Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core: bump socket.io dependency #10757

Merged
merged 1 commit into from
Feb 15, 2022
Merged

core: bump socket.io dependency #10757

merged 1 commit into from
Feb 15, 2022

Conversation

vince-fugnitto
Copy link
Member

@vince-fugnitto vince-fugnitto commented Feb 15, 2022

What it does

Fixes: #10514 (comment).

The commit bumps the socket.io dependency to a version which does not use engine.io at a vulnerable version.

How to test

  • CI should be successful (build and tests)
  • yarn audit | grep "engine.io" should not produce any output

Review checklist

Reminder for reviewers

Signed-off-by: vince-fugnitto [email protected]

The commit bumps the `socket.io` dependency to a version which does not
use `engine.io` at a vulnerable version.

Signed-off-by: vince-fugnitto <[email protected]>
@vince-fugnitto vince-fugnitto added messaging issues related to messaging security issues related to security dependencies pull requests that update a dependency file labels Feb 15, 2022
@paul-marechal paul-marechal merged commit 1e80962 into master Feb 15, 2022
@paul-marechal paul-marechal deleted the vf/socket-io-bump branch February 15, 2022 19:16
@github-actions github-actions bot added this to the 1.23.0 milestone Feb 15, 2022
thegecko pushed a commit to ARMmbed/theia that referenced this pull request Feb 17, 2022
The commit bumps the `socket.io` dependency to a version which does not
use `engine.io` at a vulnerable version.

Signed-off-by: vince-fugnitto <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies pull requests that update a dependency file messaging issues related to messaging security issues related to security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants