chore(deps): bump socket.io-parser from 4.2.4 to 4.2.6 in /frontend#3931
chore(deps): bump socket.io-parser from 4.2.4 to 4.2.6 in /frontend#3931dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [socket.io-parser](https://github.com/socketio/socket.io) from 4.2.4 to 4.2.6. - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6) --- updated-dependencies: - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 participant
Bumps socket.io-parser from 4.2.4 to 4.2.6.
Release notes
Sourced from socket.io-parser's releases.
Commits
522edcdchore(release): socket.io-parser@4.2.63fff7cafix(parser): add a limit to the number of binary attachments37aad11fix: cleanup pending acks on timeout to prevent memory leakba9cd69revert: fix: cleanup pending acks on timeout to prevent memory leak84c2fb7chore(release): engine.io@6.6.607cbe15fix(eio): add@types/wsas dependency (#5458)44ed73ffix(eio): emit initial_headers and headers events in uServer (#5460)da04267fix: cleanup pending acks on timeout to prevent memory leak (#5442)74599a6fix(types): properly import http moduled48718cci: use actions/checkout@v6 and actions/setup-node@v6 (#5449)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-parser since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Low risk lockfile-only dependency update; main impact is updated transitive runtime packages (
socket.io-parser/debug) which could affect websocket client parsing but is a patch-level bump intended to fix a CVE.Overview
Updates the frontend dependency graph to use
socket.io-parser@4.2.6(from4.2.4), pulling in its patcheddebugrequirement and dedupingdebug/msversions inpackage-lock.json.The lockfile also drops some previously nested/optional entries (e.g.,
@types/nodepeer/optional metadata and arolluppeer entry), reflecting resolved dependency tree changes from the upgrade.Written by Cursor Bugbot for commit 18d7c63. This will update automatically on new commits. Configure here.