Critical security vulnerability

[skhilliard]

Any chance of updating the socket.io/socket.io-client to a newer version to eliminate this vulnerability?

express-status-monitor@1.3.3 ->socket.io@2.3.0 -> socket.io-client@2.3.0 -> engine.io-client@3.4.4 -> xmlhttprequest-ssl@1.5.5

GHSA-72mh-269x-7mh5

Thanks

[lamweili]

This is closed with the 1.3.4 release (be7b8fc) as they have upgraded socket.io@2.3.0 to socket.io@2.4.1

---

Nevertheless, there is 1 outstanding security vulnerability, GHSA-j4f2-536g-r55m.
express-status-monitor@1.3.4 > socket.io@2.4.1 > engine.io@3.5.0

This has been committed as 1a38ae5 (or PR #188), upgraded socket.io@2.4.1 to socket.io@4.4.1, but yet to have a release.