update socket.io to 2.5.0 to fix engine.io vulnerability #351
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See 2.5.0 release notes and security advisory at
https://github.com/socketio/socket.io/releases/tag/2.5.0
A new networked-aframe release is not needed, but you need to double check the socket.io version you use in your own projects. On glitch, open the terminal and execute the following:
and wait a few seconds, it will automatically do the
npm install
getting the latest versions. (You can open the Logs tab to see that)Note that on glitch node_modules is a symlink to a volume. If you do
rm -rf package-lock.json node_modules
(without the star), it won't remove the currently installed packages, andnpm install
will still use the old socket.io version.and for client side, in index.html, use
The naf-project glitch template has been updated.