Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade socket.io-client from 4.0.0 to 4.3.2 #190

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade socket.io-client from 4.0.0 to 4.3.2 #190

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Nov 8, 2021

Snyk has created this PR to upgrade socket.io-client from 4.0.0 to 4.3.2.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-10-16.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: socket.io-client
  • 4.3.2 - 2021-10-16

    Bug Fixes

    • restore the default export (bis) (6780f29)

    Links:

    • Diff: 4.3.1...4.3.2
    • Server release: -
    • engine.io-client version: ~6.0.1
    • ws version: ~8.2.3

    Size of the bundles:

    min min+gzip
    socket.io.min.js 40.0 KB (-) 13.0 KB (-)
    socket.io.msgpack.min.js 45.2 KB (-) 14.2 KB (-)
    socket.io.esm.min.js 32.8 KB (-) 11.1 KB (-)
  • 4.3.1 - 2021-10-15

    Bug Fixes

    • restore the default export (f0aae84)
    • restore the namespace export (8737d0a)

    Links:

    • Diff: 4.3.0...4.3.1
    • Server release: -
    • engine.io-client version: ~6.0.1
    • ws version: ~8.2.3

    Size of the bundles:

    min min+gzip
    socket.io.min.js 40.0 KB (+ 0.1 KB ⬆️) 13.0 KB (+ 0.1 KB ⬆️)
    socket.io.msgpack.min.js 45.2 KB (+ 0.1 KB ⬆️) 14.2 KB (+ 0.1 KB ⬆️)
    socket.io.esm.min.js 32.8 KB (+ 0.1 KB ⬆️) 11.1 KB (-)
  • 4.3.0 - 2021-10-14

    An ESM bundle is now provided:

    <script type="module">
    import { io } from "https://cdn.socket.io/4.3.0/socket.io.esm.min.js";

    const socket = io();

    socket.emit("hello", "world");
    </script>

    The bundle size has also been greatly reduced, from 16.0 KB to 12.9 KB (min+gzip).

    Features

    • typings: add missing types for some emitter methods (#1502) (a9e5b85)
    • provide an ESM build with and without debug (16b6569)
    • migrate to rollup (0661564)

    Links:

    Size of the bundles:

    min  min+gzip
    socket.io.min.js 39.9 KB (-24.6 KB ⬇️) 12.9 KB (-3.1 KB ⬇️)
    socket.io.msgpack.min.js 45.1 KB (-25.6 KB ⬇️) 14 KB (-2.6 KB ⬇️)
    socket.io.esm.min.js 32.7 KB 11.1 KB
  • 4.2.0 - 2021-08-30

    Bug Fixes

    • typings: allow async listener in typed events (66e00b7)
    • allow to set randomizationFactor to 0 (#1447) (dfb46b5)

    Features

    • add an option to use native timer functions (#1479) (4e1b656)

    Links:

    • Diff: 4.1.3...4.2.0
    • Server release: 4.2.0
    • engine.io-client version: ~5.2.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 64.5 KB (+ 1.5 KB)
      • socket.io.msgpack.min.js: 65.5 KB (+ 1.4 KB)
  • 4.1.3 - 2021-07-10

    This release only contains a bump from engine.io-client.

    Links:

    • Diff: 4.1.2...4.1.3
    • Server release: 4.1.3
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 63 KB (+ 0.2 KB)
      • socket.io.msgpack.min.js: 64.1 KB (+ 0.2 KB)
  • 4.1.2 - 2021-05-17

    Bug Fixes

    • typings: add missing closeOnBeforeunload option (#1469) (35d27df)
    • typings: add missing requestTimeout option (#1467) (c8dfbb1)

    Links:

    • Diff: 4.1.1...4.1.2
    • Server release: 4.1.2
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.1.1 - 2021-05-11

    There were some minor bug fixes on the server side, which mandate a client bump.

    Links:

    • Diff: 4.1.0...4.1.1
    • Server release: 4.1.1
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.1.0 - 2021-05-11

    Blog post: https://socket.io/blog/socket-io-4-1-0/

    Features

    • add the "closeOnBeforeunload" option (dcb85e9, from engine.io-client)

    Links:

    • Diff: 4.0.2...4.1.0
    • Server release: 4.1.0
    • engine.io-client version: ~5.1.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.2 - 2021-05-06

    Bug Fixes

    • typings: add fallback to untyped event listener (5394669)
    • ensure buffered events are sent in order (34f822f)
    • ensure connections are properly multiplexed (dd2a8fc)
    • properly export the Socket class (e20d487)

    Links:

    • Diff: 4.0.1...4.0.2
    • Server release: 4.0.2
    • engine.io-client version: ~5.0.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.1 - 2021-03-31

    Bug Fixes

    • typings: make auth property public (#1455) (c150223)
    • typings: update definition to match wrapper.mjs (#1456) (48f573f)

    Links:

    • Diff: 4.0.0...4.0.1
    • Server release: 4.0.1
    • engine.io-client version: ~5.0.0
    • ws version: ~7.4.2
    • Build size
      • socket.io.min.js: 62.8 KB (=)
      • socket.io.msgpack.min.js: 63.9 KB (=)
  • 4.0.0 - 2021-03-10
from socket.io-client GitHub release notes
Commit messages
Package name: socket.io-client
  • da0b828 chore(release): 4.3.2
  • 6780f29 fix: restore the default export (bis)
  • ca614b2 chore(release): 4.3.1
  • f0aae84 fix: restore the default export
  • 8737d0a fix: restore the namespace export
  • c76d367 chore(release): 4.3.0
  • 91b948b refactor: move the typed events to @ socket.io/component-emitter
  • a9e5b85 feat(typings): add missing types for some emitter methods (#1502)
  • 0661564 chore: migrate to rollup
  • 16b6569 feat: provide an ESM build with and without debug
  • 7187453 chore: bump socket.io-parser to version 4.1.0
  • 91fbd47 chore: bump engine.io-client to version 6.0.0
  • 0a7efc8 chore(release): 4.2.0
  • ec3a784 chore: bump dependencies
  • 66e00b7 fix(typings): allow async listener in typed events
  • 4e1b656 feat: add an option to use native timer functions (#1479)
  • f3acddf refactor: remove duplicate initilializations (#1489)
  • dfb46b5 fix: allow to set randomizationFactor to 0 (#1447)
  • 7326bd5 chore(release): 4.1.3
  • cef471b chore: bump dependencies
  • b466c6f chore(release): 4.1.2
  • 35d27df fix(typings): add missing closeOnBeforeunload option (#1469)
  • c8dfbb1 fix(typings): add missing requestTimeout option (#1467)
  • 7d6a71c chore(release): 4.1.1

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@coveralls
Copy link

Coverage Status

Coverage remained the same at 82.101% when pulling 325ec12 on snyk-upgrade-381b9c58140a9a1e015e18b8960aca0e into aaf448c on master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @coveralls