I'll update the ws
version number there as well.
I couldn't reproduce the process crash issue with socketcluster-server; maybe it's an edge case of ws
which doesn't affect SC. But worth updating anyway.
I've published the patch to socketcluster-client 9.0.3
and socketcluster-server 9.1.3
.
In case anyone is concerned, I wasn't able to reproduce the issue in SC (using the PoC steps from snyk.io) using either the ws
or uws
WebSocket engines. Also, uws
is the default engine in SC and this issue affects ws
.
Node Security scan is showing warnings against ws 3.1.0 related to https://snyk.io/vuln/npm:ws:20171108