Skip to content

fix(gatsby): update socket.io to address vulnerable subdeps #39352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 13, 2025
Merged

fix(gatsby): update socket.io to address vulnerable subdeps #39352

merged 2 commits into from
Aug 13, 2025

Conversation

serhalp
Copy link
Member

@serhalp serhalp commented Aug 8, 2025
edited
Loading

Summary

  • upgrade socket.io and socket.io-client to 4.8.1 to pull in engine.io 6.6.4 with patched cookie and ws

Fixes #39303

https://chatgpt.com/codex/tasks/task_e_68910d88c4f88321a2d00087e383957f

@gatsbot gatsbot bot added the status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer label Aug 8, 2025
@serhalp serhalp force-pushed the codex/fix-issue-#39303-in-gatsby branch from 732cb9f to bc49a01 Compare August 12, 2025 21:05
@serhalp serhalp marked this pull request as ready for review August 12, 2025 22:56
@serhalp serhalp requested a review from pieh August 12, 2025 23:05
@serhalp serhalp enabled auto-merge (squash) August 13, 2025 17:11
@serhalp serhalp added type: bug An issue or pull request relating to a bug in Gatsby bot: merge on green Gatsbot will merge these PRs automatically when all tests passes status: accepted and removed status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer labels Aug 13, 2025
@serhalp serhalp merged commit 6ba3b68 into master Aug 13, 2025
39 checks passed
@serhalp serhalp deleted the codex/fix-issue-#39303-in-gatsby branch August 13, 2025 19:17
@ajfisher ajfisher mentioned this pull request Sep 2, 2025
Merged
@zai1208 zai1208 mentioned this pull request Sep 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pieh pieh pieh approved these changes

Assignees

No one assigned

Labels

bot: merge on green Gatsbot will merge these PRs automatically when all tests passes codex status: accepted type: bug An issue or pull request relating to a bug in Gatsby

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

socket.io and engine.io dependencies still include vulnerable versions of cookie and path-to-regexp

2 participants

@serhalp @pieh