chore(deps): update dependency socket.io to v3 - autoclosed #67
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.4.8
->^3.0.0
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
socketio/socket.io
v3.0.0
Compare Source
Bug Fixes
Features
BREAKING CHANGES
the Socket#use() method is removed (see 5c73733)
Socket#join() and Socket#leave() do not accept a callback argument anymore.
Before:
After:
Before:
The 'origins' option was used in the allowRequest method, in order to
determine whether the request should pass or not. And the Engine.IO
server would implicitly add the necessary Access-Control-Allow-xxx
headers.
After:
The already existing 'allowRequest' option can be used for validation:
Socket#rooms is now a Set instead of an object
Namespace#connected is now a Map instead of an object
there is no more implicit connection to the default namespace:
This method was kept for backward-compatibility with pre-1.0 versions.
v2.4.1
Compare Source
This release reverts the breaking change introduced in
2.4.0
(socketio/socket.io@f78a575).If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:
In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).
Reverts
Links:
~3.5.0
~7.4.2
v2.4.0
Compare Source
Related blog post: https://socket.io/blog/socket-io-2-4-0/
Features (from Engine.IO)
Bug Fixes
Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (
Access-Control-Allow-xxx
) to any domain. This will not be the case anymore, and you now have to explicitly enable it.Please note that you are not impacted if:
origins
option to restrict the list of allowed domainsThis commit also removes the support for '*' matchers and protocol-less URL:
To restore the previous behavior (please use with caution):
See also:
Thanks a lot to @ni8walk3r for the security report.
Links:
~3.5.0
~7.4.2
v2.3.0
Compare Source
This release mainly contains a bump of the
engine.io
andws
packages, but no additional features.Links:
~3.4.0
(diff: socketio/engine.io@3.3.1...3.4.2)^7.1.2
(diff: websockets/ws@6.1.2...7.3.1)v2.2.0
Compare Source
Features
Bug fixes
Links
~3.3.1
(diff: socketio/engine.io@3.2.0...3.3.1)~6.1.0
(diff: websockets/ws@3.3.1...6.1.2)v2.1.1
Compare Source
Features
Bug fixes
(client) fire an error event on middleware failure for non-root namespace (socketio/socket.io-client#1202)
Links:
~3.2.0
~3.3.1
v2.1.0
Compare Source
Features
Bug fixes
Important note⚠️ from Engine.IO 3.2.0 release
There are two non-breaking changes that are somehow quite important:
ws
was reverted as the default wsEngine ([chore] Revert tows
as default wsEngine socketio/engine.io#550), as there was several blocking issues withuws
. You can still useuws
by runningnpm install uws --save
in your project and using thewsEngine
option:pingTimeout
now defaults to 5 seconds (instead of 60 seconds): [chore] Update default value of pingTimeout socketio/engine.io#551Links:
~3.2.0
(diff: socketio/engine.io@3.1.0...3.2.0)~3.3.1
(diff: websockets/ws@2.3.1...3.3.1)v2.0.4
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.3
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.2
Compare Source
Bug fixes
Links:
engine.io
: -ws
: -v2.0.1
Compare Source
Bug fixes
- update path of client file (#2934)
Links:
engine.io
: -ws
: -v2.0.0
Compare Source
This major release brings several performance improvements:
uws is now the default Websocket engine. It should bring significant improvement in performance (particularly in terms of memory consumption) (https://github.com/socketio/engine.io/releases/tag/2.0.0)
the Engine.IO and Socket.IO handshake packets were merged, reducing the number of roundtrips necessary to establish a connection. (#2833)
it is now possible to provide a custom parser according to the needs of your application (#2829). Please take a look at the example for more information.
Please note that this release is not backward-compatible, due to:
Please also note that if you are using a self-signed certificate,
rejectUnauthorized
now defaults totrue
(socketio/engine.io-client#558).Finally, the API documentation is now in the repository (here), and the content of the website here. Do not hesitate if you see something wrong or missing!
The full list of changes:
local
flag (#2816)clients
method in the API documentation (#2812)Besides, we are proud to announce that Socket.IO is now a part of open collective: https://opencollective.com/socketio. More on that later.
v1.7.4
Compare Source
v1.7.3
Compare Source
v1.7.2
Compare Source
v1.7.1
Compare Source
(following
socket.io-client
update)v1.7.0
Compare Source
local
flag (#2628)v1.6.0
Compare Source
v1.5.1
Compare Source
client
in test script (#2731)v1.5.0
Compare Source