Skip to content

Bump socket.io-parser from 4.2.4 to 4.2.6#2840

Merged
gardener-prow[bot] merged 1 commit into
masterfrom
dependabot/npm_and_yarn/socket.io-parser-4.2.6
Apr 13, 2026
Merged

Bump socket.io-parser from 4.2.4 to 4.2.6#2840
gardener-prow[bot] merged 1 commit into
masterfrom
dependabot/npm_and_yarn/socket.io-parser-4.2.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026

Bumps socket.io-parser from 4.2.4 to 4.2.6.

Release notes

Sourced from socket.io-parser's releases.

socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (b25738c)

socket.io-parser@4.2.5

This release contains a bump of debug from ~4.3.1 to ~4.4.1.

Commits
  • 522edcd chore(release): socket.io-parser@4.2.6
  • 3fff7ca fix(parser): add a limit to the number of binary attachments
  • 37aad11 fix: cleanup pending acks on timeout to prevent memory leak
  • ba9cd69 revert: fix: cleanup pending acks on timeout to prevent memory leak
  • 84c2fb7 chore(release): engine.io@6.6.6
  • 07cbe15 fix(eio): add @​types/ws as dependency (#5458)
  • 44ed73f fix(eio): emit initial_headers and headers events in uServer (#5460)
  • da04267 fix: cleanup pending acks on timeout to prevent memory leak (#5442)
  • 74599a6 fix(types): properly import http module
  • d48718c ci: use actions/checkout@v6 and actions/setup-node@v6 (#5449)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-parser since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump socket.io-parser from 4.2.4 to 4.2.6
baaff44 
Bumps [socket.io-parser](https://github.com/socketio/socket.io) from 4.2.4 to 4.2.6.
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-version: 4.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2026
@dependabot dependabot Bot requested a review from grolu as a code owner March 18, 2026 21:00
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 18, 2026
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Mar 18, 2026
@dependabot dependabot Bot requested a review from petersutter as a code owner March 18, 2026 21:00
@gardener-prow gardener-prow Bot added do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 18, 2026
@grolu
Copy link
Copy Markdown
Member

grolu commented Apr 9, 2026

/lgtm
/approve

@gardener-prow
Copy link
Copy Markdown

gardener-prow Bot commented Apr 9, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grolu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Apr 9, 2026
@gardener-prow
Copy link
Copy Markdown

gardener-prow Bot commented Apr 9, 2026

LGTM label has been added.

DetailsGit tree hash: 15046cc926aa8e2df6266a7b6a2298f6c68be5d0

@petersutter petersutter added kind/enhancement Enhancement, improvement, extension and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Apr 13, 2026
@gardener-prow gardener-prow Bot merged commit 53c8e9e into master Apr 13, 2026
38 checks passed
@gardener-prow gardener-prow Bot deleted the dependabot/npm_and_yarn/socket.io-parser-4.2.6 branch April 13, 2026 14:08
@petersutter
Copy link
Copy Markdown
Member

petersutter commented May 19, 2026

/cherry-pick hotfix-1.84

@gardener-ci-robot
Copy link
Copy Markdown
Contributor

gardener-ci-robot commented May 19, 2026

@petersutter: new pull request created: #2973

Details

In response to this:

/cherry-pick hotfix-1.84

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-ci-robot gardener-ci-robot mentioned this pull request May 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grolu grolu Awaiting requested review from grolu grolu is a code owner

@holgerkoser holgerkoser Awaiting requested review from holgerkoser holgerkoser is a code owner

@klocke-io klocke-io Awaiting requested review from klocke-io klocke-io is a code owner

@petersutter petersutter Awaiting requested review from petersutter petersutter is a code owner

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code kind/enhancement Enhancement, improvement, extension lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@grolu @petersutter @gardener-ci-robot