Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure Randomness in ws 1.x #105

Closed
marvinroger opened this issue Feb 7, 2017 · 4 comments
Closed

Insecure Randomness in ws 1.x #105

marvinroger opened this issue Feb 7, 2017 · 4 comments

Comments

@marvinroger
Copy link

See https://snyk.io/vuln/npm:ws:20160920

Solution: Update to v2.x
@mcollina mcollina mentioned this issue Feb 8, 2017
Merged
@antoniobusrod
Copy link

Or update to https://github.com/websockets/ws/releases/tag/1.1.2 if you want to stay at v1

@mcollina
Copy link
Collaborator

It's already picking it, closing https://github.com/maxogden/websocket-stream/blob/master/package.json#L29.

@antoniobusrod
Copy link

However, this update will be installed automatically from minor release update in ws@1.1.2. I don't know if this a issue in snyk, because it should be solved after update node_modules.

@mcollina
Copy link
Collaborator

Yes it's a problem with snyk, 1.1.2 is safe to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mcollina @antoniobusrod @marvinroger