Snyk has created this PR to upgrade socket.io-client from 4.0.0 to 4.3.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
The recommended version was released 22 days ago, on 2021-10-16.
Coverage remained the same at 82.101% when pulling 325ec122c6230d2bb0ca7d3c2fe36ff9a49edeeb on snyk-upgrade-381b9c58140a9a1e015e18b8960aca0e into aaf448c6bc5f25ec4c3e2a6aff3c5feb168c3127 on master.
Snyk has created this PR to upgrade socket.io-client from 4.0.0 to 4.3.2.
The recommended version fixes:
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, CVSS 5.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: socket.io-client
Bug Fixes
Links:
~6.0.1
~8.2.3
Size of the bundles:
Bug Fixes
Links:
~6.0.1
~8.2.3
Size of the bundles:
An ESM bundle is now provided:
The bundle size has also been greatly reduced, from
16.0 KB
to12.9 KB
(min+gzip).Features
Links:
~6.0.1
(diff)~8.2.3
(diff)Size of the bundles:
Bug Fixes
Features
Links:
~5.2.0
~7.4.2
socket.io.min.js
:64.5 KB (+ 1.5 KB)
socket.io.msgpack.min.js
:65.5 KB (+ 1.4 KB)
This release only contains a bump from
engine.io-client
.Links:
~5.1.0
~7.4.2
socket.io.min.js
:63 KB (+ 0.2 KB)
socket.io.msgpack.min.js
:64.1 KB (+ 0.2 KB)
Bug Fixes
Links:
~5.1.0
~7.4.2
socket.io.min.js
:62.8 KB (=)
socket.io.msgpack.min.js
:63.9 KB (=)
There were some minor bug fixes on the server side, which mandate a client bump.
Links:
~5.1.0
~7.4.2
socket.io.min.js
:62.8 KB (=)
socket.io.msgpack.min.js
:63.9 KB (=)
Blog post: https://socket.io/blog/socket-io-4-1-0/
Features
engine.io-client
)Links:
~5.1.0
~7.4.2
socket.io.min.js
:62.8 KB (=)
socket.io.msgpack.min.js
:63.9 KB (=)
Bug Fixes
Links:
~5.0.0
~7.4.2
socket.io.min.js
:62.8 KB (=)
socket.io.msgpack.min.js
:63.9 KB (=)
Bug Fixes
auth
property public (#1455) (c150223)Links:
~5.0.0
~7.4.2
socket.io.min.js
:62.8 KB (=)
socket.io.msgpack.min.js
:63.9 KB (=)
Commit messages
Package name: socket.io-client
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:![](https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjNWQ4Y2E4NS02YWRmLTQyMzQtYjJjMC03YjdhMjVmMDMwMjciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM1ZDhjYTg1LTZhZGYtNDIzNC1iMmMwLTdiN2EyNWYwMzAyNyJ9fQ==)
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs