egg-socket.io icon indicating copy to clipboard operation
egg-socket.io copied to clipboard

[Snyk] Security upgrade socket.io-redis from 5.4.0 to 6.1.1

Open atian25 opened this issue 2 years ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socket.io-redis The new version differs by 16 commits.
  • 715d1b0 chore(release): 6.1.1
  • f2265ba chore: pin adapter version
  • 5f2de9b chore(release): 6.1.0
  • 900ddfa chore: bump debug package
  • 6c8d770 perf: remove one round-trip for the requester
  • 468c3c8 feat: implement utility methods from Socket.IO v4
  • fc19812 ci: migrate to GitHub Actions
  • 4059501 test: convert tests to TypeScript
  • 72fe98e docs: fix allSockets example (#381)
  • 5cfdf90 docs: add details about the implementation
  • 4dae265 chore(release): 6.0.1
  • 509c0f0 docs: add examples with TypeScript and ES6 modules
  • 0d2d69c fix(typings): properly expose the createAdapter method
  • 3334d99 fix: fix broadcasting (#361)
  • 2cab2e3 chore(release): 6.0.0
  • d9bcb19 feat: add support for Socket.IO v3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

atian25 avatar Feb 02 '24 16:02 atian25

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None +1 55.7 kB darrachequesne

View full report↗︎

socket-security[bot] avatar Feb 02 '24 17:02 socket-security[bot]