ttv-chat-bot
ttv-chat-bot copied to clipboard
clarkio
[Snyk] Fix for 1 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: socket.io
The new version differs by 99 commits.- 8be95b3 chore(release): 4.5.2
- ba497ee fix(uws): prevent the server from crashing after upgrade
- 2803871 ci: add explicit permissions to workflow (#4466)
- 134226e refactor: add missing constraints (#4431)
- 9890b03 chore: bump dependencies
- 713a6b4 chore: bump mocha to version 10.0.0
- 18f3fda fix: prevent the socket from joining a room after disconnection
- 5ab8289 chore(release): 4.5.1
- 30430f0 fix: forward the local flag to the adapter when using fetchSockets()
- 9b43c91 fix(typings): add HTTPS server to accepted types (#4351)
- 8ecfcba chore(release): 4.5.0
- 572133a docs(examples): update example with webpack
- 6e1bb62 chore: bump engine.io to version 6.2.0
- 06e6838 docs(examples): add server bundling example with rollup
- 1f03a44 docs(examples): update create-react-app example (#4347)
- be3d7f0 docs(examples): add TODO example with Postgres and Node.js cluster
- d12aab2 docs(examples): add example with express-session
- 9f75868 docs(examples): pin the version of karma-jasmine-html-reporter
- 0b35dc7 refactor: make the protocol implementation stricter
- 531104d feat: add support for catch-all listeners for outgoing packets
- 8b20457 feat: broadcast and expect multiple acks
- 0b7d70c chore: bump lockfile to v2
- 2f96438 chore: bump engine.io version to fix CVE-2022-21676 (#4262)
- 02c87a8 fix(typings): ensure compatibility with TypeScript 3.x (#4259)
Package name: socket.io-client
The new version differs by 59 commits.- abdba07 chore(release): 4.5.0
- faf68a5 chore: update default label for bug reports
- c0ba734 chore: add Node.js 16 in the test matrix
- e859018 refactor: replace the disconnected attribute by a getter
- 74e3e60 feat: add support for catch-all listeners for outgoing packets
- 692d54e chore: point the CI badge towards the main branch
- 6fdf3c9 refactor: import single-file 3rd party modules
- b862924 feat: add details to the disconnect event
- eaf782c docs: remove broken badges
- 359d1e2 chore(release): 4.4.1
- f56fdd0 chore: remove duplicate package.json file
- 19836d9 chore: add types to exports field to be compatible with nodenext module resolution (#1522)
- 71e34a3 chore(release): 4.4.0
- 1e1952b chore: bump engine.io-client version
- 522ffbe fix: prevent double ack with timeout
- 99c2cb8 fix: fix `socket.disconnect().connect()` usage
- 53d8fca fix: add package name in nested package.json
- d54d12c fix: prevent socket from reconnecting after middleware failure
- ccf7998 feat: add timeout feature
- da0b828 chore(release): 4.3.2
- 6780f29 fix: restore the default export (bis)
- ca614b2 chore(release): 4.3.1
- f0aae84 fix: restore the default export
- 8737d0a fix: restore the namespace export
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all
⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| [email protected] | 3.1.3...4.5.0 | None | +6/-13 |
darrachequesne |
| [email protected] | 3.1.2...4.5.2 | None | +7/-9 |
darrachequesne |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}