[Snyk] Fix for 1 vulnerabilities

[geva]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 139 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (Fixed typo. socketio/socket.io#486)
• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (npm packge.jason needs to be updated! socketio/socket.io#504)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (npm packge.jason needs to be updated! socketio/socket.io#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request Can we create socket instance by using socket = new io.Socket socketio/socket.io#496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (Object doesn't support property or method 'packet'  socketio/socket.io#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`

See the full diff

Package name: engine.io

The new version differs by 46 commits.

• b3f3590 [chore] Release 3.1.5
• 0d4e79e [chore] Bump dependencies (node crash: node: src/uv-common.c:92: uv_err_name: Assertion `0' failed. socketio/socket.io#549)
• ea318b8 [chore] Bump accepts to version 1.3.4 (Socket.io appears not to be working in Firefox 8 on Linux socketio/socket.io#548)
• d7aaf2b [docs] Update test command in README (Origin is not allowed by Access-Control-Allow-Origin. socketio/socket.io#547)
• c107ffe [chore] Bump uws to version 9.14.0 (Authorization and handshake errors socketio/socket.io#545)
• 8d0ce5f [refactor] Add some checks to prevent usage of undefined properties (Setting log: false breaks socket.io in manager.js socketio/socket.io#540)
• 1a685c0 [chore] Release 3.1.4
• b3f1d35 [chore] Bump ws to version 3.3.1 (Socket.io and non-domain-level Proxies socketio/socket.io#543)
• 3ee803a [chore] Release 3.1.3
• 49362ab [fix] Fix undefined remoteAddress when using uws (Connect to websocket.org echo service socketio/socket.io#533)
• 3c77780 [chore] Bump debug to version 2.6.9 (Fixes issue 523, and (unreported?) issue where flashsocket identifies as websocket socketio/socket.io#532)
• bf24359 [chore] Release 3.1.2
• a8ff89c [chore] Release 3.1.1
• e0d720c [fix] Check whether 'Origin' header has invalid characters (Fails on IE8/9 Cross domain. socketio/socket.io#531)
• 38d639a [fix] Use explicit require of wsEngine (TypeError: Object #<WebSocket> has no method 'payload' socketio/socket.io#523)
• f9d3f06 [docs] Fix wsEngine default value in README (Why a socket is needed for each namespaces? socketio/socket.io#526)
• fd20b91 [test] Use npm scripts instead of gulp (that's dev server with 3 connections, logs over 2-3seconds socketio/socket.io#530)
• 7f63d38 [fix] Fix undeterministic error in polling buffer processing (Fix RedisStore socketio/socket.io#529)
• 3dcc2d5 [fix] Use workaround for setEncoding bug in node 0.10+ (last version is unstable socketio/socket.io#527)
• e76e035 [fix] Fix null payload when aborting connection (Properly getting a socket by ID socketio/socket.io#503)
• 935b155 [chore] Release 3.1.0
• 82ed65f [test] Add test for maxHttpBufferSize option with websocket (Redis store connection settings socketio/socket.io#499)
• 519fb8d [chore] Bump uws to version 0.14.4 (Fixes issue commented on in #377 socketio/socket.io#501)
• 7edb34e [chore] Bump dependencies (Clarification of reconnect semantics socketio/socket.io#500)

See the full diff

Package name: socket.io-adapter

The new version differs by 7 commits.

• 6874ea4 [chore] release 1.1.1
• bdb015a [chore] remove unused 'debug' dependency (Added a second example using channels and has a basic API socketio/socket.io#52)
• c6f7bae [chore] Release 1.1.0 (Server restart - "Couldnt find client with session id" flood socketio/socket.io#50)
• f627cd2 [feat] Add addAll method (none socketio/socket.io#49)
• b983377 [chore] Release 1.0.0 (Errors on starting server.js on with node 0.2.0 socketio/socket.io#48)
• 40764bb [feat] Remove the socket.io-parser dependency (Client.disconnect() to force a client to disconnect socketio/socket.io#47)
• fd086d7 [refactor] Remove useless self var (example not working in firefox 3.6.8 socketio/socket.io#45)

See the full diff

Package name: socket.io-parser

The new version differs by 22 commits.

• f9c0625 [chore] Release 3.1.3
• f0a7df1 [fix] Ensure packet data is an array (WebSocket CLOSE_WAIT on disconnect socketio/socket.io#83)
• 8822578 [fix] Use ArrayBuffer.isView to check for typed arrays (Disconnects are blocking socketio/socket.io#82)
• dd164e6 [chore] Bump debug to version 3.1.0
• f9c3549 [chore] Release 3.1.2
• 425391a [chore] Bump has-binary2 to version 1.0.2 (Location MisMatch on Secure WebSockets socketio/socket.io#70)
• b4f849a [fix] Fix Blob detection for iOS 8/9 (Error detection for the flashSocket net server socketio/socket.io#69)
• eaee5d5 [chore] Release 3.1.1
• 2f31a4e [fix] Ensure globals are functions before running `instanceof` (Problem with IE 8 socketio/socket.io#68)
• 8e5465d [chore] Release 3.1.0
• 403b858 [chore] Bump debug to version 2.6.4 (Memory leaks socketio/socket.io#67)
• f44256c [feat] Move binary detection to the parser (Socket.IO does not intercept first client file request socketio/socket.io#66)
• 817adca [chore] Release 3.0.0
• e295b9b [chore] Bump isarray to version 2.0.1 (Streamline setup+use socketio/socket.io#65)
• e39f5a8 [chore] Use native JSON and drop support for older nodejs versions (Better handling of the listener resource. socketio/socket.io#64)
• 9ce9a98 [chore] Release 2.3.2 ( Illegal transport "socket.io.js" socketio/socket.io#59)
• 2314c10 [perf] Small optimisations (don't require() transports that are not in use? socketio/socket.io#57)
• 5ac691e [chore] Update zuul config to speed up tests in browser (Bad headers in jsonp-polling, xhr-polling socketio/socket.io#58)
• c2d0a08 [refactor] Remove useless variable (Untitled socketio/socket.io#55)
• aed8257 [chore] Bump dependencies (README: please mention server.listen() socketio/socket.io#56)
• 9072faa [refactor] Remove unused var (Few optimisations and bug fixes. socketio/socket.io#53)
• 9772195 [refactor] Use strict equality when possible (Added a second example using channels and has a basic API socketio/socket.io#52)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)