Skip to content

Commit

Permalink
fix: ignore Snyk [email protected] patch for now
Browse files Browse the repository at this point in the history
[email protected] depends on [email protected], which carries a security
vulnerability. Snyk provides a patch for the vulnerability, but it
brings the behaviour of [email protected] in-line with [email protected], which
engine.io-client is not compatible with.

Snyk is currently working on an updated patch that is compatible with
this version of engine.io-client. In the meantime, we're going to have
to stay vulnerable as we depend on the impacted functionality.
  • Loading branch information
gjvis committed Sep 22, 2016
1 parent 50427f9 commit 1a0ec0f
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions .snyk
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
version: v1.5.2
ignore: {}
ignore:
'npm:ws:20160624':
- engine.io-client > ws:
reason: >-
The [email protected] behaviour introduced by the patch is incompatible
with transferring NodeJS buffers over engine.io transports
expires: '2016-10-22T14:53:52.379Z'
patch:
'npm:negotiator:20160616':
- engine.io > accepts > negotiator:
patched: '2016-08-31T09:40:29.491Z'
patched: '2016-09-22T14:52:24.968Z'
'npm:ws:20160624':
- engine.io-client > ws:
patched: '2016-08-31T09:40:29.491Z'
- engine.io > ws:
patched: '2016-08-31T09:40:29.491Z'
patched: '2016-09-22T14:52:24.968Z'

0 comments on commit 1a0ec0f

Please sign in to comment.