Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade socket.io from 1.3.7 to 1.7.4 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade socket.io from 1.3.7 to 1.7.4 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Mar 3, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • slides/plugin/multiplex/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 761/1000
Why? Mature exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
npm:ws:20171108		 No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io The new version differs by 239 commits.
  • 0abbd4d [chore] Release 1.7.4
  • c89ccd9 [chore] Bump engine.io to version 1.8.4
  • a646044 [chore] Release 1.7.3
  • 751a6fc [chore] Bump engine.io to version 1.8.3
  • 1f59e45 [chore] Release 1.7.2 (#2783)
  • 0a7afa8 [chore] Bump engine.io to version 1.8.2 (#2782)
  • 1e31769 [fix] Fixes socket.use error packet (#2772)
  • 797c9a3 [chore] Release 1.7.1 (#2768)
  • 4f93a0b [chore] Release 1.7.0 (#2767)
  • 3c98130 [chore] Update client location and serve minified file (#2766)
  • 9c23308 [chore] Bump engine.io to version 1.8.1 (#2765)
  • 955e5e0 [feature] Add a `local` flag (#2628)
  • 0ef55b2 [feature] serve sourcemap for socket.io-client (#2482)
  • 4d8e2d3 [docs] Fixed grammar issues in the README.md (#2159)
  • d48f848 [docs] Comment connected socket availability for adapters (#2081)
  • 57b3863 [chore] Release 1.6.0 (#2757)
  • 9e7567d [chore] Bump socket.io-adapter to version 0.5.0 (#2756)
  • 2e36799 [chore] Bump engine.io to version 1.8.0 (#2755)
  • 9bb5e9d [chore] Bump debug to version 2.3.3 (#2754)
  • ff2c15d [perf] Minor code optimizations (#2219)
  • a483658 [example] Add disconnection/reconnection logs to the chat example (#2675)
  • 4c5dbd8 [fix] Don't drop query variables on handshake (#2745)
  • e14a10b [feature] add support for Server#close(callback) (#2748)
  • 5a123be [feature] Add support for socket middleware (#2306)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot