This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade socket.io from 1.4.5 to 1.7.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.

• The recommended version was released on 7 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) npm:ws:20171108	479	Mature
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	479	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	479	Proof of Concept
	Denial of Service (DoS) npm:ws:20160624	479	No Known Exploit
	Insecure Defaults npm:engine.io-client:20160426	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	479	No Known Exploit
	Insecure Randomness npm:ws:20160920	479	No Known Exploit

Release notes

Package name: socket.io

• 1.7.4 - 2017-05-07
• 1.7.3 - 2017-02-17
• 1.7.2 - 2016-12-11
• 1.7.1 - 2016-11-27
• 1.7.0 - 2016-11-27
• 1.6.0 - 2016-11-20
• 1.5.1 - 2016-10-24
• 1.5.0 - 2016-10-06
• 1.4.8 - 2016-06-24
• 1.4.7 - 2016-06-24
• 1.4.6 - 2016-05-03
• 1.4.5 - 2016-01-26

from socket.io GitHub release notes

---

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs