From a06e37b7e0b43186af4d8f57738a62fd990b7992 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 21 Jun 2024 03:29:46 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SOCKETIO-7278048 --- package-lock.json | 9 +++++---- package.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7fb2145..2ae9a90 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "eventemitter2": "6.0.0", "lodash": "^4.17.20", "portfinder": "1.0.25", - "socket.io": "^2.3.0", + "socket.io": "^2.5.1", "uuid": "^3.3.3" }, "devDependencies": { @@ -5579,9 +5579,10 @@ "dev": true }, "node_modules/socket.io": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-2.5.0.tgz", - "integrity": "sha512-gGunfS0od3VpwDBpGwVkzSZx6Aqo9uOcf1afJj2cKnKFAoyl16fvhpsUhmUFd4Ldbvl5JvRQed6eQw6oQp6n8w==", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-2.5.1.tgz", + "integrity": "sha512-eaTE4tBKRD6RFoetquMbxgvcpvoDtRyIlkIMI/SMK2bsKvbENTsDeeu4GJ/z9c90yOWxB7b/eC+yKLPbHnH6bA==", + "license": "MIT", "dependencies": { "debug": "~4.1.0", "engine.io": "~3.6.0", diff --git a/package.json b/package.json index dcbf4f2..870cf81 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "eventemitter2": "6.0.0", "lodash": "^4.17.20", "portfinder": "1.0.25", - "socket.io": "^2.3.0", + "socket.io": "^2.5.1", "uuid": "^3.3.3" }, "devDependencies": {