eventsource dependency too old: 0.1.6 #407
Comments
|
@christophercr I was waiting for EventSource/eventsource#60 to be fixed. It is also work to ensure the changes they made do not break SockJS (again). |
|
Oh I see, well it seems it is solved now :) |
|
Is this upgrade now feasible? There is more reason to do it now that eventsource 0.1.6 depends (indirectly) on querystring 0.0.4 which has a security vulnerability ( fixed at unshiftio/querystringify#19 ). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I just noticed that this library (used by webpack-dev-server btw) has a dependency to eventsource with a very old version: 0.1.6 (released in Feb 2015!).
I'm wondering why hasn't this been upgraded to a more recent version or even the latest one. It seems that there has been a lot of bugs/issues fixed since version 0.1.6 ;)
I noticed this since I'm implementing Server Sent Events in my app and I spotted two deps of the eventsource library in my package-lock.json. I use the latest version but I see that webpack-dev-server=>sockjs-client uses a very old one.
I thought this could be interesting for you...
The text was updated successfully, but these errors were encountered: