From dd2a1422a0d848e79e596b33030b4b8f42d18024 Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Wed, 5 May 2021 21:59:16 +0200
Subject: [PATCH 1/2] chore: bump xmlhttprequest-ssl version

Related: https://www.npmjs.com/advisories/1665
---
 package-lock.json | 6 +++---
 package.json      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ed075e77a..9d578bc8e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10997,9 +10997,9 @@
       "dev": true
     },
     "xmlhttprequest-ssl": {
-      "version": "1.5.5",
-      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz",
-      "integrity": "sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4="
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.6.2.tgz",
+      "integrity": "sha512-tYOaldF/0BLfKuoA39QMwD4j2m8lq4DIncqj1yuNELX4vz9+z/ieG/vwmctjJce+boFHXstqhWnHSxc4W8f4qg=="
     },
     "xtend": {
       "version": "4.0.2",
diff --git a/package.json b/package.json
index 8870555d2..fc184b26b 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "parseqs": "0.0.6",
     "parseuri": "0.0.6",
     "ws": "~7.4.2",
-    "xmlhttprequest-ssl": "~1.5.4",
+    "xmlhttprequest-ssl": "~1.6.2",
     "yeast": "0.1.2"
   },
   "devDependencies": {

From 6bf9dd6ed765be4e0e5e9e7d188e184d25aa198b Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Wed, 5 May 2021 22:30:50 +0200
Subject: [PATCH 2/2] chore(release): 3.5.2

Diff: https://github.com/socketio/engine.io-client/compare/3.5.1...3.5.2
---
 CHANGELOG.md      | 7 +++++++
 package-lock.json | 2 +-
 package.json      | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 747e1bb23..483bc94e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [3.5.2](https://github.com/socketio/engine.io-client/compare/3.5.1...3.5.2) (2021-05-05)
+
+This release only contains a bump of `xmlhttprequest-ssl`, in order to fix the following vulnerability: https://www.npmjs.com/advisories/1665.
+
+Please note that `engine.io-client` was not directly impacted by this vulnerability, since we are always using `async: true`.
+
+
 ## [3.5.1](https://github.com/socketio/engine.io-client/compare/3.5.0...3.5.1) (2021-03-02)
 
 
diff --git a/package-lock.json b/package-lock.json
index 9d578bc8e..cf419f146 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "engine.io-client",
-  "version": "3.5.1",
+  "version": "3.5.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index fc184b26b..6b24b682a 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "engine.io-client",
   "description": "Client for the realtime Engine",
   "license": "MIT",
-  "version": "3.5.1",
+  "version": "3.5.2",
   "main": "lib/index.js",
   "homepage": "https://github.com/socketio/engine.io-client",
   "contributors": [