[Snyk] Upgrade socket.io-client from 2.2.0 to 2.5.0 #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

golanha wants to merge 1 commit into master from snyk-upgrade-f0cada1ae6661b75225c31d8a1e7695c

Member

golanha commented Jul 3, 2023 •

edited by maty21

Loading

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade socket.io-client from 2.2.0 to 2.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released a year ago, on 2022-06-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	512/1000 Why? Proof of Concept exploit, CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: socket.io-client

2.5.0 - 2022-06-26
Bug Fixes
- ensure buffered events are sent in order (991eb0b)
Links:
- Diff: 2.4.0...2.5.0
- Server release: 2.5.0
- engine.io-client version: ~3.5.0
- ws version: ~7.4.2
2.4.0 - 2021-01-04
2.3.1 - 2020-09-30
2.3.0 - 2019-09-20
2.2.0 - 2018-11-28

from socket.io-client GitHub release notes

Commit messages

Package name: socket.io-client

2b8e318 chore(release): 2.5.0
991eb0b fix: ensure buffered events are sent in order
b1d7eef ci: remove Node.js 8 from the test matrix
de2ccff chore(release): 2.4.0
e9dd12a chore: bump engine.io-client version
7248c1e ci: migrate to GitHub Actions
4631ed6 chore(release): 2.3.1
7f73a28 test: fix tests in IE
67c54b8 chore: bump engine.io-parser and socket.io-parser
15a52ab test: remove arrow function (for now)
050108b fix: fix reconnection after opening socket asynchronously (#1253)
b570025 chore: bump engine.io-client and downgrade debug
1fb1b78 chore: remove unused dependencies
0c39f14 docs: add section about Debug / logging on the client side (#1278)
6ce02ee docs: add server port in the example (#1359)
f4a4d89 chore: update package-lock.json file
3c1d860 chore: bump component-emitter dependency (#1376)
b7dbbd2 test: fix race condition in the tests
661f1e7 [chore] Release 2.3.0
71d7b79 [chore] Bump engine.io-client to version 3.4.0
8b4a539 [docs] Add CDN link (#1318)
40cf185 [ci] use Node.js 10 for compatibility with Gulp v3

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

This change is


          fix: upgrade socket.io-client from 2.2.0 to 2.5.0

d06948e

Snyk has created this PR to upgrade socket.io-client from 2.2.0 to 2.5.0.

See this package in npm:
https://www.npmjs.com/package/socket.io-client

See this project in Snyk:
https://app.snyk.io/org/maty21/project/a31589d4-e732-4b1a-9d59-0a49150319da?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet