Skip to content

Commit

Permalink
Replace http2 with node-http2.
Browse files Browse the repository at this point in the history
  • Loading branch information
@XhmikosR
XhmikosR committed Sep 6, 2018
1 parent 42703e0 commit 6289a8a
Show file tree
Hide file tree
Showing 4 changed files with 246 additions and 17 deletions.
257 changes: 243 additions & 14 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 comment on commit 6289a8a

@pedrosanta
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @XhmikosR I just noticed that https://www.npmjs.com/package/node-http2 GitHub repository doesn't exist anymore/404 and that this packaged was itself a fork from https://github.com/molnarg/node-http2, which states the following on it's readme:

NOTE WELL This package is officially deprecated. As of node 9.0.0, there is an 'http2' package built-in. You should use that one instead.

Also, "node-http2": "^4.0.1" depends on "websocket-stream": "^5.0.1" which depends on "ws": "^3.2.0" which has the following security vulnerability: GHSA-6fc8-4gx4-v693

I've created this issue on websocket-stream: max-mapper/websocket-stream#162

But given that apparently node >9.0.0 has http2 built in, perhaps it's interesting to upgrade to that no?

Please sign in to comment.