CORS Vulnerability in dependency

[hbowden]

[748/873] sockjs 0.3.18  [VULNERABLE]
3 known vulnerabilities, 1 affecting installed version

CORS vulnerability
The package automatically sets the `Access-Control-Allow-Origin` header to whatever the requesting doma
in is, if any sockjs path is referenced from another domain. This enables a possible CORS attack.

The fix is a change that optionally disables the CORS headers.

Affected versions: <=0.3.18
References:
  * https://github.com/sockjs/sockjs-node/issues/217
  * https://github.com/sockjs/sockjs-node/pull/218
------------------------------------------------------------```

[Magneticmagnum]

There is currently a PR for this waiting in sockjs github: sockjs/sockjs-node#218 (review)

However, doesn't seem like they are going to fix it. We can fork and use it as it is MIT license.

[hbowden]

Yea we can fork until/if they merge that PR, we can't create a release with a known vulnerability.

[NogsMPLS]

FYI, that PR has been merged. update dependencies and run the vulnerability test again to see if this can be closed.

[hbowden]

K sweet, I'll check.

[hbowden]

Still getting the error, we probably need to update one of our deps.

[Magneticmagnum]

Check again? I'm no longer seeing the issue when I used Synk.io to check the repo's dependencies

[stuller]

Can this be closed?

[Magneticmagnum]

No longer seeing the vulnerability. Closing issue.