mcollina
commented
6 years ago Those vulnerabilities are not exploitable in Mosca.
Open mkj28 opened 6 years ago
mcollina
commented
6 years ago Those vulnerabilities are not exploitable in Mosca.
mkj28
commented
6 years ago Those vulnerabilities are not exploitable in Mosca
Fair enough, but mosca pulls them into the deployment
gerad
commented
5 years ago Is it possible to bundle mosca without the stateful functionality? (perhaps exposing it through peer dependencies)?
mcollina
commented
5 years ago You should use https://github.com/mcollina/aedes
Mosca dependencies pull libraries with security vulnerabilities.
bl version 0.8.2: https://nodesecurity.io/advisories/596
yarn why blReasons this module exists "mosca#level-sublevel#levelup" depends on itdeep-extend version 0.4.2: https://nodesecurity.io/advisories/612 "mosca#leveldown#prebuild#rc" depends on it
lodash version 3.10.1: https://nodesecurity.io/advisories/577 "mosca#ioredis" depends on it
stringstream version 0.0.5: https://nodesecurity.io/advisories/664 "mosca#leveldown#prebuild#node-ninja#request" depends on it