Closed renovate[bot] closed 1 year ago
This PR contains the following updates:
4.2.2
4.2.3
3.4.2
3.4.3
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.
TypeError: Cannot convert object to primitive value at Socket.emit (node:events:507:25) at .../node_modules/socket.io/lib/socket.js:531:14
A fix has been released today (2023/05/22):
socket.io-parser@4.2.3
socket.io-parser@3.4.3
socket.io
socket.io-parser
4.5.2...latest
~4.2.0
npm audit fix
4.1.3...4.5.1
~4.1.1
socket.io@4.6.x
3.0.5...4.1.2
~4.0.3
3.0.0...3.0.4
~4.0.1
2.3.0...2.5.0
~3.4.0
There is no known workaround except upgrading to a safe version.
If you have any questions or comments about this advisory:
Thanks to @rafax00 for the responsible disclosure.
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.2.2
->4.2.3
3.4.2
->3.4.3
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-32695
Impact
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.
Patches
A fix has been released today (2023/05/22):
socket.io-parser@4.2.3
socket.io-parser@3.4.3
socket.io
versionsocket.io-parser
version4.5.2...latest
~4.2.0
(ref)npm audit fix
should be sufficient4.1.3...4.5.1
~4.1.1
(ref)socket.io@4.6.x
3.0.5...4.1.2
~4.0.3
(ref)socket.io@4.6.x
3.0.0...3.0.4
~4.0.1
(ref)socket.io@4.6.x
2.3.0...2.5.0
~3.4.0
(ref)npm audit fix
should be sufficientWorkarounds
There is no known workaround except upgrading to a safe version.
For more information
If you have any questions or comments about this advisory:
Thanks to @rafax00 for the responsible disclosure.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.