Closed joelseq closed 5 years ago
fippo
commented
5 years ago upgrading to 2.x is a breaking change, iirc 1.x and 2.x are not compatible on the wire.
socket.io was pinned to this 1.3.7 here and the maintenance situation has not changed since then.
Upgrading to ^1.7.4 seems to work though
joelseq
commented
5 years ago @fippo so would you recommend changing the version to ^1.7.4 in this PR?
fippo
commented
5 years ago yes please
joelseq
commented
5 years ago Okay, I changed it to ^1.7.4. Should I also change it in signalmaster since by default npm will upgrade it to 2.x?
fippo
commented
5 years ago published as 3.0.2 -- i'll take care of signalmaster in a bit.
Thank you!
The current version has dependencies that have known security vulnerabilities. Doing a
npm audit fix --forceupdates the version of socket.io-client to fix the problem.Such as: