[Snyk] Upgrade mqtt from 2.4.0 to 2.18.9

[snyk-bot]

Snyk has created this PR to upgrade mqtt from 2.4.0 to 2.18.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 39 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2021-08-04.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) npm:mqtt:20171225	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mqtt

• 2.18.9 - 2021-08-04
  

  fix: security vulnerability in ws stream

• 2.18.8 - 2018-08-30
• 2.18.7 - 2018-08-26
• 2.18.6 - 2018-08-25
• 2.18.5 - 2018-08-23
• 2.18.4 - 2018-08-22
• 2.18.3 - 2018-07-19
• 2.18.2 - 2018-06-28
• 2.18.1 - 2018-06-12
• 2.18.0 - 2018-05-12
• 2.17.0 - 2018-03-25
• 2.16.0 - 2018-03-01
• 2.15.3 - 2018-02-16
• 2.15.2 - 2018-02-08
• 2.15.1 - 2018-01-09
• 2.15.0 - 2017-12-09
• 2.14.0 - 2017-11-04
• 2.13.1 - 2017-10-16
• 2.13.0 - 2017-09-12
• 2.12.1 - 2017-09-08
• 2.12.0 - 2017-08-18
• 2.11.0 - 2017-08-03
• 2.10.0 - 2017-07-31
• 2.9.3 - 2017-07-25
• 2.9.2 - 2017-07-21
• 2.9.1 - 2017-07-06
• 2.9.0 - 2017-06-16
• 2.8.2 - 2017-06-06
• 2.8.1 - 2017-06-03
• 2.8.0 - 2017-05-26
• 2.7.2 - 2017-05-15
• 2.7.1 - 2017-05-02
• 2.7.0 - 2017-05-01
• 2.6.2 - 2017-04-10
• 2.6.1 - 2017-04-09
• 2.6.0 - 2017-04-07
• 2.5.2 - 2017-04-03
• 2.5.1 - 2017-04-01
• 2.5.0 - 2017-03-18
• 2.4.0 - 2017-02-14

from mqtt GitHub release notes

Commit messages

Package name: mqtt

• 689d89b Merge pull request #1307 from mqttjs/security-update
• dda2724 update version
• 250921b fix: security vulnerabilities
• d138144 bumped v2.18.8
• adff840 Merge pull request #864 from redboltz/fix_store_pub_after_proc
• d7391a9 Replaced function () {} with nop
• 4a7e90b Replaced setTimeout() with process.nextTick()
• a981d02 Fixed the way to provide default empty function.
• aa5647d Refined null callback handling.
• a1af37a Added error handling to imcomingStore.put callback in _handlePublish.
• 0c9cd0d Bumped v2.18.7
• 38ce145 Merge pull request #860 from redboltz/removed_duplicated_tests
• 38c77a1 Added packet type (cmd) for existing replace test for store.
• bb3de0d Bumped v2.18.6.
• 9a3ff89 Merge pull request #859 from mqttjs/fix-use-of-readable
• 59fd16e destroy the ongoing stream in case of a disconnect
• f41ea10 Proper use of `'readable'` event.
• 797f9ea Bumped v2.18.5.
• 4263a75 Removed nsp
• fd60ec9 Fixed tests on Mac OS X
• 428033c Merge pull request #857 from redboltz/preserve_inflights_order
• 71a178d Added the comment why es6-map is needed.
• 04813da Fixed #854.
• e776bfc Bumped v2.18.4.

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs