Can the ws (websocket) depenency of theia/core be removed? #13884
Unanswered
BrightKn1ght
asked this question in
Improvements
Replies: 1 comment 1 reply
-
Hey @BrightKn1ght, yeah, this probably makes sense. In case someone actually needs the package, they can import it themselves. Note that socket.io itself probably still needs the If you create an PR for this, do you mind adding an appropriate entry to the breaking changes of the changelog? |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm using theia 1.34.4 for my project. I know theia switched away from ws to socket.io.
The ws library gets security incidents from time to time like this one now: https://nvd.nist.gov/vuln/detail/CVE-2024-37890
After checking the source I doubt ws is used anywhere anymore. Am I right and if so, could I create a PR to remove it?
I found that ws is encapsulated and offered to other packages by theia/core via packages\core\shared\ws\index.js. But it seems no one is ever consuming it.
Beta Was this translation helpful? Give feedback.
All reactions