Security: remove ws subscription dependencies (#5416)

* remove unused vulnerable dependency from api * remove unused vulnerable dependency from frontend * remove wsClient from App.js * remove split link from client
canada-ca · Jun 19, 2024 · 19b0f2b · 19b0f2b
1 parent be01350
commit 19b0f2b
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 159 deletions.
diff --git a/api/index.js b/api/index.js
@@ -95,6 +95,5 @@ const {
   await server.listen(PORT, (err) => {
     if (err) throw err
     console.log(`🚀 Server ready at http://localhost:${PORT}/graphql`)
-    console.log(`🚀 Subscriptions ready at ws://localhost:${PORT}/graphql`)
   })
 })()
diff --git a/api/package-lock.json b/api/package-lock.json
diff --git a/api/package.json b/api/package.json
@@ -50,7 +50,6 @@
     "ms": "^2.1.3",
     "nats": "^2.18.0",
     "notifications-node-client": "^8.0.0",
-    "subscriptions-transport-ws": "^0.11.0",
     "url-slug": "^3.0.2",
     "uuid": "^8.3.2",
     "validator": "^13.7.0"

diff --git a/api/src/server.js b/api/src/server.js
@@ -10,10 +10,9 @@ import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin
 import compression from 'compression'
 
 import requestLanguage from 'express-request-language'
-import { execute, subscribe, GraphQLSchema } from 'graphql'
+import { GraphQLSchema } from 'graphql'
 import depthLimit from 'graphql-depth-limit'
 import { createComplexityLimitRule } from 'graphql-validation-complexity'
-import { SubscriptionServer } from 'subscriptions-transport-ws'
 
 import { createQuerySchema } from './query'
 import { createMutationSchema } from './mutation'
@@ -101,17 +100,5 @@ export const Server = async ({
     res.json({ ok: 'yes' })
   })
 
-  SubscriptionServer.create(
-    {
-      schema,
-      execute,
-      subscribe,
-    },
-    {
-      server: httpServer,
-      path: server.graphqlPath,
-    },
-  )
-
   return httpServer
 }