[Snyk] Upgrade sockjs-client from 1.6.0 to 1.6.1 #21

rm-neilsondesa · 2024-03-28T12:21:46Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sockjs-client from 1.6.0 to 1.6.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 2 years ago, on 2022-05-28.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	572/1000 Why? Proof of Concept exploit, CVSS 9.3	No Known Exploit
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	572/1000 Why? Proof of Concept exploit, CVSS 9.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	572/1000 Why? Proof of Concept exploit, CVSS 9.3	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	572/1000 Why? Proof of Concept exploit, CVSS 9.3	No Known Exploit
Information Exposure SNYK-JS-EVENTSOURCE-2823375	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	572/1000 Why? Proof of Concept exploit, CVSS 9.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sockjs-client

1.6.1 - 2022-05-28
Fixes
- Update eventsource to 2.0.2 due to CVE-2022-1650. Fixes #590
- Update minimist to 1.2.6. Fixes #585
1.6.0 - 2022-02-27
Fixes
- Remove agent: false to allow usage of globalAgent. Fixes #421
dependencies
- Update url-parse due to CVE-2022-0686, CVE-2022-0639, and CVE-2022-0512. Fixes #576
- Remove json3 dependency. Fixes #476
- Update eventsource to 1.1.0
- Update faye-websocket to 0.11.4
- Update debug to 3.2.7
devDependencies
- Update follow-redirects (devDep) due to CVE-2022-0536 and CVE-2022-0155
- Update karma (devDep) due to CVE-2022-0437
- Update cached-path-relative (devDep) due to CVE-2021-23518
- Update fsevents (devDep) to fix:
  - ini CVE-2020-7788
  - minimist CVE-2020-7598
  - tar CVE-2021-37713, CVE-2021-37701, CVE-2021-32804, CVE-2021-32803
- Update copy-props (devDep) due to CVE-2020-28503
- Update eslint, mocha, gulp-replace, karma-browserify, gulp-sourcemaps, and browserify
Other Changes
- Remove bower
- Remove Travis CI
- Require Node.js 12

from sockjs-client GitHub release notes

Commit messages

Package name: sockjs-client

bdec828 1.6.1
f656e05 Merge pull request #585 from sockjs/dependabot/npm_and_yarn/minimist-1.2.6
f19946b Merge pull request #590 from brammitch/main
1cf4a5a Update eventsource due to CVE-2022-1650
33aa4b6 Bump minimist from 1.2.5 to 1.2.6

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs