Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Websocket driver flagged by Veracode scan — can I disable it? #10084

Closed
robert-j-peterson opened this issue Nov 16, 2020 · 2 comments · Fixed by #10312 or GamersClub/create-react-app#1

Comments

@robert-j-peterson
Copy link

Hi there — I built an app using CRA and love it, but when I put my app through Veracode's scanner, it flagged Websocket driver as being an out-of-date dependency. It's at 0.6.5, and I need to get it up to the latest version OR simply disable it.

My questions:

(1) Is there a way for me to disable or otherwise remove Websocket driver?

(2) My app makes use of an express.js server and socket.io to let users create little game rooms. Does Websocket driver have anything to do with that functionality? (I don't think it does, but I'm trying to cover all my bases.)

Thanks so much!

b

@threepointone
Copy link

Could you be more specific? It would be great if you could reproduce this problem with a sample git repository. If it's a problem with socket.io, then you can imagine that this issue should probably be filed with that repository.

@stale
Copy link

stale bot commented Dec 25, 2020

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

@stale stale bot added the stale label Dec 25, 2020
Awarua- added a commit to Awarua-/create-react-app that referenced this issue Dec 30, 2020
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
gaearon pushed a commit that referenced this issue Feb 18, 2021
Resolves #10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
blackarctic added a commit to blackarctic/create-react-app that referenced this issue Apr 29, 2021
* Fix noFallthroughCasesInSwitch/jsx object is not extensible (facebook#9921)

Co-authored-by: Konstantin Simeonov <[email protected]>

* Add logo license to README

* Remove trailing space in reportWebVitals.ts (facebook#10040)

* docs: add React Testing Library as a library requiring jsdom (facebook#10052)

Co-authored-by: Ian Schmitz <[email protected]>

* Increase Workbox's maximumFileSizeToCacheInBytes (facebook#10048)

* Create FUNDING.yml

* replace inquirer with prompts (facebook#10083)

- remove `react-dev-utils/inquirer` public import

* Prepare 4.0.1 release

* Prepare 4.0.1 release

* Publish

 - [email protected]
 - [email protected]
 - [email protected]
 - [email protected]
 - [email protected]

* chore: bump web-vital dependency version (facebook#10143)

* chore: bump typescript version (facebook#10141)

Co-authored-by: Ian Schmitz <[email protected]>

* Add TypeScript 4.x as peerDependency to react-scripts(facebook#9964)

* remove chalk from formatWebpackMessages (facebook#10198)

* Upgrade @svgr/webpack to fix build error (facebook#10213)

Co-authored-by: Ian Schmitz <[email protected]>

* Improve vendor chunk names in development (facebook#9569)

* Update postcss packages (facebook#10003)

Co-authored-by: Ian Schmitz <[email protected]>

* Recovered some integration tests (facebook#10091)

* Upgrade sass-loader (facebook#9988)

* Move ESLint cache file into node_modules (facebook#9977)

Co-authored-by: Ian Schmitz <[email protected]>

* Revert "Update postcss packages" (facebook#10216)

This reverts commit 580ed5d.

* Remove references to Node 8 (facebook#10214)

* fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (facebook#9872)

* Update using-the-public-folder.md (facebook#10314)

Some library --> Some libraries

* docs: add missing override options for Jest config (facebook#9473)

* Fix CI tests (facebook#10217)

* appTsConfig immutability handling by immer (facebook#10027)

Co-authored-by: mad-jose <[email protected]>

* Add support for new BUILD_PATH advanced configuration variable (facebook#8986)

* Add opt-out for eslint-webpack-plugin (facebook#10170)

* Prepare 4.0.2 release

* Publish

 - [email protected]
 - [email protected]
 - [email protected]
 - [email protected]
 - [email protected]
 - [email protected]

* tests: update test case to match the description (facebook#10384)

* Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312)

Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs

* Upgrade eslint-webpack-plugin to fix opt-out flag (facebook#10590)

* update immer to 8.0.1 to address vulnerability (facebook#10412)

Resolves facebook#10411

Bumps immer version to 8.0.1 to address the prototype pollution
vulnerability with the current 7.0.9 version.

* Prepare 4.0.3 release

* Update CHANGELOG

* Publish

 - [email protected]
 - [email protected]
 - [email protected]

Co-authored-by: Ryota Murakami <[email protected]>
Co-authored-by: Konstantin Simeonov <[email protected]>
Co-authored-by: Ian Sutherland <[email protected]>
Co-authored-by: sho90 <[email protected]>
Co-authored-by: Anyul Rivas <[email protected]>
Co-authored-by: Ian Schmitz <[email protected]>
Co-authored-by: Jeffrey Posnick <[email protected]>
Co-authored-by: Evan Bacon <[email protected]>
Co-authored-by: Sahil Purav <[email protected]>
Co-authored-by: Hakjoon Sim <[email protected]>
Co-authored-by: Chris Shepherd <[email protected]>
Co-authored-by: Jason Williams <[email protected]>
Co-authored-by: Jabran Rafique⚡️ <[email protected]>
Co-authored-by: John Ruble <[email protected]>
Co-authored-by: Morten N.O. Nørgaard Henriksen <[email protected]>
Co-authored-by: Sergey Makarov <[email protected]>
Co-authored-by: EhsanKhaki <[email protected]>
Co-authored-by: Kristoffer K <[email protected]>
Co-authored-by: Aviv Hadar <[email protected]>
Co-authored-by: Tobias Büschel <[email protected]>
Co-authored-by: mad-jose <[email protected]>
Co-authored-by: mad-jose <[email protected]>
Co-authored-by: Andrew Hyndman <[email protected]>
Co-authored-by: Brody McKee <[email protected]>
Co-authored-by: James George <[email protected]>
Co-authored-by: Dion Woolley <[email protected]>
Co-authored-by: Walker Clem <[email protected]>
wombleton pushed a commit to AurorNZ/create-react-app that referenced this issue Jun 1, 2021
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek pushed a commit to abhiisheek/create-react-app that referenced this issue May 19, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek pushed a commit to abhiisheek/create-react-app that referenced this issue May 24, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants