You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NOTE WELL This package is officially deprecated. As of node 9.0.0, there is an 'http2' package built-in. You should use that one instead.
Also, "node-http2": "^4.0.1" depends on "websocket-stream": "^5.0.1" which depends on "ws": "^3.2.0" which has the following security vulnerability: GHSA-6fc8-4gx4-v693
6289a8a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @XhmikosR I just noticed that https://www.npmjs.com/package/node-http2 GitHub repository doesn't exist anymore/404 and that this packaged was itself a fork from https://github.com/molnarg/node-http2, which states the following on it's readme:
Also,
"node-http2": "^4.0.1"
depends on"websocket-stream": "^5.0.1"
which depends on"ws": "^3.2.0"
which has the following security vulnerability: GHSA-6fc8-4gx4-v693I've created this issue on
websocket-stream
: max-mapper/websocket-stream#162But given that apparently node >9.0.0 has http2 built in, perhaps it's interesting to upgrade to that no?