Is ecstatic not used anymore? #285
Assignees
Labels
question
Further information is requested
Comments
|
This was included to fix a problem with http-server 0.11.1 including a broken version of ecstatic (3.0.0). It seems the new http-server version 0.12.1 uses ecstatic 3.3.2, so you should be able to update http-server and drop the ecstatic entry in our package.json. |
|
Regarding the vulnerability in ecstatic, it seems to be fixed in v3.3.2: Patches for the security vulnerability have been applied to versions v4.1.2, v3.3.2 and v2.2.2. Older versions will remain unpatched. I apologize for the inconvenience. |
|
Thanks @lukaswagner ! |
JotaroS
added a commit
that referenced
this issue
Jun 5, 2020
JotaroS
added a commit
that referenced
this issue
Jun 7, 2020
#285 removed ecstatic / updated http-server teseted plotter.js and worked fine.
|
@JotaroS so this is fixed ? if so please close |
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
dualpantoframework/package.json
Line 32 in a3f7197
Ecstatic is deprecated and there's security vulnerability against DoS attack.
I see this isn't refered by any code but still has to be imported?
(Last commit wrt this has been made by @lukaswagner https://github.com/HassoPlattnerInstituteHCI/dualpantoframework/blame/f3968089c393f84c25a923c5d52f744afc8b0694/package.json#L32)
The text was updated successfully, but these errors were encountered: