One of the dependencies is likely compromised - do not update #276
Comments
|
Assessing a bit the situation, this happens only if you fresh install or update the existing soketi version. Docker doesn't seem to have this issue as the dependencies were bundled at the given time when they worked. I'm locking the dependencies for this. I'm never letting the dependencies flow freely again for production apps. 😨 |
|
Thank you for the fast action taken. All this drama around Marak's GH and packages... |
|
It can happen to anyone. This remembered me of left-pad incident |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, this morning I tried updating to the latest version of soketi and the next thing I know my logs are full of garbage, GB's of garbage. The system storage filled up within seconds. I then stopped the process cleared the logs and downgraded to the previous version I was using (0.21.0) and yet again I am met with a full filesystem. I created a fresh ubuntu docker image, installed fresh node and @soketi/soketi version 0.26.0 and was met with the same issue.
Example output after the upgrade:
I think it would be a good habit to start hard locking top-level dependencies. That doesn't fully prevent issues like this but it could catch some. For now I would discourage anyone from updating this package.
The text was updated successfully, but these errors were encountered: