Skip to content

core: bump socket.io dependency #10757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
paul-marechal merged 1 commit into from
Feb 15, 2022
Merged

core: bump socket.io dependency #10757

paul-marechal merged 1 commit into from
Feb 15, 2022

Conversation

@vince-fugnitto
Copy link
Member

@vince-fugnitto vince-fugnitto commented Feb 15, 2022
edited
Loading

What it does

Fixes: #10514 (comment).

The commit bumps the socket.io dependency to a version which does not use engine.io at a vulnerable version.

How to test

  • CI should be successful (build and tests)
  • yarn audit | grep "engine.io" should not produce any output

Review checklist

Reminder for reviewers

Signed-off-by: vince-fugnitto [email protected]

@vince-fugnitto
core: bump socket.io dependency
3a3070a 
The commit bumps the `socket.io` dependency to a version which does not
use `engine.io` at a vulnerable version.

Signed-off-by: vince-fugnitto <[email protected]>
@vince-fugnitto vince-fugnitto added messaging issues related to messaging security issues related to security dependencies issues that plan to update dependencies labels Feb 15, 2022
@paul-marechal paul-marechal merged commit 1e80962 into master Feb 15, 2022
@paul-marechal paul-marechal deleted the vf/socket-io-bump branch February 15, 2022 19:16
@github-actions github-actions bot added this to the 1.23.0 milestone Feb 15, 2022
thegecko pushed a commit to ARMmbed/theia that referenced this pull request Feb 17, 2022
@vince-fugnitto @thegecko
core: bump socket.io dependency (eclipse-theia#10757)
ab167f9 
The commit bumps the `socket.io` dependency to a version which does not
use `engine.io` at a vulnerable version.

Signed-off-by: vince-fugnitto <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paul-marechal paul-marechal paul-marechal approved these changes

@msujew msujew Awaiting requested review from msujew

Assignees

No one assigned

Labels

dependencies issues that plan to update dependencies messaging issues related to messaging security issues related to security

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

3 participants

@vince-fugnitto @paul-marechal