Skip to content

[Snyk] Security upgrade engine.io from 3.6.1 to 4.0.6#154

Open
TwistedHardware wants to merge 1 commit intomasterfrom
snyk-fix-e67632761e5efe2631b0a6c72299f26a
Open

[Snyk] Security upgrade engine.io from 3.6.1 to 4.0.6#154
TwistedHardware wants to merge 1 commit intomasterfrom
snyk-fix-e67632761e5efe2631b0a6c72299f26a

Conversation

@TwistedHardware
Copy link
Copy Markdown
Collaborator

@TwistedHardware TwistedHardware commented Dec 6, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • static/uadmin/assets/socket.io/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: engine.io The new version differs by 46 commits.
  • 9b62152 chore(release): 4.0.6
  • 5a91253 chore: bump ws and debug versions
  • fffa0a3 chore: update GitHub issue templates
  • cec2750 fix: correctly pass the options when using the Server constructor (#610)
  • 04ea358 docs(changelog): include changelog for release 3.5.0
  • e7115b8 chore(release): 4.0.5
  • f5efa1e refactor: use ES6 syntax for the tests
  • 312bd35 ci: migrate to GitHub Actions
  • c2981c6 chore(release): 4.0.4
  • 67ca12c chore(release): 4.0.3
  • 9ddccf3 chore: bump engine.io-client
  • 16fd658 chore(release): 4.0.2
  • 17b8c2f fix: add extension in the package.json main entry (#608)
  • 3284208 chore: bump engine.io-client
  • 58943c3 chore(release): 4.0.1
  • c099338 refactor: remove binary handling for the polling transport
  • fe093ba fix: do not overwrite CORS headers upon error
  • f9c0e74 chore: bump eiows to 3.3.2
  • a05379b test: use eiows
  • 428b4f5 docs: update links to other repositories
  • ec83022 docs: update examples with ES6 syntax
  • 6092239 docs: update latency example
  • 70b1c36 chore(release): 4.0.0
  • 9df38d5 docs: update the list of supported engines

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TwistedHardware @snyk-bot