fix(deps): update dependency socket.io to v2 [security] #83
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.3.7
->2.4.0
GitHub Vulnerability Alerts
CVE-2020-28481
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Release Notes
socketio/socket.io
v2.4.0
Compare Source
Bug Fixes
3.0.4 (2020-12-07)
3.0.3 (2020-11-19)
3.0.2 (2020-11-17)
Bug Fixes
3.0.1 (2020-11-09)
Bug Fixes
v2.3.0
Compare Source
This release mainly contains a bump of the
engine.io
andws
packages, but no additional features.v2.2.0
Compare Source
Features
Bug fixes
v2.1.1
Compare Source
Features
v2.1.0
Compare Source
Features
Bug fixes
Important note⚠️ from Engine.IO 3.2.0 release
There are two non-breaking changes that are somehow quite important:
ws
was reverted as the default wsEngine (https://github.com/socketio/engine.io/pull/550), as there was several blocking issues withuws
. You can still useuws
by runningnpm install uws --save
in your project and using thewsEngine
option:pingTimeout
now defaults to 5 seconds (instead of 60 seconds): https://github.com/socketio/engine.io/pull/551v2.0.4
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.3
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.2
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.1
Compare Source
Bug fixes
- update path of client file (#2934)
Links:
engine.io
: -ws
: -v2.0.0
Compare Source
This major release brings several performance improvements:
uws is now the default Websocket engine. It should bring significant improvement in performance (particularly in terms of memory consumption) (https://github.com/socketio/engine.io/releases/tag/2.0.0)
the Engine.IO and Socket.IO handshake packets were merged, reducing the number of roundtrips necessary to establish a connection. (#2833)
it is now possible to provide a custom parser according to the needs of your application (#2829). Please take a look at the example for more information.
Please note that this release is not backward-compatible, due to:
Please also note that if you are using a self-signed certificate,
rejectUnauthorized
now defaults totrue
(https://github.com/socketio/engine.io-client/pull/558).Finally, the API documentation is now in the repository (here), and the content of the website here. Do not hesitate if you see something wrong or missing!
The full list of changes:
local
flag (#2816)clients
method in the API documentation (#2812)Besides, we are proud to announce that Socket.IO is now a part of open collective: https://opencollective.com/socketio. More on that later.
v1.7.4
Compare Source
v1.7.3
Compare Source
v1.7.2
Compare Source
v1.7.1
Compare Source
(following
socket.io-client
update)v1.7.0
Compare Source
local
flag (#2628)v1.6.0
Compare Source
v1.5.1
Compare Source
client
in test script (#2731)v1.5.0
Compare Source
v1.4.8
Compare Source
v1.4.7
Compare Source
v1.4.6
Compare Source
v1.4.5
Compare Source
v1.4.4
Compare Source
v1.4.3
Compare Source
v1.4.2
Compare Source
v1.4.1
Compare Source
v1.4.0
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.