Github Vulnerabilities Notice - Best Practice Guidance

I looking for insight on how to handle these vulnerabilities identified Github.

engine.io|Version >= 5.1.0 < 6.4.2|Upgrade to ~> 6.4.2
CVE-2023-31125 Moderate severity

socket.io-parser|Version >= 4.0.4 < 4.2.3|Upgrade to ~> 4.2.3
CVE-2023-32695 High severity

Is this updated within Wappler updates or something I need to update in the package.json?

Thanks in advance

You can always run npm update in your project, it should update the packages to the latest version. It does not upgrade major versions, that could cause backward compatibility issues. In your case it seems to be socket.io package that need to be updated. In the upcoming update we have updated all Redis related packages to the latest major version.

1 Like

Thanks for the update and insight to npm options Patrick