socket.io-mp-client icon indicating copy to clipboard operation
socket.io-mp-client copied to clipboard
verified publisher icon cytle

[Snyk] Security upgrade socket.io-parser from 3.1.3 to 4.0.5

Open cytle opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-SOCKETIOPARSER-3091012		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io-parser The new version differs by 52 commits.
  • f3329eb chore(release): 4.0.5
  • b559f05 fix: check the format of the index of each attachment
  • af1b23c chore(release): 4.0.4
  • 1c220dd fix: allow integers as event names
  • 444520d chore(release): 4.0.3
  • b076dbb ci: migrate to GitHub Actions
  • 7c380d3 chore: bump debug version
  • f2098b0 chore(release): 4.0.2
  • 66973a3 chore: cleanup dist folder before compilation
  • 4efa005 fix: move @ types/component-emitter to dependencies (#99)
  • c044433 docs: add compatibility table
  • e339323 chore(release): 4.0.1
  • 412769f chore(release): 4.0.1-rc3
  • db1d274 refactor: rename ERROR to CONNECT_ERROR
  • e3d272f docs: fix small typo (#98)
  • 64b6648 chore(release): 4.0.1-rc2
  • 58b3d09 chore: protocol version 5
  • 285e7cd feat: move binary detection back to the parser
  • 7fc3c42 chore(release): 4.0.1-rc1
  • 78f9fc2 feat: add support for a payload in a CONNECT packet
  • 9eb8561 refactor: use require for debug dependency
  • 091d25e chore: add dist
  • ccadd5a docs(changelog): include changelog for release 3.3.1
  • c04d7f5 chore(release): 4.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

cytle avatar Oct 30 '22 21:10 cytle