From 0efb3c9ae2fdfd0588a2f8e02e1f2f158b7fa28e Mon Sep 17 00:00:00 2001
From: Bryce Kahle <bkahle@gmail.com>
Date: Thu, 30 Jul 2020 23:05:46 -0400
Subject: [PATCH] Update faye-websocket and websocket-driver to fix security
 issue

Fix #275
---
 .gitignore        |  2 +-
 .npmignore        |  1 +
 package-lock.json | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 package.json      |  4 ++--
 scripts/test.sh   | 20 ++++++++++++++++++
 5 files changed, 76 insertions(+), 3 deletions(-)
 create mode 100644 package-lock.json
 create mode 100755 scripts/test.sh

diff --git a/.gitignore b/.gitignore
index 39187338..963236a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@
 node_modules
 lib/*.js
 *~
-package-lock.json
+sockjs-protocol
diff --git a/.npmignore b/.npmignore
index e476c14f..fa2991bf 100644
--- a/.npmignore
+++ b/.npmignore
@@ -4,4 +4,5 @@ Makefile
 src
 examples
 tests
+scripts
 *~
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 00000000..75d20db3
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,52 @@
+{
+  "name": "sockjs",
+  "version": "0.3.20",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "coffeescript": {
+      "version": "1.12.7",
+      "resolved": "https://registry.npmjs.org/coffeescript/-/coffeescript-1.12.7.tgz",
+      "integrity": "sha512-pLXHFxQMPklVoEekowk8b3erNynC+DVJzChxS/LCBBgR6/8AJkHivkm//zbowcfc7BTCAjryuhx6gPqPRfsFoA==",
+      "dev": true
+    },
+    "faye-websocket": {
+      "version": "0.11.3",
+      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.3.tgz",
+      "integrity": "sha512-D2y4bovYpzziGgbHYtGCMjlJM36vAl/y+xUyn1C+FVx8szd1E+86KwVw6XvYSzOP8iMpm1X0I4xJD+QtUb36OA==",
+      "requires": {
+        "websocket-driver": ">=0.5.1"
+      }
+    },
+    "http-parser-js": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.2.tgz",
+      "integrity": "sha512-opCO9ASqg5Wy2FNo7A0sxy71yGbbkJJXLdgMK04Tcypw9jr2MgWbyubb0+WdmDmGnFflO7fRbqbaihh/ENDlRQ=="
+    },
+    "safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
+    },
+    "uuid": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="
+    },
+    "websocket-driver": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz",
+      "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==",
+      "requires": {
+        "http-parser-js": ">=0.5.1",
+        "safe-buffer": ">=5.1.0",
+        "websocket-extensions": ">=0.1.1"
+      }
+    },
+    "websocket-extensions": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz",
+      "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg=="
+    }
+  }
+}
diff --git a/package.json b/package.json
index 1c37270a..bd7c7c72 100644
--- a/package.json
+++ b/package.json
@@ -17,9 +17,9 @@
     }
   ],
   "dependencies": {
-    "faye-websocket": "^0.10.0",
+    "faye-websocket": "^0.11.3",
     "uuid": "^3.4.0",
-    "websocket-driver": "0.6.5"
+    "websocket-driver": "^0.7.4"
   },
   "devDependencies": {
     "coffeescript": "^1.12.7"
diff --git a/scripts/test.sh b/scripts/test.sh
new file mode 100755
index 00000000..9ee302f5
--- /dev/null
+++ b/scripts/test.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+rm -rf sockjs-protocol
+git clone --depth=1 https://github.com/sockjs/sockjs-protocol.git
+cd sockjs-protocol
+make test_deps pycco_deps
+cd ..
+node tests/test_server/server.js &
+SRVPID=$!
+sleep 1
+
+set +e
+
+cd sockjs-protocol
+./venv/bin/python sockjs-protocol.py
+PASSED=$?
+kill $SRVPID
+exit $PASSED