Open ukmadlz opened 1 year ago
~6.1.0
(diff)~8.2.3
</li>
<li>
<b>4.3.2</b> - <a href="https://snyk.io/redirect/github/socketio/socket.io/releases/tag/4.3.2">2021-11-08</a></br><h3>Bug Fixes</h3>
~6.0.0
~8.2.3
</li>
<li>
<b>4.3.1</b> - <a href="https://snyk.io/redirect/github/socketio/socket.io/releases/tag/4.3.1">2021-10-16</a></br><h3>Bug Fixes</h3>
~6.0.0
~8.2.3
</li>
<li>
<b>4.3.0</b> - 2021-10-14
</li>
<li>
<b>4.2.0</b> - 2021-08-30
</li>
<li>
<b>4.1.3</b> - 2021-07-10
</li>
<li>
<b>4.1.2</b> - 2021-05-17
</li>
<li>
<b>4.1.1</b> - 2021-05-11
</li>
<li>
<b>4.1.0</b> - 2021-05-11
</li>
<li>
<b>4.0.2</b> - 2021-05-06
</li>
<li>
<b>4.0.1</b> - 2021-03-31
</li>
<li>
<b>4.0.0</b> - 2021-03-10
</li>
<li>
<b>3.1.2</b> - 2021-02-26
</li>
<li>
<b>3.1.1</b> - 2021-02-03
</li>
<li>
<b>3.1.0</b> - 2021-01-15
</li>
<li>
<b>3.0.5</b> - 2021-01-05
</li>
<li>
<b>3.0.4</b> - 2020-12-07
</li>
<li>
<b>3.0.3</b> - 2020-11-19
</li>
<li>
<b>3.0.2</b> - 2020-11-17
</li>
<li>
<b>3.0.1</b> - 2020-11-09
</li>
<li>
<b>3.0.0</b> - 2020-11-05
</li>
<li>
<b>3.0.0-rc4</b> - 2020-10-30
</li>
<li>
<b>3.0.0-rc3</b> - 2020-10-26
</li>
<li>
<b>3.0.0-rc2</b> - 2020-10-15
</li>
<li>
<b>3.0.0-rc1</b> - 2020-10-13
</li>
<li>
<b>2.5.0</b> - <a href="https://snyk.io/redirect/github/socketio/socket.io/releases/tag/2.5.0">2022-06-26</a></br><p><g-emoji class="g-emoji" alias="warning" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/26a0.png">⚠️</g-emoji> WARNING <g-emoji class="g-emoji" alias="warning" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/26a0.png">⚠️</g-emoji></p>
The default value of the maxHttpBufferSize
option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service.
Security advisory: GHSA-j4f2-536g-r55m
~3.6.0
(diff)~7.4.2
</li>
</ul>
from <a href="https://snyk.io/redirect/github/socketio/socket.io/releases">socket.io GitHub release notes</a>
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade socket.io from 2.5.0 to 4.5.4.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.*Warning:* This is a major version upgrade, and may be a breaking change. - The recommended version is **31 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-11-22. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-1056749](https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: socket.io
This release contains a bump of:
engine.io
in order to fix CVE-2022-41940socket.io-parser
in order to fix CVE-2022-2421.Links:
engine.io@~6.2.1
(diff)ws@~8.2.3
Links:
~6.2.0
~8.2.3
Links:
~6.2.0
~8.2.3
Links:
~6.2.0
~8.2.3
Features
This is similar to
onAny()
, but for outgoing packets.Syntax:
Syntax:
So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize
value.
This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as
we only add a field in the JSON-encoded handshake data:
Links:
~6.2.0
(diff)~8.2.3
RemoteSocket.data
type safe (#4234) (770ee59)SocketData
type to custom namespaces (#4233) (f2b8de7)Links:
~6.1.0
(diff)~8.2.3
Features
<div class="highlight highlight-source-js notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="const { App } = require("uWebSockets.js"); const { Server } = require("socket.io");
const app = new App(); const io = new Server();
io.attachApp(app);
io.on("connection", (socket) => { // ... });
app.listen(3000, (token) => { if (!token) { console.warn("port already in use"); } });">
socket.data
(#4159) (fe8730c)<div class="highlight highlight-source-js notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="interface SocketData { name: string; age: number; }
const io = new Server<ClientToServerEvents, ServerToClientEvents, InterServerEvents, SocketData>();
io.on("connection", (socket) => { socket.data.name = "john"; socket.data.age = 42; });">