The current version of the socketcluster-client package is 5.3.1, which contains a dependency to ws version 1.1.2. ws version 1.1.2 contains a Denial of Service vulnerability outlined here: https://nodesecurity.io/advisories/550. I have just finished testing a fork of remote-redux-devtools using socketcluster-client version 13.0.0 and everything works as it should. I would make this into a pull request but frankly I have no idea how to submit a PR. I can confidently say that there are no breaking changes when updating socketcluster-client to version 13.0.0, hopefully administration can get on this as soon as possible, since this is a major vulnerability, and has a non breaking solution.
The current version of the
socketcluster-client
package is 5.3.1, which contains a dependency tows
version 1.1.2.ws
version 1.1.2 contains a Denial of Service vulnerability outlined here: https://nodesecurity.io/advisories/550. I have just finished testing a fork ofremote-redux-devtools
usingsocketcluster-client
version 13.0.0 and everything works as it should. I would make this into a pull request but frankly I have no idea how to submit a PR. I can confidently say that there are no breaking changes when updatingsocketcluster-client
to version 13.0.0, hopefully administration can get on this as soon as possible, since this is a major vulnerability, and has a non breaking solution.