Update socketcluster to resolve critical security issues

[DonnyVerduijn]

Please note, that the currently used version of SocketCluster 8.0.1 has vulnerable dependencies. Therefore, i have migrated the codebase to be compatible with the latest version of SocketCluster. I didn't run any tests, so please provide feedback. The forked repo can be installed locally using npm -i DonnyVerduijn/remotedev-server#fix-vulnerabilities.

[DonnyVerduijn]

I can confirm it works together with remote-redux-devtools.

[AldoMX]

Hey guys @jhen0409 @zalmoxisus, sorry to annoy you with an unwanted notification, but this PR fixes the following issue:
facebook/react-native#17410

Is there something I can do to help you merge this?

[zalmoxisus]

@DonnyVerduijn thanks for fixing it. The problem here is thatremotedev-server was CommonJS, now we're using ES6 here and it won't be backward compatible. So it is a breaking change and we'd need to publish it as a major version, but there's already 0.3, just not shipped. So there are 2 possibilities here: rewrite as es5 (not sure if that works with current socketcluster version) or move it to v0.3 branch. That branch was enforcing node >= 4.0.0. I'd ship that version. Sorry for the confusion with the branches, that was completely rewritten and would be difficult to solve conflicts if we merge this in master. If you don't have time with that, @AldoMX offered his help.

[DonnyVerduijn]

Thanks for your reply. It seems that the socketcluster API of the latest version is ES6 only, but i didn't look into that. Maybe it is possible to migrate to another version. However, i think we should include these changes into 0.3 and keep 0.2 compatible with commonJS. It would be great if someone could include this, as i don't have the time right now. Regards, Donny Op vr 16 nov. 2018 22:02 schreef Mihail Diordiev <[email protected]:

…

@DonnyVerduijn <https://github.com/DonnyVerduijn> thanks for fixing it. The problem here is thatremotedev-server was CommonJS, now we're using ES6 here and it won't be backward compatible. So it is a breaking change and we'd need to publish it as a major version, but 0.3 was already in progress <#30>. So there are 2 possibilities here: rewrite as es5 (not sure if that works with current socketcluster version) or move it to v0.3 <https://github.com/zalmoxisus/remotedev-server/tree/v0.3> branch. That branch was enforcing node >= 4.0.0 <https://github.com/zalmoxisus/remotedev-server/blob/v0.3/package.json#L30>. I'd ship that version. Sorry for the confusion with the branches, that was completely rewritten and would be difficult to solve conflicts if we merge this in master. If you don't have time with that, @AldoMX <https://github.com/AldoMX> offered his help. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#65 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHKnocmioyQ-a3UVfmf2aiO6wZTe0MTbks5uvyf3gaJpZM4X_GXX> .

[zalmoxisus]

I added it in 0.3. Didn't use arrow functions as we'd need them in other parts as well to keep the same style.

Thanks again for you work!