[Snyk] Upgrade socket.io from 2.4.1 to 4.4.1 #107

snyk-bot · 2022-02-01T16:06:27Z

Snyk has created this PR to upgrade socket.io from 2.4.1 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 26 versions ahead of your current version.
The recommended version was released a month ago, on 2022-01-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: socket.io

4.4.1 - 2022-01-06
Bug Fixes
- types: make RemoteSocket.data type safe (#4234) (770ee59)
- types: pass SocketData type to custom namespaces (#4233) (f2b8de7)
Links:
- Diff: 4.4.0...4.4.1
- Client release: 4.4.1
- engine.io version: ~6.1.0 (diff)
- ws version: ~8.2.3
4.4.0 - 2021-11-18
Bug Fixes
- only set 'connected' to true after middleware execution (02b0f73)
Features
- add an implementation based on uWebSockets.js (c0d8c5a)
const { App } = require("uWebSockets.js");
const { Server } = require("socket.io");

const app = new App();
const io = new Server();

io.attachApp(app);

io.on("connection", (socket) => {
// ...
});

app.listen(3000, (token) => {
if (!token) {
console.warn("port already in use");
}
});
- add timeout feature (f0ed42f)
```
socket.timeout(5000).emit("my-event", (err) => {
  if (err) {
    // the client did not acknowledge the event in the given delay
  }
});
```
- add type information to socket.data (#4159) (fe8730c)
interface SocketData {
name: string;
age: number;
}

const io = new Server<ClientToServerEvents, ServerToClientEvents, InterServerEvents, SocketData>();

io.on("connection", (socket) => {
socket.data.name = "john";
socket.data.age = 42;
});

Links:
- Diff: 4.3.2...4.4.0
- Client release: 4.4.0
- engine.io version: ~6.1.0 (diff)
- ws version: ~8.2.3
4.3.2 - 2021-11-08
Bug Fixes
- fix race condition in dynamic namespaces (#4137) (9d86397)
Links:
- Diff: 4.3.1...4.3.2
- Client release: 4.3.2
- engine.io version: ~6.0.0
- ws version: ~8.2.3
4.3.1 - 2021-10-16
Bug Fixes
- fix server attachment (#4127) (0ef2a4d)
Links:
- Diff: 4.3.0...4.3.1
- Client release: 4.3.1
- engine.io version: ~6.0.0
- ws version: ~8.2.3
4.3.0 - 2021-10-14
For this release, most of the work was done on the client side, see here.

Bug Fixes
- typings: add name field to cookie option (#4099) (033c5d3)
- send volatile packets with binary attachments (dc81fcf)
Features
- serve ESM bundle (60edecb)
Links:
- Diff: 4.2.0...4.3.0
- Client release: 4.3.0
- engine.io version: ~6.0.0 (diff)
- ws version: ~8.2.3 (diff)
4.2.0 - 2021-08-30
Bug Fixes
- typings: allow async listener in typed events (ccfd8ca)
Features
- ignore the query string when serving client JavaScript (#4024) (24fee27)
Links:
- Diff: 4.1.3...4.2.0
- Client release: 4.2.0
- engine.io version: ~5.2.0
- ws version: ~7.4.2
4.1.3 - 2021-07-10
Bug Fixes
- fix io.except() method (94e27cd)
- remove x-sourcemap header (a4dffc6)
Links:
- Diff: 4.1.2...4.1.3
- Client release: 4.1.3
- engine.io version: ~5.1.0
- ws version: ~7.4.2
4.1.2 - 2021-05-17
Bug Fixes
- typings: ensure compatibility with TypeScript 3.x (0cb6ac9)
- ensure compatibility with previous versions of the adapter (a2cf248)
Links:
- Diff: 4.1.1...4.1.2
- Client release: 4.1.2
- engine.io version: ~5.1.0
- ws version: ~7.4.2
4.1.1 - 2021-05-11
Bug Fixes
- typings: properly type server-side events (b84ed1e)
- typings: properly type the adapter attribute (891b187)
Links:
- Diff: 4.1.0...4.1.1
- Client release: 4.1.1
- engine.io version: ~5.1.0
- ws version: ~7.4.2
4.1.0 - 2021-05-11
Blog post: https://socket.io/blog/socket-io-4-1-0/

Features
- add support for inter-server communication (93cce05)
- notify upon namespace creation (499c892)
- add a "connection_error" event (7096e98, from engine.io)
- add the "initial_headers" and "headers" events (2527543, from engine.io)
Links:
- Diff: 4.0.2...4.1.0
- Client release: 4.1.0
- engine.io version: ~5.1.0
- ws version: ~7.4.2
4.0.2 - 2021-05-06
4.0.1 - 2021-03-31
4.0.0 - 2021-03-10
3.1.2 - 2021-02-26
3.1.1 - 2021-02-03
3.1.0 - 2021-01-15
3.0.5 - 2021-01-05
3.0.4 - 2020-12-07
3.0.3 - 2020-11-19
3.0.2 - 2020-11-17
3.0.1 - 2020-11-09
3.0.0 - 2020-11-05
3.0.0-rc4 - 2020-10-30
3.0.0-rc3 - 2020-10-26
3.0.0-rc2 - 2020-10-15
3.0.0-rc1 - 2020-10-13
2.4.1 - 2021-01-07

from socket.io GitHub release notes

Commit messages

Package name: socket.io

c82a4bd chore(release): 4.4.1
770ee59 fix(types): make `RemoteSocket.data` type safe (#4234)
3bf5d92 refactor: add note about fetchSockets() for parent namespaces
fc82e44 refactor(typings): export Event type (#4215)
c840bad test: fix flaky tests
f2b8de7 fix(typings): pass `SocketData` type to custom namespaces (#4233)
51784d0 chore: add types to exports field to be compatible with nodenext module resolution (#4228)
c196689 docs: fix basic crud example
7a70f63 docs: fix reconnection handling in the chat demo app (#4189)
e5897dd docs: add usage with ES modules (#4195)
2071a66 docs: simplify nginx cluster example
0f11c47 chore(release): 4.4.0
b839a3b fix: prevent double ack when emitting with a timeout
f0ed42f feat: add timeout feature
b7213e7 test: fix flaky test
2da8210 test: add test for volatile packet with binary
02b0f73 fix: only set 'connected' to true after middleware execution
c0d8c5a feat: add an implementation based on uWebSockets.js
fe8730c feat: add type information to `socket.data` (#4159)
ed8483d chore(release): 4.3.2
9d86397 fix: fix race condition in dynamic namespaces (#4137)
44e20ba refactor: add event type for use() (#4138)
ccc5ec3 chore(release): 4.3.1
0ef2a4d fix: fix server attachment (#4127)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade socket.io from 2.4.1 to 4.4.1. See this package in npm: https://www.npmjs.com/package/socket.io See this project in Snyk: https://app.snyk.io/org/ukmadlz/project/d68e67fb-db15-440f-a9ae-661023ed88ab?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade socket.io from 2.4.1 to 4.4.1 #107

[Snyk] Upgrade socket.io from 2.4.1 to 4.4.1 #107

snyk-bot commented Feb 1, 2022

Bug Fixes

Links:

Bug Fixes

Features

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Bug Fixes

Features

Links:

Bug Fixes

Features

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Features

Links:

[Snyk] Upgrade socket.io from 2.4.1 to 4.4.1 #107

Are you sure you want to change the base?

[Snyk] Upgrade socket.io from 2.4.1 to 4.4.1 #107

Conversation

snyk-bot commented Feb 1, 2022

Snyk has created this PR to upgrade socket.io from 2.4.1 to 4.4.1.

Bug Fixes

Links:

Bug Fixes

Features

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Bug Fixes

Features

Links:

Bug Fixes

Features

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Bug Fixes

Links:

Features

Links: