Websocket driver flagged by Veracode scan — can I disable it? #10084
Labels
Comments
|
Could you be more specific? It would be great if you could reproduce this problem with a sample git repository. If it's a problem with socket.io, then you can imagine that this issue should probably be filed with that repository. |
|
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs. |
Awarua-
added a commit
to Awarua-/create-react-app
that referenced
this issue
Dec 30, 2020
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
gaearon
pushed a commit
that referenced
this issue
Feb 18, 2021
Resolves #10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
blackarctic
added a commit
to blackarctic/create-react-app
that referenced
this issue
Apr 29, 2021
* Fix noFallthroughCasesInSwitch/jsx object is not extensible (facebook#9921) Co-authored-by: Konstantin Simeonov <kon.simeonov@protonmail.com> * Add logo license to README * Remove trailing space in reportWebVitals.ts (facebook#10040) * docs: add React Testing Library as a library requiring jsdom (facebook#10052) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Increase Workbox's maximumFileSizeToCacheInBytes (facebook#10048) * Create FUNDING.yml * replace inquirer with prompts (facebook#10083) - remove `react-dev-utils/inquirer` public import * Prepare 4.0.1 release * Prepare 4.0.1 release * Publish - cra-template-typescript@1.1.1 - cra-template@1.1.1 - create-react-app@4.0.1 - react-dev-utils@11.0.1 - react-scripts@4.0.1 * chore: bump web-vital dependency version (facebook#10143) * chore: bump typescript version (facebook#10141) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Add TypeScript 4.x as peerDependency to react-scripts(facebook#9964) * remove chalk from formatWebpackMessages (facebook#10198) * Upgrade @svgr/webpack to fix build error (facebook#10213) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Improve vendor chunk names in development (facebook#9569) * Update postcss packages (facebook#10003) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Recovered some integration tests (facebook#10091) * Upgrade sass-loader (facebook#9988) * Move ESLint cache file into node_modules (facebook#9977) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Revert "Update postcss packages" (facebook#10216) This reverts commit 580ed5d. * Remove references to Node 8 (facebook#10214) * fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (facebook#9872) * Update using-the-public-folder.md (facebook#10314) Some library --> Some libraries * docs: add missing override options for Jest config (facebook#9473) * Fix CI tests (facebook#10217) * appTsConfig immutability handling by immer (facebook#10027) Co-authored-by: mad-jose <joset@yeswearemad.com> * Add support for new BUILD_PATH advanced configuration variable (facebook#8986) * Add opt-out for eslint-webpack-plugin (facebook#10170) * Prepare 4.0.2 release * Publish - cra-template-typescript@1.1.2 - cra-template@1.1.2 - create-react-app@4.0.2 - react-dev-utils@11.0.2 - react-error-overlay@6.0.9 - react-scripts@4.0.2 * tests: update test case to match the description (facebook#10384) * Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312) Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs * Upgrade eslint-webpack-plugin to fix opt-out flag (facebook#10590) * update immer to 8.0.1 to address vulnerability (facebook#10412) Resolves facebook#10411 Bumps immer version to 8.0.1 to address the prototype pollution vulnerability with the current 7.0.9 version. * Prepare 4.0.3 release * Update CHANGELOG * Publish - create-react-app@4.0.3 - react-dev-utils@11.0.3 - react-scripts@4.0.3 Co-authored-by: Ryota Murakami <dojce1048@gmail.com> Co-authored-by: Konstantin Simeonov <kon.simeonov@protonmail.com> Co-authored-by: Ian Sutherland <ian@iansutherland.ca> Co-authored-by: sho90 <aznecosann@gmail.com> Co-authored-by: Anyul Rivas <anyulled@gmail.com> Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> Co-authored-by: Jeffrey Posnick <jeffy@google.com> Co-authored-by: Evan Bacon <baconbrix@gmail.com> Co-authored-by: Sahil Purav <sahil5684@gmail.com> Co-authored-by: Hakjoon Sim <trainto@gmail.com> Co-authored-by: Chris Shepherd <chris@chrisshepherd.me> Co-authored-by: Jason Williams <936006+jasonwilliams@users.noreply.github.com> Co-authored-by: Jabran Rafique⚡️ <jabranr@users.noreply.github.com> Co-authored-by: John Ruble <johnruble@gmail.com> Co-authored-by: Morten N.O. Nørgaard Henriksen <morten.n.o.henriksen@icloud.com> Co-authored-by: Sergey Makarov <serega.s.makar@gmail.com> Co-authored-by: EhsanKhaki <ehsankhfr@gmail.com> Co-authored-by: Kristoffer K <merceyz@users.noreply.github.com> Co-authored-by: Aviv Hadar <Avivhdr@gmail.com> Co-authored-by: Tobias Büschel <13087421+tobiasbueschel@users.noreply.github.com> Co-authored-by: mad-jose <44253495+josezone@users.noreply.github.com> Co-authored-by: mad-jose <joset@yeswearemad.com> Co-authored-by: Andrew Hyndman <ajhyndman@hotmail.com> Co-authored-by: Brody McKee <mrmckeb@users.noreply.github.com> Co-authored-by: James George <jamesgeorge998001@gmail.com> Co-authored-by: Dion Woolley <woolley.dion@gmail.com> Co-authored-by: Walker Clem <51654951+wclem4@users.noreply.github.com>
wombleton
pushed a commit
to AurorNZ/create-react-app
that referenced
this issue
Jun 1, 2021
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek
pushed a commit
to abhiisheek/create-react-app
that referenced
this issue
May 19, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek
pushed a commit
to abhiisheek/create-react-app
that referenced
this issue
May 24, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there — I built an app using CRA and love it, but when I put my app through Veracode's scanner, it flagged Websocket driver as being an out-of-date dependency. It's at 0.6.5, and I need to get it up to the latest version OR simply disable it.
My questions:
(1) Is there a way for me to disable or otherwise remove Websocket driver?
(2) My app makes use of an express.js server and socket.io to let users create little game rooms. Does Websocket driver have anything to do with that functionality? (I don't think it does, but I'm trying to cover all my bases.)
Thanks so much!
b
The text was updated successfully, but these errors were encountered: