Skip to content

Commit 6ba3b68

Browse files
serhalpserhalp
authored
fix(gatsby): update socket.io to address vulnerable subdeps (#39352)
fix(deps): upgrade socket.io, socket.io-client
1 parent 19a8015 commit 6ba3b68

File tree

2 files changed

+45
-36
lines changed

2 files changed

+45
-36
lines changed

packages/gatsby/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,8 +156,8 @@
156156
"shallow-compare": "^1.2.2",
157157
"signal-exit": "^3.0.7",
158158
"slugify": "^1.6.6",
159-
"socket.io": "4.7.1",
160-
"socket.io-client": "4.7.1",
159+
"socket.io": "^4.8.1",
160+
"socket.io-client": "^4.8.1",
161161
"stack-trace": "^0.0.10",
162162
"string-similarity": "^1.2.2",
163163
"strip-ansi": "^6.0.1",

yarn.lock

Lines changed: 43 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -8694,11 +8694,16 @@ [email protected], cookie@^0.6.0:
86948694
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
86958695
integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
86968696

8697-
cookie@^0.4.2, cookie@~0.4.1:
8697+
cookie@^0.4.2:
86988698
version "0.4.2"
86998699
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
87008700
integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA==
87018701

8702+
cookie@~0.7.2:
8703+
version "0.7.2"
8704+
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7"
8705+
integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==
8706+
87028707
[email protected]:
87038708
version "0.8.0"
87048709
resolved "https://registry.yarnpkg.com/cookies/-/cookies-0.8.0.tgz#1293ce4b391740a8406e3c9870e828c4b54f3f90"
@@ -10319,37 +10324,36 @@ end-of-stream@^1.0.0, end-of-stream@^1.1.0, end-of-stream@^1.4.1:
1031910324
dependencies:
1032010325
once "^1.4.0"
1032110326

10322-
engine.io-client@~6.5.1:
10323-
version "6.5.1"
10324-
resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-6.5.1.tgz#1735fb8ae3bae5ae13115e18d2f484daf005dd9c"
10325-
integrity sha512-hE5wKXH8Ru4L19MbM1GgYV/2Qo54JSMh1rlJbfpa40bEWkCKNo3ol2eOtGmowcr+ysgbI7+SGL+by42Q3pt/Ng==
10327+
engine.io-client@~6.6.1:
10328+
version "6.6.3"
10329+
resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-6.6.3.tgz#815393fa24f30b8e6afa8f77ccca2f28146be6de"
10330+
integrity sha512-T0iLjnyNWahNyv/lcjS2y4oE358tVS/SYQNxYXGAJ9/GLgH4VCvOQ/mhTjqU88mLZCQgiG8RIegFHYCdVC+j5w==
1032610331
dependencies:
1032710332
"@socket.io/component-emitter" "~3.1.0"
1032810333
debug "~4.3.1"
10329-
engine.io-parser "~5.1.0"
10330-
ws "~8.11.0"
10331-
xmlhttprequest-ssl "~2.0.0"
10334+
engine.io-parser "~5.2.1"
10335+
ws "~8.17.1"
10336+
xmlhttprequest-ssl "~2.1.1"
1033210337

10333-
engine.io-parser@~5.1.0:
10334-
version "5.1.0"
10335-
resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-5.1.0.tgz#d593d6372d7f79212df48f807b8cace1ea1cb1b8"
10336-
integrity sha512-enySgNiK5tyZFynt3z7iqBR+Bto9EVVVvDFuTT0ioHCGbzirZVGDGiQjZzEp8hWl6hd5FSVytJGuScX1C1C35w==
10338+
engine.io-parser@~5.2.1:
10339+
version "5.2.3"
10340+
resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-5.2.3.tgz#00dc5b97b1f233a23c9398d0209504cf5f94d92f"
10341+
integrity sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==
1033710342

10338-
engine.io@~6.5.0:
10339-
version "6.5.1"
10340-
resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-6.5.1.tgz#59725f8593ccc891abb47f1efcdc52a089525a56"
10341-
integrity sha512-mGqhI+D7YxS9KJMppR6Iuo37Ed3abhU8NdfgSvJSDUafQutrN+sPTncJYTyM9+tkhSmWodKtVYGPPHyXJEwEQA==
10343+
engine.io@~6.6.0:
10344+
version "6.6.4"
10345+
resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-6.6.4.tgz#0a89a3e6b6c1d4b0c2a2a637495e7c149ec8d8ee"
10346+
integrity sha512-ZCkIjSYNDyGn0R6ewHDtXgns/Zre/NT6Agvq1/WobF7JXgFff4SeDroKiCO3fNJreU9YG429Sc81o4w5ok/W5g==
1034210347
dependencies:
10343-
"@types/cookie" "^0.4.1"
1034410348
"@types/cors" "^2.8.12"
1034510349
"@types/node" ">=10.0.0"
1034610350
accepts "~1.3.4"
1034710351
base64id "2.0.0"
10348-
cookie "~0.4.1"
10352+
cookie "~0.7.2"
1034910353
cors "~2.8.5"
1035010354
debug "~4.3.1"
10351-
engine.io-parser "~5.1.0"
10352-
ws "~8.11.0"
10355+
engine.io-parser "~5.2.1"
10356+
ws "~8.17.1"
1035310357

1035410358
enhanced-resolve@^5.15.0:
1035510359
version "5.15.0"
@@ -22637,14 +22641,14 @@ socket.io-adapter@~2.5.2:
2263722641
dependencies:
2263822642
ws "~8.11.0"
2263922643

22640-
socket.io-client@4.7.1:
22641-
version "4.7.1"
22642-
resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-4.7.1.tgz#48e5f703abe4fb0402182bcf9c06b7820fb3453b"
22643-
integrity sha512-Qk3Xj8ekbnzKu3faejo4wk2MzXA029XppiXtTF/PkbTg+fcwaTw1PlDrTrrrU4mKoYC4dvlApOnSeyLCKwek2w==
22644+
socket.io-client@^4.8.1:
22645+
version "4.8.1"
22646+
resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-4.8.1.tgz#1941eca135a5490b94281d0323fe2a35f6f291cb"
22647+
integrity sha512-hJVXfu3E28NmzGk8o1sHhN3om52tRvwYeidbj7xKy2eIIse5IoKX3USlS6Tqt3BHAtflLIkCQBkzVrEEfWUyYQ==
2264422648
dependencies:
2264522649
"@socket.io/component-emitter" "~3.1.0"
2264622650
debug "~4.3.2"
22647-
engine.io-client "~6.5.1"
22651+
engine.io-client "~6.6.1"
2264822652
socket.io-parser "~4.2.4"
2264922653

2265022654
socket.io-parser@~4.2.4:
@@ -22655,16 +22659,16 @@ socket.io-parser@~4.2.4:
2265522659
"@socket.io/component-emitter" "~3.1.0"
2265622660
debug "~4.3.1"
2265722661

22658-
socket.io@4.7.1:
22659-
version "4.7.1"
22660-
resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-4.7.1.tgz#9009f31bf7be25478895145e92fbc972ad1db900"
22661-
integrity sha512-W+utHys2w//dhFjy7iQQu9sGd3eokCjGbl2r59tyLqNiJJBdIebn3GAKEXBr3osqHTObJi2die/25bCx2zsaaw==
22662+
socket.io@^4.8.1:
22663+
version "4.8.1"
22664+
resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-4.8.1.tgz#fa0eaff965cc97fdf4245e8d4794618459f7558a"
22665+
integrity sha512-oZ7iUCxph8WYRHHcjBEc9unw3adt5CmSNlppj/5Q4k2RIrhl8Z5yY2Xr4j9zj0+wzVZ0bxmYoGSzKJnRl6A4yg==
2266222666
dependencies:
2266322667
accepts "~1.3.4"
2266422668
base64id "~2.0.0"
2266522669
cors "~2.8.5"
2266622670
debug "~4.3.2"
22667-
engine.io "~6.5.0"
22671+
engine.io "~6.6.0"
2266822672
socket.io-adapter "~2.5.2"
2266922673
socket.io-parser "~4.2.4"
2267022674

@@ -26096,6 +26100,11 @@ ws@^8.11.0, ws@~8.11.0:
2609626100
resolved "https://registry.yarnpkg.com/ws/-/ws-8.11.0.tgz#6a0d36b8edfd9f96d8b25683db2f8d7de6e8e143"
2609726101
integrity sha512-HPG3wQd9sNQoT9xHyNCXoDUa+Xw/VevmY9FoHyQ+g+rrMn4j6FB4np7Z0OhdTgjx6MgQLK7jwSy1YecU1+4Asg==
2609826102

26103+
ws@~8.17.1:
26104+
version "8.17.1"
26105+
resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
26106+
integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
26107+
2609926108
xdg-basedir@^3.0.0:
2610026109
version "3.0.0"
2610126110
resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-3.0.0.tgz#496b2cc109eca8dbacfe2dc72b603c17c5870ad4"
@@ -26154,10 +26163,10 @@ xmldom@^0.1.27:
2615426163
version "0.1.27"
2615526164
resolved "https://registry.yarnpkg.com/xmldom/-/xmldom-0.1.27.tgz#d501f97b3bdb403af8ef9ecc20573187aadac0e9"
2615626165

26157-
xmlhttprequest-ssl@~2.0.0:
26158-
version "2.0.0"
26159-
resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.0.0.tgz#91360c86b914e67f44dce769180027c0da618c67"
26160-
integrity sha512-QKxVRxiRACQcVuQEYFsI1hhkrMlrXHPegbbd1yn9UHOmRxY+si12nQYzri3vbzt8VdTTRviqcKxcyllFas5z2A==
26166+
xmlhttprequest-ssl@~2.1.1:
26167+
version "2.1.2"
26168+
resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz#e9e8023b3f29ef34b97a859f584c5e6c61418e23"
26169+
integrity sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==
2616126170

2616226171
xstate@^4.38.0:
2616326172
version "4.38.0"

0 commit comments

Comments
 (0)