I looking for insight on how to handle these vulnerabilities identified Github.
engine.io|Version >= 5.1.0 < 6.4.2|Upgrade to ~> 6.4.2
CVE-2023-31125 Moderate severity
socket.io-parser|Version >= 4.0.4 < 4.2.3|Upgrade to ~> 4.2.3
CVE-2023-32695 High severity
Is this updated within Wappler updates or something I need to update in the package.json?
Thanks in advance
You can always run npm update in your project, it should update the packages to the latest version. It does not upgrade major versions, that could cause backward compatibility issues. In your case it seems to be socket.io package that need to be updated. In the upcoming update we have updated all Redis related packages to the latest major version.
Thanks for the update and insight to npm options Patrick