Skip to content

[Snyk] Fix for 1 vulnerabilities#141

Open
TwistedHardware wants to merge 1 commit intomasterfrom
snyk-fix-f2e807efae3d95067a4fe564ec61b00f
Open

[Snyk] Fix for 1 vulnerabilities#141
TwistedHardware wants to merge 1 commit intomasterfrom
snyk-fix-f2e807efae3d95067a4fe564ec61b00f

Conversation

@TwistedHardware
Copy link
Copy Markdown
Collaborator

@TwistedHardware TwistedHardware commented May 25, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • static/uadmin/assets/socket.io/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-5596892		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io-client The new version differs by 59 commits.
  • abdba07 chore(release): 4.5.0
  • faf68a5 chore: update default label for bug reports
  • c0ba734 chore: add Node.js 16 in the test matrix
  • e859018 refactor: replace the disconnected attribute by a getter
  • 74e3e60 feat: add support for catch-all listeners for outgoing packets
  • 692d54e chore: point the CI badge towards the main branch
  • 6fdf3c9 refactor: import single-file 3rd party modules
  • b862924 feat: add details to the disconnect event
  • eaf782c docs: remove broken badges
  • 359d1e2 chore(release): 4.4.1
  • f56fdd0 chore: remove duplicate package.json file
  • 19836d9 chore: add types to exports field to be compatible with nodenext module resolution (#1522)
  • 71e34a3 chore(release): 4.4.0
  • 1e1952b chore: bump engine.io-client version
  • 522ffbe fix: prevent double ack with timeout
  • 99c2cb8 fix: fix `socket.disconnect().connect()` usage
  • 53d8fca fix: add package name in nested package.json
  • d54d12c fix: prevent socket from reconnecting after middleware failure
  • ccf7998 feat: add timeout feature
  • da0b828 chore(release): 4.3.2
  • 6780f29 fix: restore the default export (bis)
  • ca614b2 chore(release): 4.3.1
  • f0aae84 fix: restore the default export
  • 8737d0a fix: restore the namespace export

See the full diff

Package name: socket.io-parser The new version differs by 10 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TwistedHardware @snyk-bot