From 1e826833d6663e38ca18df62f9df6dc2818cc709 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 20 Jun 2024 07:41:01 +0000 Subject: [PATCH] fix: server/package.json & server/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SOCKETIO-7278048 --- server/package-lock.json | 13 +++++++------ server/package.json | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/server/package-lock.json b/server/package-lock.json index 8f81b3f..c7dc92e 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -24,7 +24,7 @@ "mqtt": "4.3.7", "redis": "4.6.5", "sequelize": "6.29.3", - "socket.io": "4.6.1", + "socket.io": "^4.6.2", "types-fastify-socket.io": "0.0.1" }, "devDependencies": { @@ -1544,16 +1544,17 @@ "integrity": "sha512-RVnVQxTXuerk653XfuliOxBP81Sf0+qfQE73LIYKcyMYHG94AuH0kgrQpRDuTZnSmjpysHmzxJXKNfa6PjFhyQ==" }, "node_modules/socket.io": { - "version": "4.6.1", - "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.6.1.tgz", - "integrity": "sha512-KMcaAi4l/8+xEjkRICl6ak8ySoxsYG+gG6/XfRCPJPQ/haCRIJBTL4wIl8YCsmtaBovcAXGLOShyVWQ/FG8GZA==", + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.6.2.tgz", + "integrity": "sha512-Vp+lSks5k0dewYTfwgPT9UeGGd+ht7sCpB7p0e83VgO4X/AHYWhXITMrNk/pg8syY2bpx23ptClCQuHhqi2BgQ==", + "license": "MIT", "dependencies": { "accepts": "~1.3.4", "base64id": "~2.0.0", "debug": "~4.3.2", - "engine.io": "~6.4.1", + "engine.io": "~6.4.2", "socket.io-adapter": "~2.5.2", - "socket.io-parser": "~4.2.1" + "socket.io-parser": "~4.2.4" }, "engines": { "node": ">=10.0.0" diff --git a/server/package.json b/server/package.json index 9f47885..abe524b 100644 --- a/server/package.json +++ b/server/package.json @@ -42,7 +42,7 @@ "mqtt": "4.3.7", "redis": "4.6.5", "sequelize": "6.29.3", - "socket.io": "4.6.1", + "socket.io": "4.6.2", "types-fastify-socket.io": "0.0.1" } }