This repository has been archived by the owner on Jan 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
fix(deps): update dependency socket.io to v2 [security] #34
Open
renovate
wants to merge
1
commit into
gh-pages
Choose a base branch
from
renovate/npm-socket.io-vulnerability
base: gh-pages
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
April 26, 2021 14:46
a197432
to
9480a9c
Compare
renovate
bot
changed the title
Update dependency socket.io to v3 [SECURITY]
Update dependency socket.io to v4 [SECURITY]
Apr 26, 2021
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
May 15, 2021 19:54
9480a9c
to
dca1759
Compare
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 18, 2021 16:48
dca1759
to
af2e464
Compare
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
March 7, 2022 16:00
af2e464
to
33f00eb
Compare
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
April 24, 2022 18:00
33f00eb
to
bd17b8f
Compare
renovate
bot
changed the title
Update dependency socket.io to v4 [SECURITY]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Sep 25, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
2 times, most recently
from
September 26, 2022 02:09
48c0f5b
to
c1fd3de
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Sep 26, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
September 27, 2022 06:05
c1fd3de
to
18ad72c
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Sep 27, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
September 28, 2022 07:11
18ad72c
to
61d1688
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Sep 28, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 2, 2022 12:27
61d1688
to
c45025b
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Oct 2, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 2, 2022 16:02
c45025b
to
07b3e09
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Oct 2, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 5, 2022 04:11
07b3e09
to
979ad3a
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Oct 5, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 5, 2022 06:18
979ad3a
to
09e8623
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Oct 5, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 5, 2022 16:03
09e8623
to
645e31a
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Oct 5, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 5, 2022 19:35
645e31a
to
b6a1d4f
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Oct 5, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 6, 2022 09:08
b6a1d4f
to
e7c214e
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Oct 6, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
October 6, 2022 11:38
e7c214e
to
820b51b
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Oct 6, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Dec 10, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
December 10, 2022 10:18
134e381
to
7dbd333
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Dec 10, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
December 11, 2022 14:19
7dbd333
to
31b368b
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Dec 11, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
December 11, 2022 19:16
31b368b
to
0bf9ce0
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Dec 11, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
December 17, 2022 07:51
0bf9ce0
to
68eba71
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Dec 17, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
December 17, 2022 10:00
68eba71
to
2c51594
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Dec 17, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
Update dependency socket.io to v2 [SECURITY]
Dec 17, 2022
renovate
bot
changed the title
Update dependency socket.io to v2 [SECURITY]
fix(deps): update dependency socket.io to v2 [security]
Dec 17, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to v2 [security] - autoclosed
Dec 20, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security] - autoclosed
fix(deps): update dependency socket.io to v2 [security]
Dec 20, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to v2 [security] - autoclosed
Dec 29, 2022
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security] - autoclosed
fix(deps): update dependency socket.io to v2 [security]
Dec 29, 2022
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
January 6, 2023 12:30
2c51594
to
e19fa05
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to v2 [security]
fix(deps): update dependency socket.io to ~1.7.0 [security]
Jan 6, 2023
renovate
bot
force-pushed
the
renovate/npm-socket.io-vulnerability
branch
from
January 6, 2023 15:35
e19fa05
to
fdd4d80
Compare
renovate
bot
changed the title
fix(deps): update dependency socket.io to ~1.7.0 [security]
fix(deps): update dependency socket.io to v2 [security]
Jan 6, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~1.0.1
->~2.4.0
GitHub Vulnerability Alerts
CVE-2020-28481
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Release Notes
socketio/socket.io
v2.4.0
Compare Source
Bug Fixes
3.0.4 (2020-12-07)
3.0.3 (2020-11-19)
3.0.2 (2020-11-17)
Bug Fixes
3.0.1 (2020-11-09)
Bug Fixes
v2.3.0
Compare Source
This release mainly contains a bump of the
engine.io
andws
packages, but no additional features.v2.2.0
Compare Source
Features
Bug fixes
v2.1.1
Compare Source
Features
v2.1.0
Compare Source
Features
Bug fixes
Important note⚠️ from Engine.IO 3.2.0 release
There are two non-breaking changes that are somehow quite important:
ws
was reverted as the default wsEngine (https://github.com/socketio/engine.io/pull/550), as there was several blocking issues withuws
. You can still useuws
by runningnpm install uws --save
in your project and using thewsEngine
option:pingTimeout
now defaults to 5 seconds (instead of 60 seconds): https://github.com/socketio/engine.io/pull/551v2.0.4
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.3
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.2
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.1
Compare Source
Bug fixes
- update path of client file (#2934)
Links:
engine.io
: -ws
: -v2.0.0
Compare Source
This major release brings several performance improvements:
uws is now the default Websocket engine. It should bring significant improvement in performance (particularly in terms of memory consumption) (https://github.com/socketio/engine.io/releases/tag/2.0.0)
the Engine.IO and Socket.IO handshake packets were merged, reducing the number of roundtrips necessary to establish a connection. (#2833)
it is now possible to provide a custom parser according to the needs of your application (#2829). Please take a look at the example for more information.
Please note that this release is not backward-compatible, due to:
Please also note that if you are using a self-signed certificate,
rejectUnauthorized
now defaults totrue
(https://github.com/socketio/engine.io-client/pull/558).Finally, the API documentation is now in the repository (here), and the content of the website here. Do not hesitate if you see something wrong or missing!
The full list of changes:
local
flag (#2816)clients
method in the API documentation (#2812)Besides, we are proud to announce that Socket.IO is now a part of open collective: https://opencollective.com/socketio. More on that later.
v1.7.4
Compare Source
v1.7.3
Compare Source
v1.7.2
Compare Source
v1.7.1
Compare Source
(following
socket.io-client
update)v1.7.0
Compare Source
local
flag (#2628)v1.6.0
Compare Source
v1.5.1
Compare Source
client
in test script (#2731)v1.5.0
Compare Source
v1.4.8
Compare Source
v1.4.7
Compare Source
v1.4.6
Compare Source
v1.4.5
Compare Source
v1.4.4
Compare Source
v1.4.3
Compare Source
v1.4.2
Compare Source
v1.4.1
Compare Source
v1.4.0
Compare Source
v1.3.7
Compare Source
v1.3.6
Compare Source
v1.3.5
Compare Source
v1.3.4
Compare Source
v1.3.3
Compare Source
v1.3.2
Compare Source
v1.3.1
Compare Source
v1.3.0
Compare Source
v1.2.1
Compare Source
v1.2.0
Compare Source
v1.1.0
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.