From 587baf8e097aec62786e02edc1f4c6ddbcae289e Mon Sep 17 00:00:00 2001
From: "alexander.akait" <sheo13666q@gmail.com>
Date: Mon, 13 Jun 2022 03:59:42 +0300
Subject: [PATCH] fix: security problem with sockjs

---
 lib/Server.js     | 5 +----
 package-lock.json | 4 ++++
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/Server.js b/lib/Server.js
index 507f2c4714..2cbfd42c62 100644
--- a/lib/Server.js
+++ b/lib/Server.js
@@ -1964,12 +1964,9 @@ class Server {
       (req, res) => {
         res.setHeader("Content-Type", "application/javascript");
 
-        const { createReadStream } = fs;
         const clientPath = path.join(__dirname, "..", "client");
 
-        createReadStream(
-          path.join(clientPath, "modules/sockjs-client/index.js")
-        ).pipe(res);
+        res.sendFile(path.join(clientPath, "modules/sockjs-client/index.js"));
       }
     );
 
diff --git a/package-lock.json b/package-lock.json
index 0b3e435abb..f0a59e3e0e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -99,6 +99,10 @@
       "engines": {
         "node": ">= 12.13.0"
       },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
       "peerDependencies": {
         "webpack": "^4.37.0 || ^5.0.0"
       },