Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update socket.io to version 2.0.3 #2821

Closed
wants to merge 1 commit into from
Closed

fix(deps): update socket.io to version 2.0.3 #2821

wants to merge 1 commit into from

Conversation

kevinsalter
Copy link

Fixes issue #2777

@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If your company signed a CLA, they designated a Point of Contact who decides which employees are authorized to participate. You may need to contact the Point of Contact for your company and ask to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the project maintainer to go/cla#troubleshoot.
  • In order to pass this check, please resolve this problem and have the pull request author add another comment and the bot will run again.

@kevinsalter
Copy link
Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

@dignifiedquire
Copy link
Member

We require browser support down to IE 7, can you confirm that this is still given with this new socket.io version? otherwise I don't think we can easily upgrade

This was referenced Aug 31, 2017
Closed
Merged
@tonyd256
Copy link

@dignifiedquire I realize this may not be your decision but would you be able to change your support requirements? Looking at a bunch of browser usage statistics, IE 7 doesn't even register anymore as a used browser.
https://www.netmarketshare.com/browser-market-share.aspx?qprid=2&qpcustomd=0
https://www.w3counter.com/trends
And many move available here: https://en.wikipedia.org/wiki/Usage_share_of_web_browsers

Also, even Microsoft themselves don't support it as well as a few versions above it.
https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support

@guilhermejcgois guilhermejcgois mentioned this pull request Sep 25, 2017
Open
@bengourley
Copy link

We require browser support down to IE 7, can you confirm that this is still given with this new socket.io version?

@dignifiedquire as far as I can see, socket.io still supports IE6+7. Their test suite/CI has passing automated tests for both these browsers:

image

Would be great to get this merged and published!

Thanks @kevinsalter for putting this PR together, I'm currently using your fork until this gets merged 👍

@acoard
Copy link

acoard commented Oct 6, 2017

Any update on this? The current version of Socket.io being used, 1.7.4, relies on debug@2.3.3 which has a known ReDos vulnerability.

@mattgrande
Copy link

The version of socket.io being used also relies on ws@1.1.2 which also has a known DoS vulnerability.

johnjbarton
johnjbarton approved these changes Nov 13, 2017
View reviewed changes
Copy link
Contributor

@johnjbarton johnjbarton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that the CI tests cover the cases important to users so we need to have those pass.

@johnjbarton johnjbarton changed the title fix(deps): update socket.io to latest version fix(deps): update socket.io to version 2.0.3 Nov 14, 2017
johnjbarton added a commit that referenced this pull request Nov 15, 2017
@johnjbarton
fix(deps): update socket.io to version 2.0.3
e259e77 
This is a duplicate of @kevinsalter PR #2821. His PR fails on appveyor and we can't figure out how to change the repo config to fix the build there or how to retry that build.  So let's just try from scratch.

Fixes issue #2777
@johnjbarton johnjbarton mentioned this pull request Nov 15, 2017
Closed
johnjbarton added a commit to johnjbarton/karma that referenced this pull request Nov 15, 2017
@johnjbarton
fix(deps): update socket.io to version 2.0.3.
3b7b019 
This is a duplicate of @kevinsalter PR karma-runner#2821. I am re-sending after appveyor fixup.
(We don't seem to have the ability to retry appveyor builds).

Fixes karma-runner#2777
@johnjbarton johnjbarton mentioned this pull request Nov 15, 2017
Merged
@johnjbarton
Copy link
Contributor

Thanks @kevinsalter, to get around being unable to re-build in appveyor, I stole your thunder in #2880

@kevinsalter
Copy link
Author

@johnjbarton all good, happy to see this go out 😄

@karronoli karronoli mentioned this pull request Aug 16, 2022
Merged
@Omrisnyk Omrisnyk mentioned this pull request Oct 27, 2023
Open
@Omrisnyk Omrisnyk mentioned this pull request Dec 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnjbarton johnjbarton johnjbarton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@kevinsalter @googlebot @dignifiedquire @tonyd256 @bengourley @acoard @mattgrande @johnjbarton