search

Randyblo7 / github-slideshow

A robot powered training repository :robot:
https://lab.github.com/githubtraining/introduction-to-github
MIT License
0 stars 0 forks source link

[Snyk] Upgrade socket.io from 1.3.7 to 1.7.4 #3

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade socket.io from 1.3.7 to 1.7.4.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Insecure Defaults
npm:engine.io-client:20160426		 619/1000
Why? Has a fix available, CVSS 8.1		 No Known Exploit
Denial of Service (DoS)
npm:ws:20171108		 619/1000
Why? Has a fix available, CVSS 8.1		 Mature
Denial of Service (DoS)
npm:ws:20160624		 619/1000
Why? Has a fix available, CVSS 8.1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:ms:20151024		 619/1000
Why? Has a fix available, CVSS 8.1		 No Known Exploit
Insecure Randomness
npm:ws:20160920		 619/1000
Why? Has a fix available, CVSS 8.1		 No Known Exploit
Remote Memory Exposure
npm:ws:20160104		 619/1000
Why? Has a fix available, CVSS 8.1		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: socket.io
  • 1.7.4 - 2017-05-07
  • 1.7.3 - 2017-02-17
  • 1.7.2 - 2016-12-11
  • 1.7.1 - 2016-11-27
  • 1.7.0 - 2016-11-27
  • 1.6.0 - 2016-11-20
  • 1.5.1 - 2016-10-24
  • 1.5.0 - 2016-10-06
  • 1.4.8 - 2016-06-24
  • 1.4.7 - 2016-06-24
  • 1.4.6 - 2016-05-03
  • 1.4.5 - 2016-01-26
  • 1.4.4 - 2016-01-11
  • 1.4.3 - 2016-01-08
  • 1.4.2 - 2016-01-08
  • 1.4.1 - 2016-01-07
  • 1.4.0 - 2016-01-05
  • 1.3.7 - 2015-09-21
from socket.io GitHub release notes
Commit messages
Package name: socket.io
  • 0abbd4d [chore] Release 1.7.4
  • c89ccd9 [chore] Bump engine.io to version 1.8.4
  • a646044 [chore] Release 1.7.3
  • 751a6fc [chore] Bump engine.io to version 1.8.3
  • 1f59e45 [chore] Release 1.7.2 (#2783)
  • 0a7afa8 [chore] Bump engine.io to version 1.8.2 (#2782)
  • 1e31769 [fix] Fixes socket.use error packet (#2772)
  • 797c9a3 [chore] Release 1.7.1 (#2768)
  • 4f93a0b [chore] Release 1.7.0 (#2767)
  • 3c98130 [chore] Update client location and serve minified file (#2766)
  • 9c23308 [chore] Bump engine.io to version 1.8.1 (#2765)
  • 955e5e0 [feature] Add a `local` flag (#2628)
  • 0ef55b2 [feature] serve sourcemap for socket.io-client (#2482)
  • 4d8e2d3 [docs] Fixed grammar issues in the README.md (#2159)
  • d48f848 [docs] Comment connected socket availability for adapters (#2081)
  • 57b3863 [chore] Release 1.6.0 (#2757)
  • 9e7567d [chore] Bump socket.io-adapter to version 0.5.0 (#2756)
  • 2e36799 [chore] Bump engine.io to version 1.8.0 (#2755)
  • 9bb5e9d [chore] Bump debug to version 2.3.3 (#2754)
  • ff2c15d [perf] Minor code optimizations (#2219)
  • a483658 [example] Add disconnection/reconnection logs to the chat example (#2675)
  • 4c5dbd8 [fix] Don't drop query variables on handshake (#2745)
  • e14a10b [feature] add support for Server#close(callback) (#2748)
  • 5a123be [feature] Add support for socket middleware (#2306)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs