Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

[Snyk] Security upgrade socket.io-client from 4.2.0 to 4.5.0 #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-5596892
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io-client The new version differs by 31 commits.
  • abdba07 chore(release): 4.5.0
  • faf68a5 chore: update default label for bug reports
  • c0ba734 chore: add Node.js 16 in the test matrix
  • e859018 refactor: replace the disconnected attribute by a getter
  • 74e3e60 feat: add support for catch-all listeners for outgoing packets
  • 692d54e chore: point the CI badge towards the main branch
  • 6fdf3c9 refactor: import single-file 3rd party modules
  • b862924 feat: add details to the disconnect event
  • eaf782c docs: remove broken badges
  • 359d1e2 chore(release): 4.4.1
  • f56fdd0 chore: remove duplicate package.json file
  • 19836d9 chore: add types to exports field to be compatible with nodenext module resolution (#1522)
  • 71e34a3 chore(release): 4.4.0
  • 1e1952b chore: bump engine.io-client version
  • 522ffbe fix: prevent double ack with timeout
  • 99c2cb8 fix: fix `socket.disconnect().connect()` usage
  • 53d8fca fix: add package name in nested package.json
  • d54d12c fix: prevent socket from reconnecting after middleware failure
  • ccf7998 feat: add timeout feature
  • da0b828 chore(release): 4.3.2
  • 6780f29 fix: restore the default export (bis)
  • ca614b2 chore(release): 4.3.1
  • f0aae84 fix: restore the default export
  • 8737d0a fix: restore the namespace export

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant