Closed Ericlm closed 1 year ago
When installing crisp-api (7.4.2), npm reported three critical vulnerabilities, like so:
# npm audit report socket.io-parser 4.0.4 - 4.2.2 Severity: critical Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-qm95-pgcg-qqfq Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9 fix available via `npm audit fix --force` Will install crisp-api@5.1.0, which is a breaking change node_modules/crisp-api/node_modules/socket.io-parser socket.io-client 1.0.0-pre - 1.0.1 || 4.3.0 - 4.4.1 Depends on vulnerable versions of socket.io-parser node_modules/crisp-api/node_modules/socket.io-client crisp-api >=5.2.0 Depends on vulnerable versions of socket.io-client node_modules/crisp-api 3 critical severity vulnerabilities
It would be great if you could upgrade the dependencies 🙂
Hey, I just released 8.0.3 which fixes this, thanks for reporting!
When installing crisp-api (7.4.2), npm reported three critical vulnerabilities, like so:
It would be great if you could upgrade the dependencies 🙂