Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #27

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749		 Yes Proof of Concept
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: engine.io The new version differs by 94 commits.
  • 9df38d5 docs: update the list of supported engines
  • 078527a feat: disable perMessageDeflate by default
  • 54c6797 docs: update the default value of maxHttpBufferSize
  • 1916d3a test: remove Node.js 8 from the test matrix
  • 14ca7a1 chore: restore package-lock.json file
  • ed29e59 chore: bump engine.io-parser version
  • 03b4967 chore: bump cookie version
  • 09708eb docs(changelog): include changelog for release 3.4.2
  • 82cdca2 fix: remove implicit require of uws
  • 94623c8 docs(changelog): include changelog for release 3.4.1
  • dcdbccb fix: ignore errors when forcefully closing the socket (Multiplexing connection and client disconnect socketio/socket.io#601)
  • 71ece3e chore(release): 4.0.0-alpha.1
  • b27215d chore(release): 4.0.0-alpha.0
  • 734f9d1 feat: decrease the default value of maxHttpBufferSize
  • 61b9492 feat: use the cors module to handle cross-origin requests
  • bafe684 refactor: refactor the handling of the options
  • 61e639b test: add Node.js 10, 12 and 13 in the test matrix
  • a374471 feat: disable cookie by default and add sameSite attribute
  • 31ff875 feat: reverse the ping-pong mechanism
  • 2ae2520 chore: point towards the v4 branch
  • f3c291f feat: generateId method can now return a Promise
  • 33564b2 refactor: use prettier to format code
  • da93fb6 refactor: migrate to ES6 syntax
  • ecfcc69 [chore] Release 3.4.0

See the full diff

Package name: socket.io-adapter The new version differs by 3 commits.

See the full diff

Package name: socket.io-parser The new version differs by 38 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot