search

OpenTMI / opentmi-jsclient

OpenTMI javascript client for backend&browser
https://opentmi.github.io/opentmi-jsclient
MIT License
0 stars 0 forks source link

[Snyk] Upgrade socket.io-client from 4.0.0 to 4.3.2 #190

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade socket.io-client from 4.0.0 to 4.3.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: socket.io-client
  • 4.3.2 - 2021-10-16

    Bug Fixes

    • restore the default export (bis) (6780f29)

    Links:

    • Diff: 4.3.1...4.3.2
    • Server release: -
    • engine.io-client version: ~6.0.1
    • ws version: ~8.2.3

    Size of the bundles:

    min min+gzip
    socket.io.min.js 40.0 KB (-) 13.0 KB (-)
    socket.io.msgpack.min.js 45.2 KB (-) 14.2 KB (-)
    socket.io.esm.min.js 32.8 KB (-) 11.1 KB (-)
  • 4.3.1 - 2021-10-15

    Bug Fixes

    • restore the default export (f0aae84)
    • restore the namespace export (8737d0a)

    Links:

    • Diff: 4.3.0...4.3.1
    • Server release: -
    • engine.io-client version: ~6.0.1
    • ws version: ~8.2.3

    Size of the bundles:

    min min+gzip
    socket.io.min.js 40.0 KB (+ 0.1 KB ⬆️) 13.0 KB (+ 0.1 KB ⬆️)
    socket.io.msgpack.min.js 45.2 KB (+ 0.1 KB ⬆️) 14.2 KB (+ 0.1 KB ⬆️)
    socket.io.esm.min.js 32.8 KB (+ 0.1 KB ⬆️) 11.1 KB (-)
  • 4.3.0 - 2021-10-14

    An ESM bundle is now provided:

    <script type="module">
  import { io } from "https://cdn.socket.io/4.3.0/socket.io.esm.min.js";

  const socket = io();

  socket.emit("hello", "world");
</script>

    The bundle size has also been greatly reduced, from 16.0 KB to 12.9 KB (min+gzip).

    Features

    • typings: add missing types for some emitter methods (#1502) (a9e5b85)
    • provide an ESM build with and without debug (16b6569)
    • migrate to rollup (0661564)

    Links:

    Size of the bundles:

    min  min+gzip
    socket.io.min.js 39.9 KB (-24.6 KB ⬇️) 12.9 KB (-3.1 KB ⬇️)
    socket.io.msgpack.min.js 45.1 KB (-25.6 KB ⬇️) 14 KB (-2.6 KB ⬇️)
    socket.io.esm.min.js 32.7 KB 11.1 KB
  • 4.2.0 - 2021-08-30

    Bug Fixes

    • typings: allow async listener in typed events (66e00b7)
    • allow to set randomizationFactor to 0 (#1447) (dfb46b5)

    Features

    • add an option to use native timer functions (#1479) (4e1b656)

    Links:

    • Diff: 4.1.3...4.2.0
    • Server release: 4.2.0
    • engine.io-client version: ~5.2.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 64.5 KB (+ 1.5 KB)
      • socket.io.msgpack.min.js: 65.5 KB (+ 1.4 KB)
  • 4.1.3 - 2021-07-10

    This release only contains a bump from engine.io-client.

    Links:

    • Diff: 4.1.2...4.1.3
    • Server release: 4.1.3
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 63 KB (+ 0.2 KB)
      • socket.io.msgpack.min.js: 64.1 KB (+ 0.2 KB)
  • 4.1.2 - 2021-05-17

    Bug Fixes

    • typings: add missing closeOnBeforeunload option (#1469) (35d27df)
    • typings: add missing requestTimeout option (#1467) (c8dfbb1)

    Links:

    • Diff: 4.1.1...4.1.2
    • Server release: 4.1.2
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.1.1 - 2021-05-11

    There were some minor bug fixes on the server side, which mandate a client bump.

    Links:

    • Diff: 4.1.0...4.1.1
    • Server release: 4.1.1
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.1.0 - 2021-05-11

    Blog post: https://socket.io/blog/socket-io-4-1-0/

    Features

    • add the "closeOnBeforeunload" option (dcb85e9, from engine.io-client)

    Links:

    • Diff: 4.0.2...4.1.0
    • Server release: 4.1.0
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.2 - 2021-05-06

    Bug Fixes

    • typings: add fallback to untyped event listener (5394669)
    • ensure buffered events are sent in order (34f822f)
    • ensure connections are properly multiplexed (dd2a8fc)
    • properly export the Socket class (e20d487)

    Links:

    • Diff: 4.0.1...4.0.2
    • Server release: 4.0.2
    • engine.io-client version: ~5.0.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.1 - 2021-03-31

    Bug Fixes

    • typings: make auth property public (#1455) (c150223)
    • typings: update definition to match wrapper.mjs (#1456) (48f573f)

    Links:

    • Diff: 4.0.0...4.0.1
    • Server release: 4.0.1
    • engine.io-client version: ~5.0.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.0 - 2021-03-10
from socket.io-client GitHub release notes
Commit messages
Package name: socket.io-client
  • da0b828 chore(release): 4.3.2
  • 6780f29 fix: restore the default export (bis)
  • ca614b2 chore(release): 4.3.1
  • f0aae84 fix: restore the default export
  • 8737d0a fix: restore the namespace export
  • c76d367 chore(release): 4.3.0
  • 91b948b refactor: move the typed events to @ socket.io/component-emitter
  • a9e5b85 feat(typings): add missing types for some emitter methods (#1502)
  • 0661564 chore: migrate to rollup
  • 16b6569 feat: provide an ESM build with and without debug
  • 7187453 chore: bump socket.io-parser to version 4.1.0
  • 91fbd47 chore: bump engine.io-client to version 6.0.0
  • 0a7efc8 chore(release): 4.2.0
  • ec3a784 chore: bump dependencies
  • 66e00b7 fix(typings): allow async listener in typed events
  • 4e1b656 feat: add an option to use native timer functions (#1479)
  • f3acddf refactor: remove duplicate initilializations (#1489)
  • dfb46b5 fix: allow to set randomizationFactor to 0 (#1447)
  • 7326bd5 chore(release): 4.1.3
  • cef471b chore: bump dependencies
  • b466c6f chore(release): 4.1.2
  • 35d27df fix(typings): add missing closeOnBeforeunload option (#1469)
  • c8dfbb1 fix(typings): add missing requestTimeout option (#1467)
  • 7d6a71c chore(release): 4.1.1
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

coveralls commented 2 years ago

Coverage Status

Coverage remained the same at 82.101% when pulling 325ec122c6230d2bb0ca7d3c2fe36ff9a49edeeb on snyk-upgrade-381b9c58140a9a1e015e18b8960aca0e into aaf448c6bc5f25ec4c3e2a6aff3c5feb168c3127 on master.