angular-cart-demo
angular-cart-demo copied to clipboard
Published
20 hours ago •
Capgemini
Capgemini
[Snyk] Fix for 1 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: socket.io
The new version differs by 102 commits.- 873fdc5 chore(release): 2.4.0
- f78a575 fix(security): do not allow all origins by default
- d33a619 fix: properly overwrite the query sent in the handshake
- 3951a79 chore: bump engine.io version
- 6fa026f ci: migrate to GitHub Actions
- 47161a6 [chore] Release 2.3.0
- cf39362 [chore] Bump socket.io-parser to version 3.4.0
- 4d01b2c test: remove deprecated Buffer usage (#3481)
- 8227192 [docs] Fix the default value of the 'origins' parameter (#3464)
- 1150eb5 [chore] Bump engine.io to version 3.4.0
- 9c1e73c [chore] Update the license of the chat example (#3410)
- df05b73 [chore] Release 2.2.0
- b00ae50 [feat] Add cache-control header when serving the client source (#2907)
- d3c653d [docs] Add Touch Support to the whiteboard example (#3104)
- a7fbd1a [fix] Throw an error when trying to access the clients of a dynamic namespace (#3355)
- 190d22b [chore] Bump dependencies
- 7b8fba7 [test] Update Travis configuration
- e5f0cea [docs] Use new JavaScript syntax inside the README (#3360)
- 7e35f90 [docs] fix `this` scope in the chat example
- 2dbec77 [chore] Update issue template
- d97d873 [docs] update README.md (#3309)
- e0b2cb0 [chore] Release 2.1.1
- 1decae3 [feat] Add local flag to the socket object (#3219)
- 0279c47 [docs] Convert the chat example to ES6 (#3227)
Package name: socket.io-client
The new version differs by 72 commits.- de2ccff chore(release): 2.4.0
- e9dd12a chore: bump engine.io-client version
- 7248c1e ci: migrate to GitHub Actions
- 4631ed6 chore(release): 2.3.1
- 7f73a28 test: fix tests in IE
- 67c54b8 chore: bump engine.io-parser and socket.io-parser
- 15a52ab test: remove arrow function (for now)
- 050108b fix: fix reconnection after opening socket asynchronously (#1253)
- b570025 chore: bump engine.io-client and downgrade debug
- 1fb1b78 chore: remove unused dependencies
- 0c39f14 docs: add section about Debug / logging on the client side (#1278)
- 6ce02ee docs: add server port in the example (#1359)
- f4a4d89 chore: update package-lock.json file
- 3c1d860 chore: bump component-emitter dependency (#1376)
- b7dbbd2 test: fix race condition in the tests
- 661f1e7 [chore] Release 2.3.0
- 71d7b79 [chore] Bump engine.io-client to version 3.4.0
- 8b4a539 [docs] Add CDN link (#1318)
- 40cf185 [ci] use Node.js 10 for compatibility with Gulp v3
- 3020e45 [chore] Release 2.2.0
- 06e9a4c [chore] Bump dependencies
- 4a93871 [chore] Update the Makefile
- eeafa44 [fix] Remove any reference to the `global` variable
- dfc34e4 [chore] Pin zuul version
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
