[Snyk] Upgrade socket.io from 2.0.3 to 2.3.0

[snyk-bot]

Snyk has created this PR to upgrade socket.io from 2.0.3 to 2.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2019-09-20.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Denial of Service (DoS) npm:ws:20171108	Mature
	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	No Known Exploit

Release notes

Package name: socket.io

• 2.3.0 - 2019-09-20
  

  Diff: 2.2.0...2.3.0

• 2.2.0 - 2018-11-28
  

  Features

  • add cache-control header when serving the client source (#2907)

  Bug fixes

  • throw an error when trying to access the clients of a dynamic namespace (#3355)

  Milestone: 2.2.0
  Diff: 2.1.1...2.2.0
  Client release: 2.2.0
  Diff engine.io: socketio/engine.io@3.2.0...3.3.1
  Diff ws: https://github.com/websockets/ws/compare/3.3.1..6.1.2

• 2.1.1 - 2018-05-17
  

  Features

  (server) add local flag to the socket object (#3219)

  socket.local.to('room101').emit(/* */);

  Bug fixes

  (client) fire an error event on middleware failure for non-root namespace (socketio/socket.io-client#1202)

  Milestone: 2.1.1
  Diff: 2.1.0...2.1.1 (client diff)

• 2.1.0 - 2018-03-29
  

  Features

  • add a 'binary' flag (#3185)

  // by default, the object is recursively scanned to check whether it contains some binary data
  // in the following example, the check is skipped in order to improve performance
  socket.binary(false).emit('plain-object', object);
  // it also works at the namespace level
  
  io.binary(false).emit('plain-object', object);

  • add support for dynamic namespaces (#3195)

  io.of(/^\/dynamic-\d+$/).on('connect', (socket) => {
    // socket.nsp.name = '/dynamic-101'
  });
  // client-side
  
  const client = require('socket.io-client')('/dynamic-101');

  Bug fixes

  • properly emit 'connect' when using a custom namespace (#3197)
  • include the protocol in the origins check (#3198)

  Important note ⚠️ from Engine.IO 3.2.0 release

  There are two non-breaking changes that are somehow quite important:

  • ws was reverted as the default wsEngine (socketio/engine.io#550), as there was several blocking issues with uws. You can still use uws by running npm install uws --save in your project and using the wsEngine option:

  var engine = require('engine.io');
  var server = engine.listen(3000, {
    wsEngine: 'uws'
  });

  • pingTimeout now defaults to 5 seconds (instead of 60 seconds): socketio/engine.io#551

  Milestone: 2.1.0
  Diff: 2.0.4...2.1.0
  Engine.IO version: 3.2.x

• 2.0.4 - 2017-10-22
  

  Bug fixes

  • do not throw when receiving an unhandled error packet (#3038)
  • reset rooms object before broadcasting from namespace (#3039)

  Milestone: 2.0.4
  Diff: 2.0.3...2.0.4

• 2.0.3 - 2017-06-12
  

  Bug fixes

  • reset rooms object before broadcasting (#2970)
  • fix middleware initialization (#2969)

  Milestone: 2.0.3
  Diff: 2.0.2...2.0.3

from socket.io GitHub release notes

Commit messages

Package name: socket.io

• 47161a6 [chore] Release 2.3.0
• cf39362 [chore] Bump socket.io-parser to version 3.4.0
• 4d01b2c test: remove deprecated Buffer usage (#3481)
• 8227192 [docs] Fix the default value of the 'origins' parameter (#3464)
• 1150eb5 [chore] Bump engine.io to version 3.4.0
• 9c1e73c [chore] Update the license of the chat example (#3410)
• df05b73 [chore] Release 2.2.0
• b00ae50 [feat] Add cache-control header when serving the client source (#2907)
• d3c653d [docs] Add Touch Support to the whiteboard example (#3104)
• a7fbd1a [fix] Throw an error when trying to access the clients of a dynamic namespace (#3355)
• 190d22b [chore] Bump dependencies
• 7b8fba7 [test] Update Travis configuration
• e5f0cea [docs] Use new JavaScript syntax inside the README (#3360)
• 7e35f90 [docs] fix `this` scope in the chat example
• 2dbec77 [chore] Update issue template
• d97d873 [docs] update README.md (#3309)
• e0b2cb0 [chore] Release 2.1.1
• 1decae3 [feat] Add local flag to the socket object (#3219)
• 0279c47 [docs] Convert the chat example to ES6 (#3227)
• 2917942 [docs] Clarify private messaging in the emit cheatsheet (#3232)
• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces (#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
• 1f1d64b [fix] Include the protocol in the origins check (#3198)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs