Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-ENGINEIO-5496331
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: socket.io
The new version differs by 60 commits.- a2e5d1f chore(release): 4.6.0
- d8143cc refactor: do not persist session if connection state recovery if disabled
- b2dd7cf chore: bump engine.io to version 6.4.0
- 3734b74 revert: feat: expose current offset to allow deduplication
- 8aa9499 feat: add description to the disconnecting and disconnect events (#4622)
- 4e64123 feat: expose current offset to allow deduplication
- 115a981 refactor: do not include the pid by default
- 0c0eb00 fix: add timeout method to remote socket (#4558)
- f8640d9 refactor: export DisconnectReason type
- 93d446a refactor: add charset when serving the bundle files
- 184f3cf feat: add promise-based acknowledgements
- 5d9220b feat: add the ability to clean up empty child namespaces (#4602)
- 1298839 test: add test with onAnyOutgoing() and binary attachments
- 6c27b8b test: add test with socket.disconnect(true)
- f3ada7d fix(typings): properly type emits with timeout
- a21ad88 docs(changelog): add note about maxHttpBufferSize default value (#4596)
- 54d5ee0 feat: implement connection state recovery
- da2b542 perf: precompute the WebSocket frames when broadcasting
- b7d54db docs: add Rust client implementation (#4592)
- d4a9b2c refactor(typings): add types for io.engine (#4591)
- 547c541 chore: add security policy
- 3b7ced7 chore(release): 4.5.4
- c00bb95 chore: bump engine.io to version 6.2.1
- 57e5f25 chore: bump socket.io-parser to version 4.2.1
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.