diff --git a/CHANGELOG.md b/CHANGELOG.md index 747e1bb23..483bc94e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [3.5.2](https://github.com/socketio/engine.io-client/compare/3.5.1...3.5.2) (2021-05-05) + +This release only contains a bump of `xmlhttprequest-ssl`, in order to fix the following vulnerability: https://www.npmjs.com/advisories/1665. + +Please note that `engine.io-client` was not directly impacted by this vulnerability, since we are always using `async: true`. + + ## [3.5.1](https://github.com/socketio/engine.io-client/compare/3.5.0...3.5.1) (2021-03-02) diff --git a/package-lock.json b/package-lock.json index ed075e77a..cf419f146 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "engine.io-client", - "version": "3.5.1", + "version": "3.5.2", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -10997,9 +10997,9 @@ "dev": true }, "xmlhttprequest-ssl": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz", - "integrity": "sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4=" + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.2.tgz", + "integrity": "sha512-tYOaldF/0BLfKuoA39QMwD4j2m8lq4DIncqj1yuNELX4vz9+z/ieG/vwmctjJce+boFHXstqhWnHSxc4W8f4qg==" }, "xtend": { "version": "4.0.2", diff --git a/package.json b/package.json index 8870555d2..6b24b682a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "engine.io-client", "description": "Client for the realtime Engine", "license": "MIT", - "version": "3.5.1", + "version": "3.5.2", "main": "lib/index.js", "homepage": "https://github.com/socketio/engine.io-client", "contributors": [ @@ -33,7 +33,7 @@ "parseqs": "0.0.6", "parseuri": "0.0.6", "ws": "~7.4.2", - "xmlhttprequest-ssl": "~1.5.4", + "xmlhttprequest-ssl": "~1.6.2", "yeast": "0.1.2" }, "devDependencies": {