Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade socket.io-client from 4.2.0 to 4.5.0 #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade socket.io-client from 4.2.0 to 4.5.0 #31

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-5596892		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io-client The new version differs by 31 commits.
  • abdba07 chore(release): 4.5.0
  • faf68a5 chore: update default label for bug reports
  • c0ba734 chore: add Node.js 16 in the test matrix
  • e859018 refactor: replace the disconnected attribute by a getter
  • 74e3e60 feat: add support for catch-all listeners for outgoing packets
  • 692d54e chore: point the CI badge towards the main branch
  • 6fdf3c9 refactor: import single-file 3rd party modules
  • b862924 feat: add details to the disconnect event
  • eaf782c docs: remove broken badges
  • 359d1e2 chore(release): 4.4.1
  • f56fdd0 chore: remove duplicate package.json file
  • 19836d9 chore: add types to exports field to be compatible with nodenext module resolution (#1522)
  • 71e34a3 chore(release): 4.4.0
  • 1e1952b chore: bump engine.io-client version
  • 522ffbe fix: prevent double ack with timeout
  • 99c2cb8 fix: fix `socket.disconnect().connect()` usage
  • 53d8fca fix: add package name in nested package.json
  • d54d12c fix: prevent socket from reconnecting after middleware failure
  • ccf7998 feat: add timeout feature
  • da0b828 chore(release): 4.3.2
  • 6780f29 fix: restore the default export (bis)
  • ca614b2 chore(release): 4.3.1
  • f0aae84 fix: restore the default export
  • 8737d0a fix: restore the namespace export

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Denial of Service (DoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot