search

shaneclarke-whitesource / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

Update dependency socket.io to v4 - autoclosed #6

Closed mend-for-github-com[bot] closed 9 months ago

mend-for-github-com[bot] commented 9 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
socket.io ^3.1.0 -> ^4.5.2 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 7.5 CVE-2023-32695
Medium Medium 6.5 CVE-2022-41940

Release Notes

socketio/socket.io (socket.io) ### [`v4.5.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#452-2022-09-02) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.1...4.5.2) ##### Bug Fixes - prevent the socket from joining a room after disconnection ([18f3fda](https://togithub.com/socketio/socket.io/commit/18f3fdab12947a9fee3e9c37cfc1da97027d1473)) - **uws:** prevent the server from crashing after upgrade ([ba497ee](https://togithub.com/socketio/socket.io/commit/ba497ee3eb52c4abf1464380d015d8c788714364)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v4.5.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#451-2022-05-17) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1) ##### Bug Fixes - forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60)) - **typings:** add HTTPS server to accepted types ([#​4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v4.5.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#450-2022-04-23) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.1...4.5.0) ##### Bug Fixes - **typings:** ensure compatibility with TypeScript 3.x ([#​4259](https://togithub.com/socketio/socket.io/issues/4259)) ([02c87a8](https://togithub.com/socketio/socket.io/commit/02c87a85614e217b8e7b93753f315790ae9d99f6)) ##### Features ##### Catch-all listeners for outgoing packets This is similar to `onAny()`, but for outgoing packets. Syntax: ```js socket.onAnyOutgoing((event, ...args) => { console.log(event); }); ``` Added in [531104d](https://togithub.com/socketio/socket.io/commit/531104d332690138b7aab84d5583d6204132c8b4). ##### Broadcast and expect multiple acknowledgements Syntax: ```js io.timeout(1000).emit("some-event", (err, responses) => { // ... }); ``` Added in [8b20457](https://togithub.com/socketio/socket.io/commit/8b204570a94979bbec307f23ca078f30f5cf07b0). ##### `maxHttpBufferSize` value negotiation A "maxPayload" field is now included in the Engine.IO handshake, so that clients in HTTP long-polling can decide how many packets they have to send to stay under the `maxHttpBufferSize` value. This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data: 0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000} Added in [088dcb4](https://togithub.com/socketio/engine.io/commit/088dcb4dff60df39785df13d0a33d3ceaa1dff38). ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (https://github.com/socketio/engine.io/compare/6.1.0...6.2.0) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) #### [4.4.1](https://togithub.com/socketio/socket.io/compare/4.4.0...4.4.1) (2022-01-06) ##### Bug Fixes - **types:** make `RemoteSocket.data` type safe ([#​4234](https://togithub.com/socketio/socket.io/issues/4234)) ([770ee59](https://togithub.com/socketio/socket.io/commit/770ee5949fb47c2556876c622f06c862573657d6)) - **types:** pass `SocketData` type to custom namespaces ([#​4233](https://togithub.com/socketio/socket.io/issues/4233)) ([f2b8de7](https://togithub.com/socketio/socket.io/commit/f2b8de71919e1b4d3e57f15a459972c1d1064787)) ### [`v4.4.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#441-2022-01-06) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.0...4.4.1) ##### Bug Fixes - **types:** make `RemoteSocket.data` type safe ([#​4234](https://togithub.com/socketio/socket.io/issues/4234)) ([770ee59](https://togithub.com/socketio/socket.io/commit/770ee5949fb47c2556876c622f06c862573657d6)) - **types:** pass `SocketData` type to custom namespaces ([#​4233](https://togithub.com/socketio/socket.io/issues/4233)) ([f2b8de7](https://togithub.com/socketio/socket.io/commit/f2b8de71919e1b4d3e57f15a459972c1d1064787)) ### [`v4.4.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#440-2021-11-18) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.2...4.4.0) ##### Bug Fixes - only set 'connected' to true after middleware execution ([02b0f73](https://togithub.com/socketio/socket.io/commit/02b0f73e2c64b09c72c5fbf7dc5f059557bdbe50)) ##### Features - add an implementation based on uWebSockets.js ([c0d8c5a](https://togithub.com/socketio/socket.io/commit/c0d8c5ab234d0d2bef0d0dec472973cc9662f647)) - add timeout feature ([f0ed42f](https://togithub.com/socketio/socket.io/commit/f0ed42f18cabef20ad976aeec37077b6bf3837a5)) - add type information to `socket.data` ([#​4159](https://togithub.com/socketio/socket.io/issues/4159)) ([fe8730c](https://togithub.com/socketio/socket.io/commit/fe8730ca0f15bc92d5de81cf934c89c76d6af329)) #### [4.3.2](https://togithub.com/socketio/socket.io/compare/4.3.1...4.3.2) (2021-11-08) ##### Bug Fixes - fix race condition in dynamic namespaces ([#​4137](https://togithub.com/socketio/socket.io/issues/4137)) ([9d86397](https://togithub.com/socketio/socket.io/commit/9d86397243bcbb5775a29d96e5ef03e17148a8e7)) #### [4.3.1](https://togithub.com/socketio/socket.io/compare/4.3.0...4.3.1) (2021-10-16) ##### Bug Fixes - fix server attachment ([#​4127](https://togithub.com/socketio/socket.io/issues/4127)) ([0ef2a4d](https://togithub.com/socketio/socket.io/commit/0ef2a4d02c9350aff163df9cb61aece89c4dac0f)) ### [`v4.3.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#432-2021-11-08) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.1...4.3.2) ##### Bug Fixes - fix race condition in dynamic namespaces ([#​4137](https://togithub.com/socketio/socket.io/issues/4137)) ([9d86397](https://togithub.com/socketio/socket.io/commit/9d86397243bcbb5775a29d96e5ef03e17148a8e7)) ### [`v4.3.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#431-2021-10-16) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.0...4.3.1) ##### Bug Fixes - fix server attachment ([#​4127](https://togithub.com/socketio/socket.io/issues/4127)) ([0ef2a4d](https://togithub.com/socketio/socket.io/commit/0ef2a4d02c9350aff163df9cb61aece89c4dac0f)) ### [`v4.3.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#430-2021-10-14) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.2.0...4.3.0) ##### Bug Fixes - **typings:** add name field to cookie option ([#​4099](https://togithub.com/socketio/socket.io/issues/4099)) ([033c5d3](https://togithub.com/socketio/socket.io/commit/033c5d399a2b985afad32c1e4b0c16d764e248cd)) - send volatile packets with binary attachments ([dc81fcf](https://togithub.com/socketio/socket.io/commit/dc81fcf461cfdbb5b34b1a5a96b84373754047d5)) ##### Features - serve ESM bundle ([60edecb](https://togithub.com/socketio/socket.io/commit/60edecb3bd33801803cdcba0aefbafa381a2abb3)) ### [`v4.2.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#420-2021-08-30) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.1.3...4.2.0) ##### Bug Fixes - **typings:** allow async listener in typed events ([ccfd8ca](https://togithub.com/socketio/socket.io/commit/ccfd8caba6d38b7ba6c5114bd8179346ed07671c)) ##### Features - ignore the query string when serving client JavaScript ([#​4024](https://togithub.com/socketio/socket.io/issues/4024)) ([24fee27](https://togithub.com/socketio/socket.io/commit/24fee27ba36485308f8e995879c10931532c814e)) #### [4.1.3](https://togithub.com/socketio/socket.io/compare/4.1.2...4.1.3) (2021-07-10) ##### Bug Fixes - fix io.except() method ([94e27cd](https://togithub.com/socketio/socket.io/commit/94e27cd072c8a4eeb9636f6ffbb7a21d382f36b0)) - remove x-sourcemap header ([a4dffc6](https://togithub.com/socketio/socket.io/commit/a4dffc6527f412d51a786ae5bf2e9080fe1ca63c)) #### [4.1.2](https://togithub.com/socketio/socket.io/compare/4.1.1...4.1.2) (2021-05-17) ##### Bug Fixes - **typings:** ensure compatibility with TypeScript 3.x ([0cb6ac9](https://togithub.com/socketio/socket.io/commit/0cb6ac95b49a27483b6f1b6402fa54b35f82e36f)) - ensure compatibility with previous versions of the adapter ([a2cf248](https://togithub.com/socketio/socket.io/commit/a2cf2486c366cb62293101c10520c57f6984a3fc)) #### [4.1.1](https://togithub.com/socketio/socket.io/compare/4.1.0...4.1.1) (2021-05-11) ##### Bug Fixes - **typings:** properly type server-side events ([b84ed1e](https://togithub.com/socketio/socket.io/commit/b84ed1e41c9053792caf58974c5de9395bfd509f)) - **typings:** properly type the adapter attribute ([891b187](https://togithub.com/socketio/socket.io/commit/891b1870e92d1ec38910f03bb839817e2d6be65a)) ### [`v4.1.3`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#413-2021-07-10) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.1.2...4.1.3) ##### Bug Fixes - fix io.except() method ([94e27cd](https://togithub.com/socketio/socket.io/commit/94e27cd072c8a4eeb9636f6ffbb7a21d382f36b0)) - remove x-sourcemap header ([a4dffc6](https://togithub.com/socketio/socket.io/commit/a4dffc6527f412d51a786ae5bf2e9080fe1ca63c)) ### [`v4.1.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#412-2021-05-17) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.1.1...4.1.2) ##### Bug Fixes - **typings:** ensure compatibility with TypeScript 3.x ([0cb6ac9](https://togithub.com/socketio/socket.io/commit/0cb6ac95b49a27483b6f1b6402fa54b35f82e36f)) - ensure compatibility with previous versions of the adapter ([a2cf248](https://togithub.com/socketio/socket.io/commit/a2cf2486c366cb62293101c10520c57f6984a3fc)) ### [`v4.1.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#411-2021-05-11) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.1.0...4.1.1) ##### Bug Fixes - **typings:** properly type server-side events ([b84ed1e](https://togithub.com/socketio/socket.io/commit/b84ed1e41c9053792caf58974c5de9395bfd509f)) - **typings:** properly type the adapter attribute ([891b187](https://togithub.com/socketio/socket.io/commit/891b1870e92d1ec38910f03bb839817e2d6be65a)) ### [`v4.1.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#410-2021-05-11) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.0.2...4.1.0) ##### Features - add support for inter-server communication ([93cce05](https://togithub.com/socketio/socket.io/commit/93cce05fb3faf91f21fa71212275c776aa161107)) - notify upon namespace creation ([499c892](https://togithub.com/socketio/socket.io/commit/499c89250d2db1ab7725ab2b74840e188c267c46)) - add a "connection_error" event ([7096e98](https://togithub.com/socketio/engine.io/commit/7096e98a02295a62c8ea2aa56461d4875887092d), from `engine.io`) - add the "initial_headers" and "headers" events ([2527543](https://togithub.com/socketio/engine.io/commit/252754353a0e88eb036ebb3082e9d6a9a5f497db), from `engine.io`) ##### Performance Improvements - add support for the "wsPreEncoded" writing option ([dc381b7](https://togithub.com/socketio/socket.io/commit/dc381b72c6b2f8172001dedd84116122e4cc95b3)) #### [4.0.2](https://togithub.com/socketio/socket.io/compare/4.0.1...4.0.2) (2021-05-06) ##### Bug Fixes - **typings:** make "engine" attribute public ([b81ce4c](https://togithub.com/socketio/socket.io/commit/b81ce4c9d0b00666361498e2ba5e0d007d5860b8)) - properly export the Socket class ([d65b6ee](https://togithub.com/socketio/socket.io/commit/d65b6ee84c8e91deb61c3c1385eb19afa196a909)) #### [4.0.1](https://togithub.com/socketio/socket.io/compare/4.0.0...4.0.1) (2021-03-31) ##### Bug Fixes - **typings:** add fallback to untyped event listener ([#​3834](https://togithub.com/socketio/socket.io/issues/3834)) ([a11152f](https://togithub.com/socketio/socket.io/commit/a11152f42b281df83409313962f60f230239c79e)) - **typings:** update return type from emit ([#​3843](https://togithub.com/socketio/socket.io/issues/3843)) ([1a72ae4](https://togithub.com/socketio/socket.io/commit/1a72ae4fe27a14cf60916f991a2c94da91d9e54a)) ### [`v4.0.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#402-2021-05-06) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.0.1...4.0.2) ##### Bug Fixes - **typings:** make "engine" attribute public ([b81ce4c](https://togithub.com/socketio/socket.io/commit/b81ce4c9d0b00666361498e2ba5e0d007d5860b8)) - properly export the Socket class ([d65b6ee](https://togithub.com/socketio/socket.io/commit/d65b6ee84c8e91deb61c3c1385eb19afa196a909)) ### [`v4.0.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#401-2021-03-31) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.0.0...4.0.1) ##### Bug Fixes - **typings:** add fallback to untyped event listener ([#​3834](https://togithub.com/socketio/socket.io/issues/3834)) ([a11152f](https://togithub.com/socketio/socket.io/commit/a11152f42b281df83409313962f60f230239c79e)) - **typings:** update return type from emit ([#​3843](https://togithub.com/socketio/socket.io/issues/3843)) ([1a72ae4](https://togithub.com/socketio/socket.io/commit/1a72ae4fe27a14cf60916f991a2c94da91d9e54a)) ### [`v4.0.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#400-2021-03-10) [Compare Source](https://togithub.com/socketio/socket.io/compare/3.1.2...4.0.0) ##### Bug Fixes - make io.to(...) immutable ([ac9e8ca](https://togithub.com/socketio/socket.io/commit/ac9e8ca6c71e00d4af45ee03f590fe56f3951186)) ##### Features - add some utility methods ([b25495c](https://togithub.com/socketio/socket.io/commit/b25495c069031674da08e19aed68922c7c7a0e28)) - add support for typed events ([#​3822](https://togithub.com/socketio/socket.io/issues/3822)) ([0107510](https://togithub.com/socketio/socket.io/commit/0107510ba8a0f148c78029d8be8919b350feb633)) - allow to exclude specific rooms when broadcasting ([#​3789](https://togithub.com/socketio/socket.io/issues/3789)) ([7de2e87](https://togithub.com/socketio/socket.io/commit/7de2e87e888d849eb2dfc5e362af4c9e86044701)) - allow to pass an array to io.to(...) ([085d1de](https://togithub.com/socketio/socket.io/commit/085d1de9df909651de8b313cc6f9f253374b702e)) #### [3.1.2](https://togithub.com/socketio/socket.io/compare/3.1.1...3.1.2) (2021-02-26) ##### Bug Fixes - ignore packets received after disconnection ([494c64e](https://togithub.com/socketio/socket.io/commit/494c64e44f645cbd24c645f1186d203789e84af0)) #### [3.1.1](https://togithub.com/socketio/socket.io/compare/3.1.0...3.1.1) (2021-02-03) ##### Bug Fixes - properly parse the CONNECT packet in v2 compatibility mode ([6f4bd7f](https://togithub.com/socketio/socket.io/commit/6f4bd7f8e7c41a075a8014565330a77c38b03a8d)) - **typings:** add return types and general-case overload signatures ([#​3776](https://togithub.com/socketio/socket.io/issues/3776)) ([9e8f288](https://togithub.com/socketio/socket.io/commit/9e8f288ca9f14f91064b8d3cce5946f7d23d407c)) - **typings:** update the types of "query", "auth" and "headers" ([4f2e9a7](https://togithub.com/socketio/socket.io/commit/4f2e9a716d9835b550c8fd9a9b429ebf069c2895)) ### [`v3.1.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#312-2021-02-26) [Compare Source](https://togithub.com/socketio/socket.io/compare/3.1.1...3.1.2) ##### Bug Fixes - ignore packets received after disconnection ([494c64e](https://togithub.com/socketio/socket.io/commit/494c64e44f645cbd24c645f1186d203789e84af0)) ### [`v3.1.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#311-2021-02-03) [Compare Source](https://togithub.com/socketio/socket.io/compare/3.1.0...3.1.1) ##### Bug Fixes - properly parse the CONNECT packet in v2 compatibility mode ([6f4bd7f](https://togithub.com/socketio/socket.io/commit/6f4bd7f8e7c41a075a8014565330a77c38b03a8d)) - **typings:** add return types and general-case overload signatures ([#​3776](https://togithub.com/socketio/socket.io/issues/3776)) ([9e8f288](https://togithub.com/socketio/socket.io/commit/9e8f288ca9f14f91064b8d3cce5946f7d23d407c)) - **typings:** update the types of "query", "auth" and "headers" ([4f2e9a7](https://togithub.com/socketio/socket.io/commit/4f2e9a716d9835b550c8fd9a9b429ebf069c2895))