-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
socket.io-parser
version update
#14292
Conversation
I think I need your help with this, @tylerbutler. Although I added the override in the
|
Unfortunately I think overrides are not respected by npm, and historian is still using npm. How urgent is this? I have a historian PR that switches to pnpm (#14294). I hope to get merge it in the next couple of days. If this dep could wait it would be a bit easier. If it's urgent, though, I can help more - just let me know. |
Thanks, @tylerbutler. I think it can wait a couple of days, as it will get into the next minor release, anyway. Tinylicious is in the same boat. Do you have plans to move that one as well? |
Hey @tylerbutler, thanks for migrating |
@andre4i I have a PR in progress converting tinylicious to pnpm: #14356 |
@tylerbutler can you take a look? |
Description
https://nvd.nist.gov/vuln/detail/CVE-2022-2421
socket.io-parser
used across the framework needs to be on at least4.2.1