Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade engine.io-client from 4.0.0 to 6.1.1 #8

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade engine.io-client from 4.0.0 to 6.1.1 #8

wants to merge 2 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade engine.io-client from 4.0.0 to 6.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 23 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-11-14.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: engine.io-client
  • 6.1.1 - 2021-11-14

    Bug Fixes

    • add package name in nested package.json (6e798fb)
    • fix vite build for CommonJS users (c557707)

    Links

  • 6.1.0 - 2021-11-08

    The minor bump is due to changes on the server side.

    Bug Fixes

    • typings: allow any value in the query option (018e1af)
    • typings: allow port to be a number (#680) (8f68f77)

    Links

  • 6.0.3 - 2021-11-14

    Some bug fixes were backported from master, to be included by the latest socket.io-client version.

    Bug Fixes

    • add package name in nested package.json (32511ee)
    • fix vite build for CommonJS users (9fcaf58)

    Links

  • 6.0.2 - 2021-10-15

    Bug Fixes

    Links

  • 6.0.1 - 2021-10-14

    Bug Fixes

    Links

  • 6.0.0 - 2021-10-08

    This major release contains three important changes:

    • the codebase was migrated to TypeScript (7245b80)
    • rollup is now used instead of webpack to create the bundles (27de300)
    • code that provided support for ancient browsers (think IE8) was removed (c656192 and b2c7381)

    There is now three distinct builds (in the build/ directory):

    • CommonJS
    • ESM with debug
    • ESM without debug (rationale here: 00d7e7d)

    And three bundles (in the dist/ directory) :

    • engine.io.js: unminified UMD bundle
    • engine.io.min.js: minified UMD bundle
    • engine.io.esm.min.js: ESM bundle

    Please note that the communication protocol was not updated, so a v5 client will be able to reach a v6 server (and vice-versa).

    Reference: https://github.com/socketio/engine.io-protocol

    Features

    • provide an ESM build without debug (00d7e7d)

    BREAKING CHANGES

    • the enableXDR option is removed (c656192)
    • the jsonp and forceJSONP options are removed (b2c7381)

    Links

  • 5.2.0 - 2021-08-29

    Features

    • add an option to use native timer functions (#672) (5d1d5be)

    Links

  • 5.1.2 - 2021-06-24

    Bug Fixes

    • emit ping when receiving a ping from the server (589d3ad)
    • websocket: fix timer blocking writes (#670) (f30a10b)

    Links

  • 5.1.1 - 2021-05-11
  • 5.1.0 - 2021-05-04
  • 5.0.1 - 2021-03-31
  • 5.0.0 - 2021-03-10
  • 4.1.4 - 2021-05-05
  • 4.1.3 - 2021-03-31
  • 4.1.2 - 2021-02-25
  • 4.1.1 - 2021-02-02
  • 4.1.0 - 2021-01-14
  • 4.0.6 - 2021-01-04
  • 4.0.5 - 2020-12-07
  • 4.0.4 - 2020-11-17
  • 4.0.3 - 2020-11-17
  • 4.0.2 - 2020-11-09
  • 4.0.1 - 2020-10-21
  • 4.0.0 - 2020-09-10
from engine.io-client GitHub release notes
Commit messages
Package name: engine.io-client

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@atomist atomist bot added auto-branch-delete:on-close Delete branch when pull request gets closed auto-merge-method:merge Auto-merge with merge commit auto-merge:on-bpr-success Auto-merge on passed branch protection rule labels Jan 16, 2022
@atomist-bot
Update 4 npm dependencies
533b7df 
Dependencies

* debug > 4.3.3
* engine.io-parser > 4.0.3

Development Dependencies

* eiows > 3.7.3
* eslint-config-prettier > 6.15.0

[atomist:generated]
[atomist-skill:atomist/npm-vulnerability-scanner-skill]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-branch-delete:on-close Delete branch when pull request gets closed auto-merge:on-bpr-success Auto-merge on passed branch protection rule auto-merge-method:merge Auto-merge with merge commit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @atomist-bot