[Snyk] Fix for 1 vulnerabilities

[HansHammel]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: socket.io

The new version differs by 152 commits.

• 8be95b3 chore(release): 4.5.2
• ba497ee fix(uws): prevent the server from crashing after upgrade
• 2803871 ci: add explicit permissions to workflow (#4466)
• 134226e refactor: add missing constraints (#4431)
• 9890b03 chore: bump dependencies
• 713a6b4 chore: bump mocha to version 10.0.0
• 18f3fda fix: prevent the socket from joining a room after disconnection
• 5ab8289 chore(release): 4.5.1
• 30430f0 fix: forward the local flag to the adapter when using fetchSockets()
• 9b43c91 fix(typings): add HTTPS server to accepted types (#4351)
• 8ecfcba chore(release): 4.5.0
• 572133a docs(examples): update example with webpack
• 6e1bb62 chore: bump engine.io to version 6.2.0
• 06e6838 docs(examples): add server bundling example with rollup
• 1f03a44 docs(examples): update create-react-app example (#4347)
• be3d7f0 docs(examples): add TODO example with Postgres and Node.js cluster
• d12aab2 docs(examples): add example with express-session
• 9f75868 docs(examples): pin the version of karma-jasmine-html-reporter
• 0b35dc7 refactor: make the protocol implementation stricter
• 531104d feat: add support for catch-all listeners for outgoing packets
• 8b20457 feat: broadcast and expect multiple acks
• 0b7d70c chore: bump lockfile to v2
• 2f96438 chore: bump engine.io version to fix CVE-2022-21676 (#4262)
• 02c87a8 fix(typings): ensure compatibility with TypeScript 3.x (#4259)

See the full diff

Package name: socket.io-client

The new version differs by 99 commits.

• abdba07 chore(release): 4.5.0
• faf68a5 chore: update default label for bug reports
• c0ba734 chore: add Node.js 16 in the test matrix
• e859018 refactor: replace the disconnected attribute by a getter
• 74e3e60 feat: add support for catch-all listeners for outgoing packets
• 692d54e chore: point the CI badge towards the main branch
• 6fdf3c9 refactor: import single-file 3rd party modules
• b862924 feat: add details to the disconnect event
• eaf782c docs: remove broken badges
• 359d1e2 chore(release): 4.4.1
• f56fdd0 chore: remove duplicate package.json file
• 19836d9 chore: add types to exports field to be compatible with nodenext module resolution (#1522)
• 71e34a3 chore(release): 4.4.0
• 1e1952b chore: bump engine.io-client version
• 522ffbe fix: prevent double ack with timeout
• 99c2cb8 fix: fix `socket.disconnect().connect()` usage
• 53d8fca fix: add package name in nested package.json
• d54d12c fix: prevent socket from reconnecting after middleware failure
• ccf7998 feat: add timeout feature
• da0b828 chore(release): 4.3.2
• 6780f29 fix: restore the default export (bis)
• ca614b2 chore(release): 4.3.1
• f0aae84 fix: restore the default export
• 8737d0a fix: restore the namespace export

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)