You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
how about socket.io-adapter? is it maintained by your team also?
When I run npm audit I still see affected ws version
npm audit --audit-level=high --package-lock-only --omit=dev --omit=optional
npm audit report
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - GHSA-3h5v-q93c-6h6q
fix available via npm audit fix --force
Will install socket.io@4.5.4, which is a breaking change
node_modules/socket.io-adapter/node_modules/ws
socket.io-adapter >=2.5.2
Depends on vulnerable versions of ws
node_modules/socket.io-adapter
socket.io >=4.6.0-alpha1
Depends on vulnerable versions of socket.io-adapter
node_modules/socket.io
GHSA-3h5v-q93c-6h6q
The text was updated successfully, but these errors were encountered: