Closed jmattsson closed 2 months ago
We cannot do anything about websocket-stream's dependencies: https://github.com/max-mapper/websocket-stream/issues/162.
FWIW, the vulnerability is irrelevant to the SDK's functionality.
I take that back, it looks like we could switch dependencies to https://www.npmjs.com/package/@httptoolkit/websocket-stream
Given that we don't use server functionality, it may not end up being a high priority though.
2.2.15 addresses this issue and has been published to npm.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
Lovely, thank you for the quick turnaround!
Describe the bug
Expected Behavior
No known vulnerabilities present :)
Current Behavior
The suggested fix would force a downgrade from 2.2.14 back to 2.2.8, which would introduce other issues again and is not viable.
Reproduction Steps
Take a project that requires
aws-iot-device-sdk
v2.2.14 package, and runnpm audit
Possible Solution
No response
Additional Information/Context
No response
SDK version used
2.2.14
Environment details (OS name and version, etc.)
Linux