-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerbility found in ws #130
Comments
@fiskgrodan LiveReload v0.8.0 was released last week. Running
I'll continue to monitor this. |
The commit linked to in the Github security report is: websockets/ws@c4fe466 After creating the PR, I read down further into the comments and found this: websockets/ws@c4fe466#commitcomment-28951427 which reports that 1.1.5 is not vulnerable. So maybe Github has it wrong? |
same here, came from bummer, because running the joy of programming :) |
Ok. I'll take everyone's word for it. Lemme make sure #131 resolves this properly and I'll package up a new release this week. |
that would be awesome, thanks ! |
hello again @napcs, just a little reminder about that one ^^ |
Closed by #131. 0.8.1 released |
you've made my day :) thanks a lot |
What version of Livereload are you using?
^0.7.0
Installed as a dependecy to rollup-plugin-livereload
https://github.com/thgh/rollup-plugin-livereload/blob/master/package.json
What OS are you using?
macOS / GitHub
What web browser are you using? (Browser name and specific version please)
Expected result
To not get a vulnerbility warning
Actual result
Getting vulnerbility warnings in terminal and in the GitHub GUI.
This is the warning I get when installing:
I get these warnings in the GitHub GUI:
![Screenshot 2019-06-05 at 15 47 13](https://user-images.githubusercontent.com/26715792/58962255-1bf96f80-87ab-11e9-9ba9-4f6413f323a2.png)
Steps to reproduce issue
I installed it from this repo:
https://github.com/sveltejs/template
With these steps:
Why is this important?
Vulnerbility warnings give a bad impression and might scare of possible users. Maybe upgrading the ws module could fix the issue?
The text was updated successfully, but these errors were encountered: