socket-security[bot]
commented
1 month ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/js-beautify@1.8.8 | Transitive: environment, filesystem, network, shell | +6 |
1.64 MB | bitwiseman |
| npm/json-loader@0.5.7 | None | 0 |
6.78 kB | d3viant0ne |
| npm/jsonwebtoken@8.5.1 | None | +12 |
200 kB | ziluvatar |
| npm/karma-chai@0.1.0 | None | 0 |
3.75 kB | alexgorbatchev |
| npm/karma-chrome-launcher@3.1.0 | environment, filesystem | 0 |
27.7 kB | karmarunnerbot |
| npm/karma-mocha-reporter@2.2.5 | Transitive: environment | +6 |
119 kB | litixsoft |
| npm/karma-mocha@2.0.1 | filesystem | +1 |
59.5 kB | karmarunnerbot |
| npm/karma-sourcemap-loader@0.3.8 | Transitive: environment, filesystem | +1 |
37.9 kB | demerzel3 |
| npm/karma-webpack@5.0.0 | filesystem Transitive: environment | +4 |
112 kB | ryanclark |
| npm/karma@6.4.3 | environment, filesystem, network, shell Transitive: eval, unsafe | +57 |
2.89 MB | karmarunnerbot |
| npm/localforage@1.8.1 | network | +2 |
1.84 MB | tofumatt |
| npm/lodash@4.17.21 | None | 0 |
1.41 MB | bnjmnt4n |
Bumps socket.io to 4.7.5 and updates ancestor dependency karma. These dependencies need to be updated together.
Updates
socket.iofrom 2.1.1 to 4.7.5Release notes
Sourced from socket.io's releases.
... (truncated)
Changelog
Sourced from socket.io's changelog.
... (truncated)
Commits
5017681chore(release): 4.7.5bf64870fix: close the adapters when the server is closed748e18cci: test with older TypeScript versionb9ce6a2refactor: create specific adapter for parent namespaces (#4950)54dabe5ci: upgrade to actions/checkout@4 and actions/setup-node@4e426f3efix: remove duplicate pipeline when serving bundlee36062cdocs: update the webtransport example0bbe8aedocs: only execute the passport middleware once914a8bddocs: add example with JWTd943c3edocs: update the Passport.js exampleUpdates
karmafrom 3.1.4 to 6.4.3Release notes
Sourced from karma's releases.
... (truncated)
Changelog
Sourced from karma's changelog.
... (truncated)
Commits
d8cf806chore(release): 6.4.3 [skip ci]d7f2d69fix: add build commits for patch release85a2eebbuild(deps-dev): bump decode-uri-component from 0.2.0 to 0.2.20bffce2build(deps): updated socket.io version to fix security issues with socket.io-...86667abbuild(deps): bump follow-redirects from 1.11.0 to 1.15.4450fdfddocs: Add deprecation notice to Karma README9de3c00chore(release): 6.4.2 [skip ci]c6a4271fix: few typos50f9635docs: update codeclimate badge in readme.md0013121chore(release): 6.4.1 [skip ci]Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | karma | [>= 6.a, < 7] | | karma | [> 3.1.4] |Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show