Skip to content

Bump python-socketio from 4.3.1 to 5.14.0 in /src #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: Current
Choose a base branch
from
Open

Bump python-socketio from 4.3.1 to 5.14.0 in /src #46

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 7, 2025

Bumps python-socketio from 4.3.1 to 5.14.0.

Release notes

Sourced from python-socketio's releases.

Release 5.14.0

See CHANGES.md for release notes.

Release 5.13.0

See CHANGES.md for release notes.

Release 5.12.1

See CHANGES.md for release notes.

Release 5.12.0

See CHANGES.md for release notes.

Release 5.11.4

See CHANGES.md for release notes.

Release 5.11.3

See CHANGES.md for release notes.

Release 5.11.2

See CHANGES.md for release notes.

Release 5.11.1

See CHANGES.md for release notes.

Release 5.11.0

See CHANGES.md for release notes.

Release 5.10.0

See CHANGES.md for release notes.

Release 5.9.0

See CHANGES.md for release notes.

Release 5.8.0

See CHANGE.LOG for release notes.

Release 5.7.2

See CHANGE.LOG for release notes.

Release 5.7.1

See CHANGE.LOG for release notes.

Release 5.7.0

See CHANGE.LOG for release notes.

Release 5.6.0

See CHANGE.LOG for release notes.

Release 5.5.2

See CHANGE.LOG for release notes.

... (truncated)

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.14.1 - 2025-10-02

  • Restore support for rediss:// URLs, and add support for valkeys:// as well (commit)
  • Add support for Redis connections using unix sockets #1503 (commit) (thanks Darren Chang!)

Release 5.14.0 - 2025-09-30

  • Replace pickle with json in message queue communications #1502 (commit)
  • Add support for Valkey in the Redis client managers #1488 (commit) (thanks phi-friday!)
  • Keep track of which namespaces failed to connect #1496 (commit)
  • Fixed transport property of the simple clients to be a string as documented #1499 (commit)
  • SimpleClient.call does not raise TimeoutError on timeout #1501 (commit) (thanks James Thistlewood!)
  • Wait for client to end background tasks on disconnect #1500 (commit)
  • Better error logging for the Redis managers #1479 (commit) (thanks Eugnee!)
  • Channel was not properly initialized in several pubsub client managers #1476 (commit) (thanks Eugnee!)
  • Add message queue deployment recommendations for security (commit)
  • Add missing async on session examples for the async server #1465 (commit) (thanks Func!)
  • Add SPDX license identifier #1453 (commit) (thanks Marc Mueller!)

Release 5.13.0 - 2025-04-12

  • Eliminate race conditions on disconnect #1441 (commit)
  • Preserve exception context in Client.connect and AsyncClient.connect #1450 (commit) (thanks Tim Van Baak!)
  • Allow custom client subclasses to be used in SimpleClient and AsyncSimpleClient #1432 (commit)
  • Add support for Redis Sentinel URLs in RedisManager and AsyncRedisManager #1448 (commit)
  • Remove incorrect reference to an asyncio installation extra in documentation #1449 (commit)

Release 5.12.1 - 2024-12-29

  • Fix admin instrumentation support of disconnect reasons #1423 (commit)
  • Stop using deprecated datetime functions (commit)
  • Enable admin instrumentation by default in WSGI and ASGI examples (commit)
  • Fixed broken gevent URL in documentation #1427 (commit) (thanks Carlos Guerrero!)

Release 5.12.0 - 2024-12-18

  • Added a reason argument to the disconnect handler #1422 (commit)
  • Prevented starting multiple tasks for reconnection #1369 (commit) (thanks humayunsr!)
  • Fixed AsyncClient::wait() unexpected return after success reconnect #1407 (commit) (thanks Arseny!)
  • Removed old constructs from old and unsupported Python versions (commit)
  • Removed dependency on unittest.TestCase base class in unit tests (commit)
  • Adopted pyenv-asyncio for async unit tests (commit)
  • Adopted unittest.mock.AsyncMock in async unit tests (commit)
  • Fix typo with AsyncClient.connect example #1403 (commit) (thanks Peter Bierma!)
  • Documentation typo #1421 (commit) (thanks Masen Furer!)
  • Renamed flask-socketio references to python-socketio in documentation #1377 (commit)
  • Added Python 3.13 CI builds (commit)

... (truncated)

Commits
  • 400200e Release 5.14.0
  • 53f6be0 Replace pickle with json (#1502)
  • a59c6f5 Fix: SimpleClient.call does not raise TimeoutError on timeout (#1501)
  • f61e0be wait for client to end background tasks on disconnect (#1500)
  • 23556fb Fixed transport property of the simple clients to be a string as documented (...
  • e59acf1 Address failures of test suite on Mac (#1497)
  • 36a8922 Add support for valkey in the Redis client managers (#1488)
  • 5dc2aea keep track of which namespaces failed to connect (#1496)
  • b3da354 Add message queue deployment recommendations
  • 3625fe8 Bump eventlet from 0.35.2 to 0.40.3 in /examples/server/wsgi (#1491) #nolog
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump python-socketio from 4.3.1 to 5.14.0 in /src
324cb3c 
Bumps [python-socketio](https://github.com/miguelgrinberg/python-socketio) from 4.3.1 to 5.14.0.
- [Release notes](https://github.com/miguelgrinberg/python-socketio/releases)
- [Changelog](https://github.com/miguelgrinberg/python-socketio/blob/main/CHANGES.md)
- [Commits](miguelgrinberg/python-socketio@v4.3.1...v5.14.0)

---
updated-dependencies:
- dependency-name: python-socketio
  dependency-version: 5.14.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 7, 2025
@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedos@​0.1.21001004377100
Addedusb-native@​6.0.0701006776100
Addedversion-from-git@​1.1.2681008582100
Addedjest@​30.2.01001006996100
Addedreact-scripts@​5.0.1971007584100
Addedtypescript-react-intl@​0.4.1821009176100
Addedts-import-plugin@​3.0.09310010077100
Addedtslint-react@​5.0.010010010077100
Addedtslint@​6.1.3981009577100
Addedtslint-react-hooks@​2.2.29710010077100
Addedgulp-typescript@​5.0.19910010078100
Addedsvg-inline-react@​3.2.1961008378100
Addedgulp-filter@​9.0.19910010078100
Addednpm-run-all@​4.1.5991009878100
Addedjest-transform-css@​6.0.310010010078100
Addedtslint-config-prettier@​1.18.01001009880100
Addedless@​4.4.2981008093100
Addedopen@​10.2.010010010080100
Addedgulp-cli@​3.1.09910010081100
Addedgulp@​5.0.110010010081100
Addedsocket.io@​4.8.110010010081100
Addedgulp-sourcemaps@​3.0.09910010081100
Addedstyle-loader@​4.0.010010010081100
Addedvscode-test@​1.6.19410010082100
Addedless-loader@​12.3.09910010082100
Addedvscode-extension-telemetry@​0.4.5841009583100
Addedwebpack-cli@​6.0.19810010083100
Addedtslint-microsoft-contrib@​6.2.010010010083100
Addedvsce@​2.15.09710010083100
Addedutil@​0.12.51001008583100
Addedvscode-nls-dev@​4.0.4931009884100
Addedoffice-ui-fabric-react@​7.204.1971009984100
Addedreact@​19.2.01001008497100
See 10 more rows in the dashboard

View full report

@socket-security Socket Security
Copy link

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
safer-buffer@2.1.2 has Obfuscated code.

Confidence: 0.94

Location: Package overview

From: ?npm/safer-buffer@2.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants