Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade socket.io-client from 4.6.2 to 4.7.0 #73

Merged
merged 1 commit into from
Feb 21, 2024
Merged

[Snyk] Upgrade socket.io-client from 4.6.2 to 4.7.0 #73

merged 1 commit into from
Feb 21, 2024

Conversation

eufelipemateus
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade socket.io-client from 4.6.2 to 4.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 24 days ago, on 2023-06-22.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Sandbox Escape
SNYK-JS-VM2-5415299		 602/1000
Why? Proof of Concept exploit, CVSS 9.9		 Proof of Concept
Sandbox Escape
SNYK-JS-VM2-5422057		 602/1000
Why? Proof of Concept exploit, CVSS 9.9		 Proof of Concept
Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093		 602/1000
Why? Proof of Concept exploit, CVSS 9.9		 No Known Exploit
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
SNYK-JS-VM2-5537079		 602/1000
Why? Proof of Concept exploit, CVSS 9.9		 Proof of Concept
Sandbox Bypass
SNYK-JS-VM2-5537100		 602/1000
Why? Proof of Concept exploit, CVSS 9.9		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: socket.io-client
  • 4.7.0 - 2023-06-22

    Bug Fixes

    • properly report timeout error when connecting (5bc94b5)
    • use same scope for setTimeout and clearTimeout calls (#1568) (f2892ab)

    Features

    Support for WebTransport

    The Engine.IO client can now use WebTransport as the underlying transport.

    WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.

    References:

    For Node.js clients: until WebTransport support lands in Node.js, you can use the @ fails-components/webtransport package:

    import { WebTransport } from "@ fails-components/webtransport";

    global.WebTransport = WebTransport;

    Added in 7195c0f.

    Cookie management for the Node.js client

    When setting the withCredentials option to true, the Node.js client will now include the cookies in the HTTP requests, making it easier to use it with cookie-based sticky sessions.

    https://example.com", {
    withCredentials: true
    });">
    import { io } from "socket.io-client";
    

    const socket = io("https://example.com", {
    
withCredentials: true
    
});

    Added in 5fc88a6.

    Conditional import of the ESM build with debug logs

    By default, the ESM build does not include the debug package in the browser environments, because it increases the bundle size (see 16b6569).

    Which means that, unfortunately, debug logs are not available in the devtools console, even when setting the localStorage.debug = ... attribute.

    You can now import the build which includes the debug packages with a conditional import. Example with vite:

    import { defineConfig } from 'vite'
    import react from '@ vitejs/plugin-react'

    export default defineConfig({
    plugins: [react()],
    server: {
    port: 4000
    },
    resolve: {
    conditions: ["development"]
    }
    })

    Reference: https://v2.vitejs.dev/config/#resolve-conditions

    Added in 781d753.

    Links

    • Diff: 4.6.2...4.7.0
    • Server release: 4.7.0
    • engine.io-client version: ~6.5.0 (diff)
    • ws version: ~8.11.0 (no change)
  • 4.6.2 - 2023-05-31

    Bug Fixes

    • exports: move types condition to the top (#1580) (7ead241)

    Links

    • Diff: 4.6.1...4.6.2
    • Server release: 4.6.2
    • engine.io-client version: ~6.4.0 (no change)
    • ws version: ~8.11.0 (no change)
from socket.io-client GitHub release notes
Commit messages
Package name: socket.io-client
  • 9b235ec chore(release): 4.7.0
  • f2892ab fix: use same scope for setTimeout and clearTimeout calls (#1568)
  • 5bc94b5 fix: properly report timeout error when connecting
  • 781d753 feat: expose ESM build with debug (#1585)
  • 8f14b98 chore: bump engine.io-client to version 6.5.0

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@eufelipemateus eufelipemateus force-pushed the snyk-upgrade-b8197d40782536174fbd341203f7b4bf branch from 10ad368 to 52e6a7a Compare February 21, 2024 21:52
@eufelipemateus eufelipemateus merged commit 7918915 into master Feb 21, 2024
4 checks passed
@eufelipemateus eufelipemateus deleted the snyk-upgrade-b8197d40782536174fbd341203f7b4bf branch February 21, 2024 22:19
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eufelipemateus @snyk-bot