[Snyk] Upgrade socket.io from 4.4.1 to 4.8.0 #2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade socket.io from 4.4.1 to 4.8.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ENGINEIO-3136336
Why? Has a fix available, CVSS 7.5
SNYK-JS-ENGINEIO-5496331
Why? Has a fix available, CVSS 7.5
SNYK-JS-SOCKETIO-7278048
Why? Has a fix available, CVSS 7.5
SNYK-JS-WS-7266574
Why? Has a fix available, CVSS 7.5
SNYK-JS-COOKIE-8163060
Why? Has a fix available, CVSS 7.5
SNYK-JS-SOCKETIOPARSER-3091012
Why? Has a fix available, CVSS 7.5
SNYK-JS-SOCKETIOPARSER-5596892
Why? Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: socket.io
Features
Custom transport implementations
The
transports
option now accepts an array of transport implementations:import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});
Here is the list of provided implementations:
Fetch
fetch()
method.NodeXHR
XMLHttpRequest
object provided by thexmlhttprequest-ssl
package.XHR
XMLHttpRequest
object.NodeWebSocket
WebSocket
object provided by thews
package.WebSocket
WebSocket
object.WebTransport
WebTransport
object.Usage:
Fetch
NodeXHR
XHR
NodeWebSocket
WebSocket
WebTransport
(1) since v18.0.0
(2) since v21.0.0
Added in f4d898e and b11763b.
Test each low-level transports
When setting the
tryAllTransports
option totrue
, if the first transport (usually, HTTP long-polling) fails, then the other transports will be tested too:const socket = io({
tryAllTransports: true
});
This feature is useful in two cases:
transports: ["websocket", "polling"]
)The only potential downside is that the connection attempt could take more time in case of failure, as there have been reports of WebSocket connection errors taking several seconds before being detected (that's one reason for using HTTP long-polling first). That's why the option defaults to
false
for now.Added in 579b243.
Bug Fixes
Dependencies
engine.io-client@~6.6.1
(diff and diff)ws@~8.17.1
(diff)Commit messages
Package name: socket.io
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs