Open
Description
In a recent git push, both GitHub and npm said there was an issue with express-status-monitor coming out of a vulnerability in socket.io-parser, as shown below.
When I ran npm audit fix, npm updated the socket.io-parser version to 4.0.5. This fixed the previous issue, but when running my app again, I noticed that the express-status-monitor page didn't work.
So I tried uninstalling the package and installing it again, and it works, but then it brings back the vulnerable version of socket.io-parser.
This might be a better question for the socket.io team, but is there a change from version 3.4.x to version 4.0.5 that makes express-status-monitor not work?
Metadata
Metadata
Assignees
Labels
No labels