search

talevy013 / TestTal

MIT License
0 stars 0 forks source link

Update dependency socket.io to ^2.5.0 - autoclosed #323

Closed mend-for-github-com[bot] closed 9 months ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
socket.io dependencies minor ^2.1.0 -> ^2.5.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2022-2421 #330
Critical 9.4 CVE-2021-31597 #230
High 8.1 CVE-2020-28502 #162
High 8.1 WS-2020-0443 #218
High 7.5 CVE-2020-36048 #232
High 7.5 CVE-2020-36049 #235
Medium 6.5 CVE-2022-41940 #288
Medium 5.3 CVE-2021-32640 #305
Medium 5.3 CVE-2021-32640 #305
Medium 4.3 CVE-2020-28481 #228

Release Notes

socketio/socket.io (socket.io) ### [`v2.5.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#250-2022-06-26) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.4.1...2.5.0) ⚠️ WARNING ⚠️ The default value of the `maxHttpBufferSize` option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service. Security advisory: [GHSA-j4f2-536g-r55m](https://togithub.com/advisories/GHSA-j4f2-536g-r55m) ##### Bug Fixes - fix race condition in dynamic namespaces ([05e1278](https://togithub.com/socketio/socket.io/commit/05e1278cfa99f3ecf3f8f0531ffe57d850e9a05b)) - ignore packet received after disconnection ([22d4bdf](https://togithub.com/socketio/socket.io/commit/22d4bdf00d1a03885dc0171125faddfaef730066)) - only set 'connected' to true after middleware execution ([226cc16](https://togithub.com/socketio/socket.io/commit/226cc16165f9fe60f16ff4d295fb91c8971cde35)) - prevent the socket from joining a room after disconnection ([f223178](https://togithub.com/socketio/socket.io/commit/f223178eb655a7713303b21a78f9ef9e161d6458)) ##### Dependencies - [`engine.io@~3.6.0`](https://togithub.com/socketio/engine.io/releases/tag/3.6.0) (https://github.com/socketio/engine.io/compare/3.5.0...3.6.0) - [`ws@~7.4.2`](https://togithub.com/websockets/ws/releases/tag/7.4.2) (no change) #### [4.5.1](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1) (2022-05-17) ##### Bug Fixes - forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60)) - **typings:** add HTTPS server to accepted types ([#​4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v2.4.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#241-2021-01-07) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.4.0...2.4.1) ##### Reverts - fix(security): do not allow all origins by default ([a169050](https://togithub.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0)) ### [`v2.4.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#240-2021-01-04) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.3.0...2.4.0) ##### Bug Fixes - **security:** do not allow all origins by default ([f78a575](https://togithub.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7)) - properly overwrite the query sent in the handshake ([d33a619](https://togithub.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e)) #### [3.0.4](https://togithub.com/socketio/socket.io/compare/3.0.3...3.0.4) (2020-12-07) #### [3.0.3](https://togithub.com/socketio/socket.io/compare/3.0.2...3.0.3) (2020-11-19) #### [3.0.2](https://togithub.com/socketio/socket.io/compare/3.0.1...3.0.2) (2020-11-17) ##### Bug Fixes - merge Engine.IO options ([43705d7](https://togithub.com/socketio/socket.io/commit/43705d7a9149833afc69edc937ea7f8c9aabfeef)) #### [3.0.1](https://togithub.com/socketio/socket.io/compare/3.0.0...3.0.1) (2020-11-09) ##### Bug Fixes - export ServerOptions and Namespace types ([#​3684](https://togithub.com/socketio/socket.io/issues/3684)) ([f62f180](https://togithub.com/socketio/socket.io/commit/f62f180edafdd56d8a8a277e092bc66df0c5f07f)) - **typings:** update the signature of the emit method ([50671d9](https://togithub.com/socketio/socket.io/commit/50671d984a81535a6a15c704546ca7465e2ea295)) ### [`v2.3.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#230-2019-09-20) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.2.0...2.3.0) This release mainly contains a bump of the `engine.io` and `ws` packages, but no additional features. ### [`v2.2.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#220-2018-11-29) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.1.1...2.2.0) ##### Features - add cache-control header when serving the client source ([#​2907](https://togithub.com/socketio/socket.io/pull/2907)) ([b00ae50](https://togithub.com/socketio/socket.io/commit/b00ae50be65d1bc88fa95145f1c486a6886a6b76)) ##### Bug fixes - throw an error when trying to access the clients of a dynamic namespace ([#​3355](https://togithub.com/socketio/socket.io/pull/3355)) ([a7fbd1a](https://togithub.com/socketio/socket.io/commit/a7fbd1ac4a47cafd832fc62e371754df924c5903)) ### [`v2.1.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#211-2018-05-17) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.1.0...2.1.1) ##### Features - add local flag to the socket object ([#​3129](https://togithub.com/socketio/socket.io/pull/3219)) ([1decae3](https://togithub.com/socketio/socket.io/commit/1decae341c80c0417b32d3124ca30c005240b48a)) ```js socket.local.to('room101').emit(/* */); ```