Skip to content

[Snyk] Security upgrade socket.io from 2.5.0 to 3.0.5

Chris Hamill requested to merge snyk-fix-a66345c84ca3c7e9f5b497b90977825a into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905 		Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io The new version differs by 84 commits.
  • f8a66fd chore(release): 3.0.5
  • 752dfe3 chore: bump debug version
  • bf54327 revert: restore the socket middleware functionality
  • 170b739 fix: properly clear timeout on connection failure
  • 230cd19 chore: bump dependencies
  • a0a3481 test: fix random test failure
  • f773b48 chore: update GitHub issue templates
  • 292d62e docs(examples): update TypeScript example
  • 178e899 docs(examples): add Angular TodoMVC + Socket.IO example
  • d1bfe40 refactor: add more typing info and upgrade prettier (#3725)
  • 81c1f4e chore(release): 3.0.4
  • 1fba399 ci: migrate to GitHub Actions
  • 4e6d404 chore: make tests work on Windows (#3708)
  • 28c7cc0 style(issue-template): fix typo (#3700)
  • 06a2bd3 chore(release): 3.0.3
  • 85ebd35 chore: cleanup dist folder before compilation
  • 9b6f971 chore(release): 3.0.2
  • 43705d7 fix: merge Engine.IO options
  • 118cc68 chore: add 3rd party types in the list of dependencies
  • c596e54 docs(examples): update React Native example
  • f7e0009 docs(examples): update TypeScript example
  • e69d0ad chore: bump socket.io-client version
  • 0317a07 chore(release): 3.0.1
  • d00c0c0 docs(examples): update examples to Socket.IO v3

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Merge request reports