[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: engine.io

The new version differs by 140 commits.

• ecfcc69 [chore] Release 3.4.0
• 7bf7581 [chore] Bump engine.io-parser to version 2.2.0
• c471e03 [chore] Bump `ws` to latest version (#587)
• c144895 [feat] add additional debug messages (#586)
• a967626 [chore] Bump debug to version 4.1.0 (#581)
• 5bbbfe2 [ci] remove Node.js 4 and 6 from the build matrix
• ad844f4 [fix] Deprecated Buffer usage in dependency (#585)
• cb0ac6f [chore] Release 3.3.2
• ec4e12a [revert] Allow configuration of `Access-Control-Allow-Origin` value (Why not support JPDA for java? c9/core#511)
• 64d6044 [chore] Release 3.3.1
• 9956445 [fix] Replace deprecated Buffer usage (#565)
• e081616 [chore] Point towards branch 'develop' of engine.io-client
• 2c856ca [chore] Release 3.3.0
• 3e2f415 [chore] Bump ws to version 6.1.0 (#564)
• ebf1a96 [feat] Allow configuration of `Access-Control-Allow-Origin` value (Why not support JPDA for java? c9/core#511)
• 0151c6a [chore] Release 3.2.1
• bc7b239 [fix] Processing error code on abort connection (#562)
• 6a16ea1 [test] Remove unnecessary assertion in test case (Failed to write to 'state.settings'. options.stream must be readable.  c9/core#556)
• d93ef6a [docs] Add some initialization examples in the README
• 52ebe41 [chore] Release 3.2.0
• c624751 [revert] Make generateId method async (clear the gdb error message c9/core#535)
• be3833b [refactor] Use Buffer.concat([]) to construct an empty buffer (Python 2 out of support. c9/core#555)
• 65b1ad1 [chore] Update default values for pingTimeout (Fix word "accessing" typo c9/core#551)
• 63e2528 [chore] Release 3.1.5

See the full diff

Package name: engine.io-client

The new version differs by 231 commits.

• b1630ba chore(release): 3.5.0
• 8750356 fix: check the type of the initial packet
• 0b254ce chore: bump ws version
• f764bf6 ci: migrate to GitHub Actions
• 4d2f277 chore: release 3.4.4
• bbcc3fe chore: bump parseqs and parseuri dependencies
• 4db8691 chore: downgrade the debug dependency
• 5a5313e chore: release 3.4.3
• e5bc106 fix(react-native): restrict the list of options for the WebSocket object
• f19a9e3 chore: release 3.4.2
• d2daa28 chore: bump component-emitter dependency
• 81dc10d chore: release 3.4.1
• 357f01d fix: use globalThis polyfill instead of self/global
• ccc9337 [chore] Release 3.4.0
• 1e29b0c [chore] Bump engine.io-parser to version 2.2.0
• e8cd8c0 build: transpile the debug dependency with Babel
• fd7fff2 [fix] Ensure valid status is passed to error handler (#622)
• 2266269 [feat] Support extra charset info in Content-Type header (#619)
• 2847411 [feat] Add withCredentials option (#614)
• 0eeaa7a [fix] fix NodeWebSocket declaration (#613)
• 242ea9e [chore] Bump debug to version 4.1.0 (#612)
• bc8c497 [ci] use Node.js 10 for compatibility with Gulp v3
• 57f9d45 [chore] Release 3.3.2
• e157aac [test] IE8 is no longer supported by Saucelabs

See the full diff

Package name: ws

The new version differs by 250 commits.

• f5297f7 [dist] 7.4.6
• 00c425e [security] Fix ReDoS vulnerability
• 990306d [lint] Fix prettier error
• 32e3a84 [security] Remove reference to Node Security Project
• 8c914d1 [minor] Fix nits
• fc7e27d [ci] Test on node 16
• 587c201 [ci] Do not test on node 15
• f672710 [dist] 7.4.5
• 67e25ff [fix] Fix case where `abortHandshake()` does not close the connection
• 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
• 114de9e [ci] Use a unique ID instead of commit SHA
• d75a62e [ci] Include commit SHA in `flag-name`
• a74dd2e [dist] 7.4.4
• 9277437 [fix] Recreate the inflate stream if it ends
• cbff929 [doc] Improve `websocket.terminate()` documentation
• 489a295 [ci] Use GitHub Actions (#1853)
• 77370e0 [pkg] Update eslint-config-prettier to version 8.1.0
• 99338f7 [doc] Fix `data` argument type (#1843)
• 223194e [dist] 7.4.3
• 4e9607b [perf] Reset compressor/decompressor instead of re-initialize (#1840)
• 2789887 [minor] Use `request.socket` instead of `request.connection`
• 2079ca5 [test] Increase code coverage
• d1a8af4 [dist] 7.4.2
• 48a2349 [pkg] Update eslint-config-prettier to version 7.1.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic