Hello,
In a project I am working on we're using node-red in order to extend project's capabilities.
The final docker image is scanned with different tools to identify security vulnerabilities, and one of reported high vulnerabilities is related to ws 1.1.5 library (a dependency of node-red).
Deatils can be found here: https://www.npmjs.com/advisories/550
What would be the impact of upgrading ws from 1.1.5 to a non-vulnerable version ( minimum 3.3.1, latest version is 6.2.0 ) ?
Hi @pkorecki
there were very significant changes to the ws library from version 1.x up to its latest 6.x stream. It requires a lot of changes in the node-red code base to support.
The good news is 0.20 has had those changes applied and will be available in the next couple of days (all being well...).
Thanks for quick answer!
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy