Update dependency socket.io to v2 [SECURITY]

renovate[bot] commented 3 years ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
socket.io (source)	`^1.3.5` -> `^2.5.1`

GitHub Vulnerability Alerts

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

Impact

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

node:events:502
    throw err; // Unhandled 'error' event
    ^

Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined)
    at new NodeError (node:internal/errors:405:5)
    at Socket.emit (node:events:500:17)
    at /myapp/node_modules/socket.io/lib/socket.js:531:14
    at process.processTicksAndRejections (node:internal/process/task_queues:77:11) {
  code: 'ERR_UNHANDLED_ERROR',
  context: undefined
}

Affected versions

Version range	Needs minor update?
`4.6.2...latest`	Nothing to do
`3.0.0...4.6.1`	Please upgrade to `socket.io@4.6.2` (at least)
`2.3.0...2.5.0`	Please upgrade to `socket.io@2.5.1`

Patches

This issue is fixed by https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115, included in socket.io@4.6.2 (released in May 2023).

The fix was backported in the 2.x branch today: https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

Workarounds

As a workaround for the affected versions of the socket.io package, you can attach a listener for the "error" event:

io.on("connection", (socket) => {
  socket.on("error", () => {
    // ...
  });
});

For more information

If you have any questions or comments about this advisory:

Open a discussion here

Thanks a lot to Paul Taylor for the responsible disclosure.

References

Release Notes

socketio/socket.io (socket.io)

### [`v2.5.1`](https://redirect.github.com/socketio/socket.io/releases/tag/2.5.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.5.0...2.5.1) ##### Bug Fixes - add a noop handler for the error event ([d30630b](https://redirect.github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/2.5.0...2.5.1 - Client release: `-` - engine.io version: `~3.6.0` (no change) - ws version: `~7.5.10` ### [`v2.5.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.5.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.4.1...2.5.0) :warning: WARNING :warning: The default value of the `maxHttpBufferSize` option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service. Security advisory: https://github.com/advisories/GHSA-j4f2-536g-r55m ##### Bug Fixes - fix race condition in dynamic namespaces ([05e1278](https://redirect.github.com/socketio/socket.io/commit/05e1278cfa99f3ecf3f8f0531ffe57d850e9a05b)) - ignore packet received after disconnection ([22d4bdf](https://redirect.github.com/socketio/socket.io/commit/22d4bdf00d1a03885dc0171125faddfaef730066)) - only set 'connected' to true after middleware execution ([226cc16](https://redirect.github.com/socketio/socket.io/commit/226cc16165f9fe60f16ff4d295fb91c8971cde35)) - prevent the socket from joining a room after disconnection ([f223178](https://redirect.github.com/socketio/socket.io/commit/f223178eb655a7713303b21a78f9ef9e161d6458)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/2.4.1...2.5.0 - Client release: [2.5.0](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.5.0) - engine.io version: `~3.6.0` ([diff](https://redirect.github.com/socketio/engine.io/compare/3.5.0...3.6.0)) - ws version: `~7.4.2` ### [`v2.4.1`](https://redirect.github.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#241-2021-01-07) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.4.0...2.4.1) ##### Reverts - fix(security): do not allow all origins by default ([a169050](https://redirect.github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0)) ### [`v2.4.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.4.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.3.0...2.4.0) Related blog post: https://socket.io/blog/socket-io-2-4-0/ ##### Features (from Engine.IO) - add support for all cookie options ([19cc582](https://redirect.github.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b)) - disable perMessageDeflate by default ([5ad2736](https://redirect.github.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21)) ##### Bug Fixes - **security:** do not allow all origins by default ([f78a575](https://redirect.github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7)) - properly overwrite the query sent in the handshake ([d33a619](https://redirect.github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e)) :warning: **BREAKING CHANGE** :warning: Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (`Access-Control-Allow-xxx`) to **any** domain. This will not be the case anymore, and you now have to explicitly enable it. Please note that you are not impacted if: - you are using Socket.IO v2 and the `origins` option to restrict the list of allowed domains - you are using Socket.IO v3 (disabled by default) This commit also removes the support for '\*' matchers and protocol-less URL: io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:*'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); To restore the previous behavior (please use with caution): ```js io.origins((_, callback) => { callback(null, true); }); ``` See also: - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - https://socket.io/docs/v3/handling-cors/ - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling Thanks a lot to [@ni8walk3r](https://redirect.github.com/ni8walk3r) for the security report. ##### Links: - Milestone: [2.4.0](https://redirect.github.com/socketio/socket.io/milestone/22) - Diff: https://github.com/socketio/socket.io/compare/2.3.0...2.4.0 - Client release: [2.4.0](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.4.0) - engine.io version: `~3.5.0` - ws version: `~7.4.2` ### [`v2.3.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.3.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.2.0...2.3.0) This release mainly contains a bump of the `engine.io` and `ws` packages, but no additional features. ##### Links: - Milestone: [2.3.0](https://redirect.github.com/socketio/socket.io/milestone/18) - Diff: https://github.com/socketio/socket.io/compare/2.2.0...2.3.0 - Client release: [2.3.0](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.3.0) - engine.io version: `~3.4.0` (diff: https://github.com/socketio/engine.io/compare/3.3.1...3.4.2) - ws version: `^7.1.2` (diff: https://github.com/websockets/ws/compare/6.1.2...7.3.1) ### [`v2.2.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.2.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.1.1...2.2.0) #### Features - add cache-control header when serving the client source ([#2907](https://redirect.github.com/socketio/socket.io/issues/2907)) #### Bug fixes - throw an error when trying to access the clients of a dynamic namespace ([#3355](https://redirect.github.com/socketio/socket.io/issues/3355)) ##### Links - Milestone: [2.2.0](https://redirect.github.com/socketio/socket.io/milestone/17) - Diff: https://github.com/socketio/socket.io/compare/2.1.1...2.2.0 - Client release: [2.2.0](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.2.0) - engine.io version: `~3.3.1` (diff: https://github.com/socketio/engine.io/compare/3.2.0...3.3.1) - ws version: `~6.1.0` (diff: https://github.com/websockets/ws/compare/3.3.1...6.1.2) ### [`v2.1.1`](https://redirect.github.com/socketio/socket.io/releases/tag/2.1.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.1.0...2.1.1) #### Features - add local flag to the socket object ([https://github.com/socketio/socket.io/pull/3219](https://redirect.github.com/socketio/socket.io/pull/3219)) ```js socket.local.to('room101').emit(/* */); ``` #### Bug fixes **(client)** fire an error event on middleware failure for non-root namespace ([https://github.com/socketio/socket.io-client/pull/1202](https://redirect.github.com/socketio/socket.io-client/pull/1202)) ##### Links: - Milestone: [2.1.1](https://redirect.github.com/socketio/socket.io/milestone/16) - Diff: https://github.com/socketio/socket.io/compare/2.1.0...2.1.1 - Client release: [2.1.1](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.1.1) - engine.io version: `~3.2.0` - ws version: `~3.3.1` ### [`v2.1.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.1.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.0.4...2.1.0) #### Features - add a 'binary' flag ([#3185](https://redirect.github.com/socketio/socket.io/issues/3185)) ```js // by default, the object is recursively scanned to check whether it contains some binary data // in the following example, the check is skipped in order to improve performance socket.binary(false).emit('plain-object', object); // it also works at the namespace level io.binary(false).emit('plain-object', object); ``` - add support for dynamic namespaces ([#3195](https://redirect.github.com/socketio/socket.io/issues/3195)) ```js io.of(/^\/dynamic-\d+$/).on('connect', (socket) => { // socket.nsp.name = '/dynamic-101' }); // client-side const client = require('socket.io-client')('/dynamic-101'); ``` #### Bug fixes - properly emit 'connect' when using a custom namespace ([#3197](https://redirect.github.com/socketio/socket.io/issues/3197)) - include the protocol in the origins check ([#3198](https://redirect.github.com/socketio/socket.io/issues/3198)) #### Important note :warning: from Engine.IO [3.2.0 release](https://redirect.github.com/socketio/engine.io/releases/tag/3.2.0) There are two non-breaking changes that are somehow quite important: - `ws` was reverted as the default wsEngine ([https://github.com/socketio/engine.io/pull/550](https://redirect.github.com/socketio/engine.io/pull/550)), as there was several blocking issues with `uws`. You can still use `uws` by running `npm install uws --save` in your project and using the `wsEngine` option: ```js var engine = require('engine.io'); var server = engine.listen(3000, { wsEngine: 'uws' }); ``` - `pingTimeout` now defaults to 5 seconds (instead of 60 seconds): [https://github.com/socketio/engine.io/pull/551](https://redirect.github.com/socketio/engine.io/pull/551) ##### Links: - Milestone: [2.1.0](https://redirect.github.com/socketio/socket.io/milestone/14) - Diff: https://github.com/socketio/socket.io/compare/2.0.4...2.1.0 - Client release: [2.1.0](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.1.0) - engine.io version: `~3.2.0` (diff: https://github.com/socketio/engine.io/compare/3.1.0...3.2.0) - ws version: `~3.3.1` (diff: https://github.com/websockets/ws/compare/2.3.1...3.3.1) ### [`v2.0.4`](https://redirect.github.com/socketio/socket.io/releases/tag/2.0.4) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.0.3...2.0.4) #### Bug fixes - do not throw when receiving an unhandled error packet ([#3038](https://redirect.github.com/socketio/socket.io/issues/3038)) - reset rooms object before broadcasting from namespace ([#3039](https://redirect.github.com/socketio/socket.io/issues/3039)) ##### Links: - Milestone: [2.0.4](https://redirect.github.com/socketio/socket.io/milestone/13) - Diff: [2.0.3...2.0.4](https://redirect.github.com/socketio/socket.io/compare/2.0.3...2.0.4) - Client release: [2.0.4](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.0.4) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.3`](https://redirect.github.com/socketio/socket.io/releases/tag/2.0.3) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.0.2...2.0.3) #### Bug fixes - reset rooms object before broadcasting ([#2970](https://redirect.github.com/socketio/socket.io/issues/2970)) - fix middleware initialization ([#2969](https://redirect.github.com/socketio/socket.io/issues/2969)) ##### Links: - Milestone: [2.0.3](https://redirect.github.com/socketio/socket.io/milestone/12) - Diff: [2.0.2...2.0.3](https://redirect.github.com/socketio/socket.io/compare/2.0.2...2.0.3) - Client release: [2.0.3](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.0.3) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.2`](https://redirect.github.com/socketio/socket.io/releases/tag/2.0.2) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.0.1...2.0.2) #### Bug fixes - fix timing issues with middleware ([#2948](https://redirect.github.com/socketio/socket.io/issues/2948)) ##### Links: - Milestone: [2.0.2](https://redirect.github.com/socketio/socket.io/milestone/11) - Diff: [2.0.1...2.0.2](https://redirect.github.com/socketio/socket.io/compare/2.0.1...2.0.2) - Client release: [2.0.2](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.0.2) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.1`](https://redirect.github.com/socketio/socket.io/releases/tag/2.0.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/2.0.0...2.0.1) #### Bug fixes \- update path of client file ([#2934](https://redirect.github.com/socketio/socket.io/issues/2934)) ##### Links: - Milestone: [2.0.1](https://redirect.github.com/socketio/socket.io/milestone/9) - Diff: [2.0.0...2.0.1](https://redirect.github.com/socketio/socket.io/compare/2.0.0...2.0.1) - Client release: [2.0.1](https://redirect.github.com/socketio/socket.io-client/releases/tag/2.0.1) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.0`](https://redirect.github.com/socketio/socket.io/releases/tag/2.0.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.7.4...2.0.0) This major release brings several performance improvements: - [uws](https://redirect.github.com/uWebSockets/uWebSockets) is now the default Websocket engine. It should bring significant improvement in performance (particularly in terms of memory consumption) (https://github.com/socketio/engine.io/releases/tag/2.0.0) - the Engine.IO and Socket.IO handshake packets were merged, reducing the number of roundtrips necessary to establish a connection. ([#2833](https://redirect.github.com/socketio/socket.io/issues/2833)) - it is now possible to provide a custom parser according to the needs of your application ([#2829](https://redirect.github.com/socketio/socket.io/issues/2829)). Please take a look at the [example](https://redirect.github.com/socketio/socket.io/tree/master/examples/custom-parsers) for more information. Please note that this release is not backward-compatible, due to: - a breaking change related to utf-8 encoding in engine.io-parser ([https://github.com/socketio/engine.io-parser/pull/81](https://redirect.github.com/socketio/engine.io-parser/pull/81)) - an update to make the socket id on the client match the id on the server-side ([https://github.com/socketio/socket.io-client/pull/1058](https://redirect.github.com/socketio/socket.io-client/pull/1058)) Please also note that if you are using a self-signed certificate, `rejectUnauthorized` now defaults to `true` ([https://github.com/socketio/engine.io-client/pull/558](https://redirect.github.com/socketio/engine.io-client/pull/558)). Finally, the API documentation is now in the repository ([here](https://redirect.github.com/socketio/socket.io/blob/master/docs/API.md)), and the content of the website [here](https://redirect.github.com/socketio/socket.io-website). Do not hesitate if you see something wrong or missing! The full list of changes: - \[feat] Move binary detection to the parser ([#2923](https://redirect.github.com/socketio/socket.io/issues/2923)) - \[feat] Allow to join several rooms at once ([#2879](https://redirect.github.com/socketio/socket.io/issues/2879)) - \[feat] Merge Engine.IO and Socket.IO handshake packets ([#2833](https://redirect.github.com/socketio/socket.io/issues/2833)) - \[feat] Allow the use of custom parsers ([#2829](https://redirect.github.com/socketio/socket.io/issues/2829)) - \[fix] Use path.resolve by default and require.resolve as a fallback ([#2797](https://redirect.github.com/socketio/socket.io/issues/2797)) (by [@a-lucas](https://redirect.github.com/a-lucas)) - \[fix] Properly close the connection on error ([#2681](https://redirect.github.com/socketio/socket.io/issues/2681)) (by [@Nibbler999](https://redirect.github.com/Nibbler999)) - \[fix] Prevent null from being accepted as argument ([#2606](https://redirect.github.com/socketio/socket.io/issues/2606)) (by [@ianbrode](https://redirect.github.com/ianbrode)) - \[perf] Use shared instance of the encoder ([#2825](https://redirect.github.com/socketio/socket.io/issues/2825)) (by [@Nibbler999](https://redirect.github.com/Nibbler999)) - \[perf] Reset properties instead of deleting them ([#2826](https://redirect.github.com/socketio/socket.io/issues/2826)) (by [@Nibbler999](https://redirect.github.com/Nibbler999)) - \[perf] micro-optimisations ([#2793](https://redirect.github.com/socketio/socket.io/issues/2793)) (by [@billouboq](https://redirect.github.com/billouboq)) - \[chore] Merge history of 1.7.x and 0.9.x branches ([#2930](https://redirect.github.com/socketio/socket.io/issues/2930)) - \[chore] Added backers and sponsors on the README ([#2933](https://redirect.github.com/socketio/socket.io/issues/2933)) (by [@xdamman](https://redirect.github.com/xdamman)) - \[chore] Bump dependencies ([#2926](https://redirect.github.com/socketio/socket.io/issues/2926)) - \[chore] Bump socket.io-adapter to version 1.0.0 ([#2867](https://redirect.github.com/socketio/socket.io/issues/2867)) - \[chore] Bump engine.io to version 2.0.2 ([#2864](https://redirect.github.com/socketio/socket.io/issues/2864)) - \[chore] Bump engine.io to version 2.0.0 ([#2832](https://redirect.github.com/socketio/socket.io/issues/2832)) (by [@sgress454](https://redirect.github.com/sgress454)) - \[chore] Update issue template with fiddle ([#2811](https://redirect.github.com/socketio/socket.io/issues/2811)) - \[chore] Update copyright year LICENSE to 2017 ([#2803](https://redirect.github.com/socketio/socket.io/issues/2803)) (by [@isabellatea](https://redirect.github.com/isabellatea)) - \[docs] Add an example of custom parser ([#2929](https://redirect.github.com/socketio/socket.io/issues/2929)) - \[docs] Replace non-breaking space with proper whitespace ([#2913](https://redirect.github.com/socketio/socket.io/issues/2913)) (by [@epicTCK](https://redirect.github.com/epicTCK)) - \[docs] Update emit cheatsheet ([#2906](https://redirect.github.com/socketio/socket.io/issues/2906)) (by [@FarazPatankar](https://redirect.github.com/FarazPatankar)) - \[docs] Explicitly document that Server extends EventEmitter ([#2874](https://redirect.github.com/socketio/socket.io/issues/2874)) (by [@i8-pi](https://redirect.github.com/i8-pi)) - \[docs] Add server.engine.generateId attribute ([#2880](https://redirect.github.com/socketio/socket.io/issues/2880)) (by [@efkan](https://redirect.github.com/efkan)) - \[docs] Fix wrong space character in README ([#2900](https://redirect.github.com/socketio/socket.io/issues/2900)) (by [@SimenB](https://redirect.github.com/SimenB)) - \[docs] Fix documentation for 'connect' event ([#2898](https://redirect.github.com/socketio/socket.io/issues/2898)) (by [@swhgoon](https://redirect.github.com/swhgoon)) - \[docs] Add webpack build example ([#2828](https://redirect.github.com/socketio/socket.io/issues/2828)) - \[docs] Update the wording to match the code example ([#2853](https://redirect.github.com/socketio/socket.io/issues/2853)) (by [@timruffles](https://redirect.github.com/timruffles)) - \[docs] Small addition to the Express Readme Part ([#2846](https://redirect.github.com/socketio/socket.io/issues/2846)) (by [@H3rby7](https://redirect.github.com/H3rby7)) - \[docs] Add a 'Features' section in the README ([#2824](https://redirect.github.com/socketio/socket.io/issues/2824)) - \[docs] Add httpd cluster example ([#2819](https://redirect.github.com/socketio/socket.io/issues/2819)) - \[docs] Add haproxy cluster example ([#2818](https://redirect.github.com/socketio/socket.io/issues/2818)) - \[docs] Add nginx cluster example ([#2817](https://redirect.github.com/socketio/socket.io/issues/2817)) - \[docs] Implement whiteboard example ([#2810](https://redirect.github.com/socketio/socket.io/issues/2810)) - \[docs] Fix documentation for `local` flag ([#2816](https://redirect.github.com/socketio/socket.io/issues/2816)) - \[docs] Add emit cheatsheet ([#2815](https://redirect.github.com/socketio/socket.io/issues/2815)) - \[docs] Add pingInterval/pingTimeout/transports options in the API documentation ([#2814](https://redirect.github.com/socketio/socket.io/issues/2814)) - \[docs] Add an example for socket.join() method ([#2813](https://redirect.github.com/socketio/socket.io/issues/2813)) - \[docs] Fix a typo on `clients` method in the API documentation ([#2812](https://redirect.github.com/socketio/socket.io/issues/2812)) - \[docs] Fix wrong argument name in API.md ([#2802](https://redirect.github.com/socketio/socket.io/issues/2802)) (by [@andrea11](https://redirect.github.com/andrea11)) - \[docs] Add install script on Readme.md ([#2780](https://redirect.github.com/socketio/socket.io/issues/2780)) (by [@bananaappletw](https://redirect.github.com/bananaappletw)) - \[docs] API documentation ([#2784](https://redirect.github.com/socketio/socket.io/issues/2784)) Besides, we are proud to announce that Socket.IO is now a part of open collective: https://opencollective.com/socketio. More on that later. ### [`v1.7.4`](https://redirect.github.com/socketio/socket.io/releases/tag/1.7.4) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.7.3...1.7.4) - \[chore] Bump engine.io to version 1.8.4 ### [`v1.7.3`](https://redirect.github.com/socketio/socket.io/releases/tag/1.7.3) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.7.2...1.7.3) - \[chore] Bump engine.io-client to version 1.8.3 ### [`v1.7.2`](https://redirect.github.com/socketio/socket.io/releases/tag/1.7.2) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.7.1...1.7.2) - \[chore] Bump engine.io to version 1.8.2 ([#2782](https://redirect.github.com/socketio/socket.io/issues/2782)) - \[fix] Fixes socket.use error packet ([#2772](https://redirect.github.com/socketio/socket.io/issues/2772)) ### [`v1.7.1`](https://redirect.github.com/socketio/socket.io/releases/tag/1.7.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.7.0...1.7.1) (following `socket.io-client` update) ### [`v1.7.0`](https://redirect.github.com/socketio/socket.io/releases/tag/1.7.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.6.0...1.7.0) - \[docs] Comment connected socket availability for adapters ([#2081](https://redirect.github.com/socketio/socket.io/issues/2081)) - \[docs] Fixed grammar issues in the README.md ([#2159](https://redirect.github.com/socketio/socket.io/issues/2159)) - \[feature] serve sourcemap for socket.io-client ([#2482](https://redirect.github.com/socketio/socket.io/issues/2482)) - \[feature] Add a `local` flag ([#2628](https://redirect.github.com/socketio/socket.io/issues/2628)) - \[chore] Bump engine.io to version 1.8.1 ([#2765](https://redirect.github.com/socketio/socket.io/issues/2765)) - \[chore] Update client location and serve minified file ([#2766](https://redirect.github.com/socketio/socket.io/issues/2766)) ### [`v1.6.0`](https://redirect.github.com/socketio/socket.io/releases/tag/1.6.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.5.1...1.6.0) - \[fix] Make ETag header comply with standard. ([#2603](https://redirect.github.com/socketio/socket.io/issues/2603)) - \[feature] Loading client script on demand. ([#2567](https://redirect.github.com/socketio/socket.io/issues/2567)) - \[test] Fix leaking clientSocket ([#2721](https://redirect.github.com/socketio/socket.io/issues/2721)) - \[feature] Add support for all event emitter methods ([#2601](https://redirect.github.com/socketio/socket.io/issues/2601)) - \[chore] Update year to 2016 ([#2456](https://redirect.github.com/socketio/socket.io/issues/2456)) - \[feature] Add support for socket middleware ([#2306](https://redirect.github.com/socketio/socket.io/issues/2306)) - \[feature] add support for Server#close(callback) ([#2748](https://redirect.github.com/socketio/socket.io/issues/2748)) - \[fix] Don't drop query variables on handshake ([#2745](https://redirect.github.com/socketio/socket.io/issues/2745)) - \[example] Add disconnection/reconnection logs to the chat example ([#2675](https://redirect.github.com/socketio/socket.io/issues/2675)) - \[perf] Minor code optimizations ([#2219](https://redirect.github.com/socketio/socket.io/issues/2219)) - \[chore] Bump debug to version 2.3.3 ([#2754](https://redirect.github.com/socketio/socket.io/issues/2754)) - \[chore] Bump engine.io to version 1.8.0 ([#2755](https://redirect.github.com/socketio/socket.io/issues/2755)) - \[chore] Bump socket.io-adapter to version 0.5.0 ([#2756](https://redirect.github.com/socketio/socket.io/issues/2756)) ### [`v1.5.1`](https://redirect.github.com/socketio/socket.io/releases/tag/1.5.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.5.0...1.5.1) - \[fix] Avoid swallowing exceptions thrown by user event handlers ([#2682](https://redirect.github.com/socketio/socket.io/issues/2682)) - \[test] Use client function to unify `client` in test script ([#2731](https://redirect.github.com/socketio/socket.io/issues/2731)) - \[docs] Add link to LICENSE ([#2221](https://redirect.github.com/socketio/socket.io/issues/2221)) - \[docs] Fix JSDoc of optional parameters ([#2465](https://redirect.github.com/socketio/socket.io/issues/2465)) - \[docs] Fix typo ([#2724](https://redirect.github.com/socketio/socket.io/issues/2724)) - \[docs] Link readme npm package badge to npm registry page ([#2612](https://redirect.github.com/socketio/socket.io/issues/2612)) - \[docs] Minor fixes ([#2526](https://redirect.github.com/socketio/socket.io/issues/2526)) - \[chore] Bump socket.io-parser to 2.3.0 ([#2730](https://redirect.github.com/socketio/socket.io/issues/2730)) - \[chore] Add Github issue and PR templates ([#2733](https://redirect.github.com/socketio/socket.io/issues/2733)) - \[chore] Bump engine.io to 1.7.2 ([#2729](https://redirect.github.com/socketio/socket.io/issues/2729)) - \[chore] Bump socket.io-parser to 2.3.1 ([#2734](https://redirect.github.com/socketio/socket.io/issues/2734)) ### [`v1.5.0`](https://redirect.github.com/socketio/socket.io/releases/tag/1.5.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.8...1.5.0) - \[feature] stop append /# before id when no namespace ([#2509](https://redirect.github.com/socketio/socket.io/issues/2509)) - \[feature] Add a 'disconnecting' event to access to socket.rooms upon disconnection ([#2332](https://redirect.github.com/socketio/socket.io/issues/2332)) - \[fix] Fix query string management ([#2422](https://redirect.github.com/socketio/socket.io/issues/2422)) - \[fix] add quote to exec paths, prevent error when spaces in path ([#2508](https://redirect.github.com/socketio/socket.io/issues/2508)) - \[docs] Prevent mixup for new programmers ([#2599](https://redirect.github.com/socketio/socket.io/issues/2599)) - \[example] Fix chat display in Firefox ([#2477](https://redirect.github.com/socketio/socket.io/issues/2477)) - \[chore] Add gulp & babel in the build process ([#2471](https://redirect.github.com/socketio/socket.io/issues/2471)) - \[chore] Bump engine.io to 1.7.0 ([#2707](https://redirect.github.com/socketio/socket.io/issues/2707)) - \[chore] Remove unused zuul-ngrok dependency ([#2708](https://redirect.github.com/socketio/socket.io/issues/2708)) - \[chore] Point towards current master of socket.io-client ([#2710](https://redirect.github.com/socketio/socket.io/issues/2710)) - \[chore] Restrict files included in npm package ([#2709](https://redirect.github.com/socketio/socket.io/issues/2709)) - \[chore] Link build badge to master branch ([#2549](https://redirect.github.com/socketio/socket.io/issues/2549)) ### [`v1.4.8`](https://redirect.github.com/socketio/socket.io/compare/1.4.7...1.4.8) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.7...1.4.8) ### [`v1.4.7`](https://redirect.github.com/socketio/socket.io/compare/1.4.6...1.4.7) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.6...1.4.7) ### [`v1.4.6`](https://redirect.github.com/socketio/socket.io/compare/1.4.5...1.4.6) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.5...1.4.6) ### [`v1.4.5`](https://redirect.github.com/socketio/socket.io/compare/1.4.4...1.4.5) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.4...1.4.5) ### [`v1.4.4`](https://redirect.github.com/socketio/socket.io/compare/1.4.3...1.4.4) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.3...1.4.4) ### [`v1.4.3`](https://redirect.github.com/socketio/socket.io/compare/1.4.2...1.4.3) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.2...1.4.3) ### [`v1.4.2`](https://redirect.github.com/socketio/socket.io/compare/1.4.1...1.4.2) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.1...1.4.2) ### [`v1.4.1`](https://redirect.github.com/socketio/socket.io/compare/1.4.0...1.4.1) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.4.0...1.4.1) ### [`v1.4.0`](https://redirect.github.com/socketio/socket.io/compare/1.3.7...1.4.0) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.3.7...1.4.0) ### [`v1.3.7`](https://redirect.github.com/socketio/socket.io/compare/1.3.6...1.3.7) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.3.6...1.3.7) ### [`v1.3.6`](https://redirect.github.com/socketio/socket.io/compare/1.3.5...1.3.6) [Compare Source](https://redirect.github.com/socketio/socket.io/compare/1.3.5...1.3.6)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "denial of service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

coderabbitai[bot] commented 5 months ago

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit , please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

yurikrupnik / angular-playground-full