search

wireapp / wire-webapp

👽 Wire for web
https://app.wire.com
GNU General Public License v3.0
1.14k stars 290 forks source link

chore: Use @roamhq/wrtc instead of @koush/wrtc #17819

Closed thisisamir98 closed 3 months ago

thisisamir98 commented 3 months ago

Description

@koush/wrtc includes ip as a dependency, which is flagged as a high vulnerability, see https://github.com/wireapp/wire-webapp/security/dependabot/129

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

thisisamir98 commented 3 months ago

Unfortunately removing this dependency did not fully fix this issue as we still 3 dependencies which have a dependency on ip package.

For now we just have to wait until the maintainer of ip publishes a fix for https://github.com/github/advisory-database/pull/4619