[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: engine.io

The new version differs by 56 commits.

• 9df38d5 docs: update the list of supported engines
• 078527a feat: disable perMessageDeflate by default
• 54c6797 docs: update the default value of maxHttpBufferSize
• 1916d3a test: remove Node.js 8 from the test matrix
• 14ca7a1 chore: restore package-lock.json file
• ed29e59 chore: bump engine.io-parser version
• 03b4967 chore: bump cookie version
• 09708eb docs(changelog): include changelog for release 3.4.2
• 82cdca2 fix: remove implicit require of uws
• 94623c8 docs(changelog): include changelog for release 3.4.1
• dcdbccb fix: ignore errors when forcefully closing the socket (Multiplexing connection and client disconnect socketio/socket.io#601)
• 71ece3e chore(release): 4.0.0-alpha.1
• b27215d chore(release): 4.0.0-alpha.0
• 734f9d1 feat: decrease the default value of maxHttpBufferSize
• 61b9492 feat: use the cors module to handle cross-origin requests
• bafe684 refactor: refactor the handling of the options
• 61e639b test: add Node.js 10, 12 and 13 in the test matrix
• a374471 feat: disable cookie by default and add sameSite attribute
• 31ff875 feat: reverse the ping-pong mechanism
• 2ae2520 chore: point towards the v4 branch
• f3c291f feat: generateId method can now return a Promise
• 33564b2 refactor: use prettier to format code
• da93fb6 refactor: migrate to ES6 syntax
• ecfcc69 [chore] Release 3.4.0

See the full diff

Package name: socket.io-client

The new version differs by 68 commits.

• b7e07ba chore(release): 3.0.0
• ffa2804 chore(release): 3.0.0-rc4
• 0939395 feat: emit an Error object upon middleware error
• 969debe refactor: rework of the Manager events
• a9127ce chore(release): 3.0.0-rc3
• 13e1db7 refactor: rename ERROR to CONNECT_ERROR
• 55f464f feat: add support for catch-all listeners
• 71d6048 feat: add bundle with msgpack parser
• f3cbe98 refactor: additional typings
• 7ddad2c feat: add volatile events
• b600e78 chore(release): 3.0.0-rc2
• 1789094 feat: move binary detection back to the parser
• c7998d5 refactor: add Manager and Socket typings
• 2c7c230 chore: publish the wrapper.mjs file
• a66473f chore: use socketio GitHub organization
• 946a9f0 chore: fix test script
• a838ff1 chore(release): 3.0.0-rc1
• b68f816 chore: bump debug
• cbabb03 feat: add ES6 module export
• e826992 refactor: remove the 'connect_timeout' event
• b60e909 refactor: remove the 'connecting' event
• 6494f61 feat: throw upon reserved event names
• 132f8ec feat: split the events of the Manager and Socket
• 6cd2e4e refactor: remove the packetBuffer array

See the full diff

Package name: socket.io-parser

The new version differs by 16 commits.

• a8130ce chore: release 3.4.1
• dcb942d fix: prevent DoS (OOM) via massive packets (fixes for the README socketio/socket.io#95)
• a5d0435 test: transpile to es5 with babelify
• 652402a [chore] Release 3.4.0
• 9b3572e [chore] Bump debug to version 4.1.0 (Make Flashsocket port configurable socketio/socket.io#92)
• de1fd36 [docs] Fix incorrect socket.io-protocol version in Readme ("Data incorrectly framed by UA" error in FF 4 socketio/socket.io#89)
• 0de72b9 [chore] Release 3.3.0
• b47efb2 [fix] Remove any reference to the `global` variable
• d95e38f [chore] Update the Makefile
• b57e063 [test] Update travis configuration
• 48f340e [refactor] Fix a small typo and code styling (IE7&8 on XP does not work with the chat example socketio/socket.io#88)
• 6e40018 [chore] Release 3.2.0
• 92c530d [fix] Properly handle JSON.stringify errors (Incompatibe w/ current git Node.js because 'sys' is renamed to 'util' socketio/socket.io#84)
• dc4f475 [revert] Move binary detection to the parser
• f115039 [test] Update travis configuration
• 6b356eb [fix] Properly detect typed arrays (Support for inline (same port) flash socket policy request socketio/socket.io#85)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic