Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade dependencies #307

Merged
merged 5 commits into from
Jan 28, 2019
Merged

upgrade dependencies #307

merged 5 commits into from
Jan 28, 2019

Conversation

DorianScholz
Copy link
Contributor

to avoid security vulnerabilities

imutkarshpatil and others added 3 commits November 27, 2018 21:01
@imutkarshpatil
Dependency version updated to the latest for 'ws'
08a0b3c 
Existing version is vulnerable for DoS attacks with high severity. Version number changed to the latest where these are patched.
https://nodesecurity.io/advisories/550
https://nodesecurity.io/advisories/120
@DorianScholz
Merge remote-tracking branch 'sec-patch/develop' into develop
293fa1c
@DorianScholz
upgrade socket.io
9d9dd90 
to avoid security vulnerabilities
@jihoonl jihoonl requested a review from viktorku December 31, 2018 02:08
viktorku
viktorku reviewed Jan 1, 2019
View reviewed changes
package.json
"xmldom": "^0.1.19",
"cbor-js": "^0.1.0",
"socket.io": "1.4.8"
"socket.io": "2.2.0"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Travis fails due to old nodejs 4.2.6 on the build/test image that doesn't support ES6 syntax (which socket.io 2.2.0 apparently uses).

@chrisl8
Copy link

chrisl8 commented Jan 18, 2019

We need this update. What can I/we do to help make this happen?
I apologize if this is rude, as I am not sure what the procedure is here.
Thank you!

@TobiasMorell
Copy link

TobiasMorell commented Jan 22, 2019
edited
Loading

I'm currently building a website using roslibjs and preact. When building for release mode, it fails because roslibjs uses an outdated version of socket.io.

For now I was able to solve the issue by simply deleting socket.io from roslib/node_modules and replacing it with a newer version, as so:

rm -r node_modules/roslib/node_modules/socket.io
cp node_modules/socket.io node_modules/roslib/node_modules/socket.io

This assumes that you have installed socket.io with:

npm i socket.io

I'm fully aware that it's a bad solution, but while we're waiting for a fix, it's at least something.

Anyways, I suggest updating to a newer node version and using babel to transpile to old js code.

@TobiasMorell
Copy link

TobiasMorell commented Jan 28, 2019
edited
Loading

In case anyone else is experiencing the same issues as me (i.e. preact), I have devised a somewhat better solution to the problem. Run the following bash command before building:
sed -i '26i\if(typeof window !== "undefined")\' node_modules/roslib/node_modules/socket.io/lib/index.js

Edit: This does not require you to install a separate socket.io version.

@viktorku viktorku mentioned this pull request Jan 28, 2019
Closed
@viktorku viktorku merged commit 165912f into RobotWebTools:develop Jan 28, 2019
@viktorku
Copy link
Member

Thanks!

k-aguete pushed a commit to k-aguete/roslibjs that referenced this pull request Oct 21, 2022
@ruben-photoneo @J-Rojas
leveraged THREE implementation of raycasting for any camera type (Rob…
35aac44 
…otWebTools#307)

Co-authored-by: J-Rojas <jrojas@redlinesolutions.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viktorku viktorku viktorku left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@DorianScholz @chrisl8 @TobiasMorell @viktorku @imutkarshpatil @sevenbitbyte