socketio/socket.io (socket.io)
### [`v4.6.2`](https://togithub.com/socketio/socket.io/releases/tag/4.6.2)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.1...4.6.2)
##### Bug Fixes
- **exports:** move `types` condition to the top ([#4698](https://togithub.com/socketio/socket.io/issues/4698)) ([3d44aae](https://togithub.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e))
##### Links
- Diff: https://github.com/socketio/socket.io/compare/4.6.1...4.6.2
- Client release: [4.6.2](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.2)
- [`engine.io@~6.4.2`](https://togithub.com/socketio/engine.io/releases/tag/6.4.2) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.1...6.4.2))
- [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change)
### [`v4.6.1`](https://togithub.com/socketio/socket.io/releases/tag/4.6.1)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.0...4.6.1)
##### Bug Fixes
- properly handle manually created dynamic namespaces ([0d0a7a2](https://togithub.com/socketio/socket.io/commit/0d0a7a22b5ff95f864216c529114b7dd41738d1e))
- **types:** fix nodenext module resolution compatibility ([#4625](https://togithub.com/socketio/socket.io/issues/4625)) ([d0b22c6](https://togithub.com/socketio/socket.io/commit/d0b22c630208669aceb7ae013180c99ef90279b0))
##### Links
- Diff: https://github.com/socketio/socket.io/compare/4.6.0...4.6.1
- Client release: [4.6.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.1)
- [`engine.io@~6.4.1`](https://togithub.com/socketio/engine.io/releases/tag/6.4.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.0...6.4.1))
- [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change)
### [`v4.6.0`](https://togithub.com/socketio/socket.io/releases/tag/4.6.0)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.4...4.6.0)
##### Bug Fixes
- add timeout method to remote socket ([#4558](https://togithub.com/socketio/socket.io/issues/4558)) ([0c0eb00](https://togithub.com/socketio/socket.io/commit/0c0eb0016317218c2be3641e706cfaa9bea39a2d))
- **typings:** properly type emits with timeout ([f3ada7d](https://togithub.com/socketio/socket.io/commit/f3ada7d8ccc02eeced2b9b9ac8e4bc921eb630d2))
##### Features
##### Promise-based acknowledgements
This commit adds some syntactic sugar around acknowledgements:
- `emitWithAck()`
```js
try {
const responses = await io.timeout(1000).emitWithAck("some-event");
console.log(responses); // one response per client
} catch (e) {
// some clients did not acknowledge the event in the given delay
}
io.on("connection", async (socket) => {
// without timeout
const response = await socket.emitWithAck("hello", "world");
// with a specific timeout
try {
const response = await socket.timeout(1000).emitWithAck("hello", "world");
} catch (err) {
// the client did not acknowledge the event in the given delay
}
});
```
- `serverSideEmitWithAck()`
```js
try {
const responses = await io.timeout(1000).serverSideEmitWithAck("some-event");
console.log(responses); // one response per server (except itself)
} catch (e) {
// some servers did not acknowledge the event in the given delay
}
```
Added in [184f3cf](https://togithub.com/socketio/socket.io/commit/184f3cf7af57acc4b0948eee307f25f8536eb6c8).
##### Connection state recovery
This feature allows a client to reconnect after a temporary disconnection and restore its state:
- id
- rooms
- data
- missed packets
Usage:
```js
import { Server } from "socket.io";
const io = new Server({
connectionStateRecovery: {
// default values
maxDisconnectionDuration: 2 * 60 * 1000,
skipMiddlewares: true,
},
});
io.on("connection", (socket) => {
console.log(socket.recovered); // whether the state was recovered or not
});
```
Here's how it works:
- the server sends a session ID during the handshake (which is different from the current `id` attribute, which is public and can be freely shared)
- the server also includes an offset in each packet (added at the end of the data array, for backward compatibility)
- upon temporary disconnection, the server stores the client state for a given delay (implemented at the adapter level)
- upon reconnection, the client sends both the session ID and the last offset it has processed, and the server tries to restore the state
The in-memory adapter already supports this feature, and we will soon update the Postgres and MongoDB adapters. We will also create a new adapter based on [Redis Streams](https://redis.io/docs/data-types/streams/), which will support this feature.
Added in [54d5ee0](https://togithub.com/socketio/socket.io/commit/54d5ee05a684371191e207b8089f09fc24eb5107).
##### Compatibility (for real) with Express middlewares
This feature implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.
Syntax:
```js
io.engine.use((req, res, next) => {
// do something
next();
});
// with express-session
import session from "express-session";
io.engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
io.engine.use(helmet());
```
A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.
Added in [24786e7](https://togithub.com/socketio/engine.io/commit/24786e77c5403b1c4b5a2bc84e2af06f9187f74a).
##### Error details in the disconnecting and disconnect events
The `disconnect` event will now contain additional details about the disconnection reason.
```js
io.on("connection", (socket) => {
socket.on("disconnect", (reason, description) => {
console.log(description);
});
});
```
Added in [8aa9499](https://togithub.com/socketio/socket.io/commit/8aa94991cee5518567d6254eec04b23f81510257).
##### Automatic removal of empty child namespaces
This commit adds a new option, "cleanupEmptyChildNamespaces". With this option enabled (disabled by default), when a socket disconnects from a dynamic namespace and if there are no other sockets connected to it then the namespace will be cleaned up and its adapter will be closed.
```js
import { createServer } from "node:http";
import { Server } from "socket.io";
const httpServer = createServer();
const io = new Server(httpServer, {
cleanupEmptyChildNamespaces: true
});
```
Added in [5d9220b](https://togithub.com/socketio/socket.io/commit/5d9220b69adf73e086c27bbb63a4976b348f7c4c).
##### A new "addTrailingSlash" option
The trailing slash which was added by default can now be disabled:
```js
import { createServer } from "node:http";
import { Server } from "socket.io";
const httpServer = createServer();
const io = new Server(httpServer, {
addTrailingSlash: false
});
```
In the example above, the clients can omit the trailing slash and use `/socket.io` instead of `/socket.io/`.
Added in [d0fd474](https://togithub.com/socketio/engine.io/commit/d0fd4746afa396297f07bb62e539b0c1c4018d7c).
##### Performance Improvements
- precompute the WebSocket frames when broadcasting ([da2b542](https://togithub.com/socketio/socket.io/commit/da2b54279749adc5279c9ac4742b01b36c01cff0))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.5.4...4.6.0
- Client release: [4.6.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.0)
- [`engine.io@~6.4.0`](https://togithub.com/socketio/engine.io/releases/tag/6.4.0) ([diff](https://togithub.com/socketio/engine.io/compare/6.2.0...6.2.1))
- [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) ([diff](https://togithub.com/websockets/ws/compare/8.2.3...8.11.0))
### [`v4.5.4`](https://togithub.com/socketio/socket.io/releases/tag/4.5.4)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.3...4.5.4)
This release contains a bump of:
- `engine.io` in order to fix [CVE-2022-41940](https://togithub.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w)
- `socket.io-parser` in order to fix [CVE-2022-2421](https://togithub.com/advisories/GHSA-qm95-pgcg-qqfq).
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.5.3...4.5.4
- Client release: [4.5.4](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.4)
- [`engine.io@~6.2.1`](https://togithub.com/socketio/engine.io-client/tree/6.2.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.2.0...6.2.1))
- [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3)
### [`v4.5.3`](https://togithub.com/socketio/socket.io/releases/tag/4.5.3)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.2...4.5.3)
##### Bug Fixes
- **typings:** accept an HTTP2 server in the constructor ([d3d0a2d](https://togithub.com/socketio/socket.io/commit/d3d0a2d5beaff51fd145f810bcaf6914213f8a06))
- **typings:** apply types to "io.timeout(...).emit()" calls ([e357daf](https://togithub.com/socketio/socket.io/commit/e357daf5858560bc84e7e50cd36f0278d6721ea1))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.5.2...4.5.3
- Client release: [4.5.3](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.3)
- engine.io version: `~6.2.0`
- ws version: `~8.2.3`
### [`v4.5.2`](https://togithub.com/socketio/socket.io/releases/tag/4.5.2)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.1...4.5.2)
##### Bug Fixes
- prevent the socket from joining a room after disconnection ([18f3fda](https://togithub.com/socketio/socket.io/commit/18f3fdab12947a9fee3e9c37cfc1da97027d1473))
- **uws:** prevent the server from crashing after upgrade ([ba497ee](https://togithub.com/socketio/socket.io/commit/ba497ee3eb52c4abf1464380d015d8c788714364))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.5.1...4.5.2
- Client release: [4.5.2](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.2)
- engine.io version: `~6.2.0`
- ws version: `~8.2.3`
### [`v4.5.1`](https://togithub.com/socketio/socket.io/releases/tag/4.5.1)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1)
##### Bug Fixes
- forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60))
- **typings:** add HTTPS server to accepted types ([#4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.5.0...4.5.1
- Client release: [4.5.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.1)
- engine.io version: `~6.2.0`
- ws version: `~8.2.3`
### [`v4.5.0`](https://togithub.com/socketio/socket.io/releases/tag/4.5.0)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.1...4.5.0)
##### Bug Fixes
- **typings:** ensure compatibility with TypeScript 3.x ([#4259](https://togithub.com/socketio/socket.io/issues/4259)) ([02c87a8](https://togithub.com/socketio/socket.io/commit/02c87a85614e217b8e7b93753f315790ae9d99f6))
##### Features
- add support for catch-all listeners for outgoing packets ([531104d](https://togithub.com/socketio/socket.io/commit/531104d332690138b7aab84d5583d6204132c8b4))
This is similar to `onAny()`, but for outgoing packets.
Syntax:
```js
socket.onAnyOutgoing((event, ...args) => {
console.log(event);
});
```
- broadcast and expect multiple acks ([8b20457](https://togithub.com/socketio/socket.io/commit/8b204570a94979bbec307f23ca078f30f5cf07b0))
Syntax:
```js
io.timeout(1000).emit("some-event", (err, responses) => {
// ...
});
```
- add the "maxPayload" field in the handshake details ([088dcb4](https://togithub.com/socketio/engine.io/commit/088dcb4dff60df39785df13d0a33d3ceaa1dff38))
So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize
value.
This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as
we only add a field in the JSON-encoded handshake data:
0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.4.1...4.5.0
- Client release: [4.5.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.0)
- engine.io version: `~6.2.0` ([diff](https://togithub.com/socketio/engine.io/compare/6.1.0...6.2.0))
- ws version: `~8.2.3`
### [`v4.4.1`](https://togithub.com/socketio/socket.io/releases/tag/4.4.1)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.0...4.4.1)
##### Bug Fixes
- **types:** make `RemoteSocket.data` type safe ([#4234](https://togithub.com/socketio/socket.io/issues/4234)) ([770ee59](https://togithub.com/socketio/socket.io/commit/770ee5949fb47c2556876c622f06c862573657d6))
- **types:** pass `SocketData` type to custom namespaces ([#4233](https://togithub.com/socketio/socket.io/issues/4233)) ([f2b8de7](https://togithub.com/socketio/socket.io/commit/f2b8de71919e1b4d3e57f15a459972c1d1064787))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.4.0...4.4.1
- Client release: [4.4.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.4.1)
- engine.io version: `~6.1.0` ([diff](https://togithub.com/socketio/engine.io/compare/6.0.0...6.1.0))
- ws version: `~8.2.3`
### [`v4.4.0`](https://togithub.com/socketio/socket.io/releases/tag/4.4.0)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.2...4.4.0)
##### Bug Fixes
- only set 'connected' to true after middleware execution ([02b0f73](https://togithub.com/socketio/socket.io/commit/02b0f73e2c64b09c72c5fbf7dc5f059557bdbe50))
##### Features
- add an implementation based on uWebSockets.js ([c0d8c5a](https://togithub.com/socketio/socket.io/commit/c0d8c5ab234d0d2bef0d0dec472973cc9662f647))
```js
const { App } = require("uWebSockets.js");
const { Server } = require("socket.io");
const app = new App();
const io = new Server();
io.attachApp(app);
io.on("connection", (socket) => {
// ...
});
app.listen(3000, (token) => {
if (!token) {
console.warn("port already in use");
}
});
```
- add timeout feature ([f0ed42f](https://togithub.com/socketio/socket.io/commit/f0ed42f18cabef20ad976aeec37077b6bf3837a5))
```js
socket.timeout(5000).emit("my-event", (err) => {
if (err) {
// the client did not acknowledge the event in the given delay
}
});
```
- add type information to `socket.data` ([#4159](https://togithub.com/socketio/socket.io/issues/4159)) ([fe8730c](https://togithub.com/socketio/socket.io/commit/fe8730ca0f15bc92d5de81cf934c89c76d6af329))
```js
interface SocketData {
name: string;
age: number;
}
const io = new Server();
io.on("connection", (socket) => {
socket.data.name = "john";
socket.data.age = 42;
});
```
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.3.2...4.4.0
- Client release: [4.4.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.4.0)
- engine.io version: `~6.1.0` ([diff](https://togithub.com/socketio/engine.io/compare/6.0.0...6.1.0))
- ws version: `~8.2.3`
### [`v4.3.2`](https://togithub.com/socketio/socket.io/releases/tag/4.3.2)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.1...4.3.2)
##### Bug Fixes
- fix race condition in dynamic namespaces ([#4137](https://togithub.com/socketio/socket.io/issues/4137)) ([9d86397](https://togithub.com/socketio/socket.io/commit/9d86397243bcbb5775a29d96e5ef03e17148a8e7))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.3.1...4.3.2
- Client release: [4.3.2](https://togithub.com/socketio/socket.io-client/releases/tag/4.3.2)
- engine.io version: `~6.0.0`
- ws version: `~8.2.3`
### [`v4.3.1`](https://togithub.com/socketio/socket.io/releases/tag/4.3.1)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.0...4.3.1)
##### Bug Fixes
- fix server attachment ([#4127](https://togithub.com/socketio/socket.io/issues/4127)) ([0ef2a4d](https://togithub.com/socketio/socket.io/commit/0ef2a4d02c9350aff163df9cb61aece89c4dac0f))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.3.0...4.3.1
- Client release: [4.3.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.3.1)
- engine.io version: `~6.0.0`
- ws version: `~8.2.3`
### [`v4.3.0`](https://togithub.com/socketio/socket.io/releases/tag/4.3.0)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.2.0...4.3.0)
For this release, most of the work was done on the client side, see [here](https://togithub.com/socketio/socket.io-client/releases/tag/4.3.0).
##### Bug Fixes
- **typings:** add name field to cookie option ([#4099](https://togithub.com/socketio/socket.io/issues/4099)) ([033c5d3](https://togithub.com/socketio/socket.io/commit/033c5d399a2b985afad32c1e4b0c16d764e248cd))
- send volatile packets with binary attachments ([dc81fcf](https://togithub.com/socketio/socket.io/commit/dc81fcf461cfdbb5b34b1a5a96b84373754047d5))
##### Features
- serve ESM bundle ([60edecb](https://togithub.com/socketio/socket.io/commit/60edecb3bd33801803cdcba0aefbafa381a2abb3))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.2.0...4.3.0
- Client release: [4.3.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.3.0)
- engine.io version: `~6.0.0` ([diff](https://togithub.com/socketio/engine.io/compare/5.2.0...6.0.0))
- ws version: `~8.2.3` ([diff](https://togithub.com/websockets/ws/compare/7.4.2...8.2.3))
### [`v4.2.0`](https://togithub.com/socketio/socket.io/releases/tag/4.2.0)
[Compare Source](https://togithub.com/socketio/socket.io/compare/4.1.3...4.2.0)
##### Bug Fixes
- **typings:** allow async listener in typed events ([ccfd8ca](https://togithub.com/socketio/socket.io/commit/ccfd8caba6d38b7ba6c5114bd8179346ed07671c))
##### Features
- ignore the query string when serving client JavaScript ([#4024](https://togithub.com/socketio/socket.io/issues/4024)) ([24fee27](https://togithub.com/socketio/socket.io/commit/24fee27ba36485308f8e995879c10931532c814e))
##### Links:
- Diff: https://github.com/socketio/socket.io/compare/4.1.3...4.2.0
- Client release: [4.2.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.2.0)
- engine.io version: `~5.2.0`
- ws version: `~7.4.2`
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
4.1.3
->4.6.2
GitHub Vulnerability Alerts
CVE-2024-38355
Impact
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.
Affected versions
4.6.2...latest
3.0.0...4.6.1
socket.io@4.6.2
(at least)2.3.0...2.5.0
socket.io@2.5.1
Patches
This issue is fixed by https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115, included in
socket.io@4.6.2
(released in May 2023).The fix was backported in the 2.x branch today: https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c
Workarounds
As a workaround for the affected versions of the
socket.io
package, you can attach a listener for the "error" event:For more information
If you have any questions or comments about this advisory:
Thanks a lot to Paul Taylor for the responsible disclosure.
References
Release Notes
socketio/socket.io (socket.io)
### [`v4.6.2`](https://togithub.com/socketio/socket.io/releases/tag/4.6.2) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.1...4.6.2) ##### Bug Fixes - **exports:** move `types` condition to the top ([#4698](https://togithub.com/socketio/socket.io/issues/4698)) ([3d44aae](https://togithub.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e)) ##### Links - Diff: https://github.com/socketio/socket.io/compare/4.6.1...4.6.2 - Client release: [4.6.2](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.2) - [`engine.io@~6.4.2`](https://togithub.com/socketio/engine.io/releases/tag/6.4.2) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.1...6.4.2)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.6.1`](https://togithub.com/socketio/socket.io/releases/tag/4.6.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.0...4.6.1) ##### Bug Fixes - properly handle manually created dynamic namespaces ([0d0a7a2](https://togithub.com/socketio/socket.io/commit/0d0a7a22b5ff95f864216c529114b7dd41738d1e)) - **types:** fix nodenext module resolution compatibility ([#4625](https://togithub.com/socketio/socket.io/issues/4625)) ([d0b22c6](https://togithub.com/socketio/socket.io/commit/d0b22c630208669aceb7ae013180c99ef90279b0)) ##### Links - Diff: https://github.com/socketio/socket.io/compare/4.6.0...4.6.1 - Client release: [4.6.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.1) - [`engine.io@~6.4.1`](https://togithub.com/socketio/engine.io/releases/tag/6.4.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.0...6.4.1)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.6.0`](https://togithub.com/socketio/socket.io/releases/tag/4.6.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.4...4.6.0) ##### Bug Fixes - add timeout method to remote socket ([#4558](https://togithub.com/socketio/socket.io/issues/4558)) ([0c0eb00](https://togithub.com/socketio/socket.io/commit/0c0eb0016317218c2be3641e706cfaa9bea39a2d)) - **typings:** properly type emits with timeout ([f3ada7d](https://togithub.com/socketio/socket.io/commit/f3ada7d8ccc02eeced2b9b9ac8e4bc921eb630d2)) ##### Features ##### Promise-based acknowledgements This commit adds some syntactic sugar around acknowledgements: - `emitWithAck()` ```js try { const responses = await io.timeout(1000).emitWithAck("some-event"); console.log(responses); // one response per client } catch (e) { // some clients did not acknowledge the event in the given delay } io.on("connection", async (socket) => { // without timeout const response = await socket.emitWithAck("hello", "world"); // with a specific timeout try { const response = await socket.timeout(1000).emitWithAck("hello", "world"); } catch (err) { // the client did not acknowledge the event in the given delay } }); ``` - `serverSideEmitWithAck()` ```js try { const responses = await io.timeout(1000).serverSideEmitWithAck("some-event"); console.log(responses); // one response per server (except itself) } catch (e) { // some servers did not acknowledge the event in the given delay } ``` Added in [184f3cf](https://togithub.com/socketio/socket.io/commit/184f3cf7af57acc4b0948eee307f25f8536eb6c8). ##### Connection state recovery This feature allows a client to reconnect after a temporary disconnection and restore its state: - id - rooms - data - missed packets Usage: ```js import { Server } from "socket.io"; const io = new Server({ connectionStateRecovery: { // default values maxDisconnectionDuration: 2 * 60 * 1000, skipMiddlewares: true, }, }); io.on("connection", (socket) => { console.log(socket.recovered); // whether the state was recovered or not }); ``` Here's how it works: - the server sends a session ID during the handshake (which is different from the current `id` attribute, which is public and can be freely shared) - the server also includes an offset in each packet (added at the end of the data array, for backward compatibility) - upon temporary disconnection, the server stores the client state for a given delay (implemented at the adapter level) - upon reconnection, the client sends both the session ID and the last offset it has processed, and the server tries to restore the state The in-memory adapter already supports this feature, and we will soon update the Postgres and MongoDB adapters. We will also create a new adapter based on [Redis Streams](https://redis.io/docs/data-types/streams/), which will support this feature. Added in [54d5ee0](https://togithub.com/socketio/socket.io/commit/54d5ee05a684371191e207b8089f09fc24eb5107). ##### Compatibility (for real) with Express middlewares This feature implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle. Syntax: ```js io.engine.use((req, res, next) => { // do something next(); }); // with express-session import session from "express-session"; io.engine.use(session({ secret: "keyboard cat", resave: false, saveUninitialized: true, cookie: { secure: true } })); // with helmet import helmet from "helmet"; io.engine.use(helmet()); ``` A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too. Added in [24786e7](https://togithub.com/socketio/engine.io/commit/24786e77c5403b1c4b5a2bc84e2af06f9187f74a). ##### Error details in the disconnecting and disconnect events The `disconnect` event will now contain additional details about the disconnection reason. ```js io.on("connection", (socket) => { socket.on("disconnect", (reason, description) => { console.log(description); }); }); ``` Added in [8aa9499](https://togithub.com/socketio/socket.io/commit/8aa94991cee5518567d6254eec04b23f81510257). ##### Automatic removal of empty child namespaces This commit adds a new option, "cleanupEmptyChildNamespaces". With this option enabled (disabled by default), when a socket disconnects from a dynamic namespace and if there are no other sockets connected to it then the namespace will be cleaned up and its adapter will be closed. ```js import { createServer } from "node:http"; import { Server } from "socket.io"; const httpServer = createServer(); const io = new Server(httpServer, { cleanupEmptyChildNamespaces: true }); ``` Added in [5d9220b](https://togithub.com/socketio/socket.io/commit/5d9220b69adf73e086c27bbb63a4976b348f7c4c). ##### A new "addTrailingSlash" option The trailing slash which was added by default can now be disabled: ```js import { createServer } from "node:http"; import { Server } from "socket.io"; const httpServer = createServer(); const io = new Server(httpServer, { addTrailingSlash: false }); ``` In the example above, the clients can omit the trailing slash and use `/socket.io` instead of `/socket.io/`. Added in [d0fd474](https://togithub.com/socketio/engine.io/commit/d0fd4746afa396297f07bb62e539b0c1c4018d7c). ##### Performance Improvements - precompute the WebSocket frames when broadcasting ([da2b542](https://togithub.com/socketio/socket.io/commit/da2b54279749adc5279c9ac4742b01b36c01cff0)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.5.4...4.6.0 - Client release: [4.6.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.6.0) - [`engine.io@~6.4.0`](https://togithub.com/socketio/engine.io/releases/tag/6.4.0) ([diff](https://togithub.com/socketio/engine.io/compare/6.2.0...6.2.1)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) ([diff](https://togithub.com/websockets/ws/compare/8.2.3...8.11.0)) ### [`v4.5.4`](https://togithub.com/socketio/socket.io/releases/tag/4.5.4) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.3...4.5.4) This release contains a bump of: - `engine.io` in order to fix [CVE-2022-41940](https://togithub.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w) - `socket.io-parser` in order to fix [CVE-2022-2421](https://togithub.com/advisories/GHSA-qm95-pgcg-qqfq). ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.5.3...4.5.4 - Client release: [4.5.4](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.4) - [`engine.io@~6.2.1`](https://togithub.com/socketio/engine.io-client/tree/6.2.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.2.0...6.2.1)) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) ### [`v4.5.3`](https://togithub.com/socketio/socket.io/releases/tag/4.5.3) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.2...4.5.3) ##### Bug Fixes - **typings:** accept an HTTP2 server in the constructor ([d3d0a2d](https://togithub.com/socketio/socket.io/commit/d3d0a2d5beaff51fd145f810bcaf6914213f8a06)) - **typings:** apply types to "io.timeout(...).emit()" calls ([e357daf](https://togithub.com/socketio/socket.io/commit/e357daf5858560bc84e7e50cd36f0278d6721ea1)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.5.2...4.5.3 - Client release: [4.5.3](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.3) - engine.io version: `~6.2.0` - ws version: `~8.2.3` ### [`v4.5.2`](https://togithub.com/socketio/socket.io/releases/tag/4.5.2) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.1...4.5.2) ##### Bug Fixes - prevent the socket from joining a room after disconnection ([18f3fda](https://togithub.com/socketio/socket.io/commit/18f3fdab12947a9fee3e9c37cfc1da97027d1473)) - **uws:** prevent the server from crashing after upgrade ([ba497ee](https://togithub.com/socketio/socket.io/commit/ba497ee3eb52c4abf1464380d015d8c788714364)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.5.1...4.5.2 - Client release: [4.5.2](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.2) - engine.io version: `~6.2.0` - ws version: `~8.2.3` ### [`v4.5.1`](https://togithub.com/socketio/socket.io/releases/tag/4.5.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1) ##### Bug Fixes - forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60)) - **typings:** add HTTPS server to accepted types ([#4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.5.0...4.5.1 - Client release: [4.5.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.1) - engine.io version: `~6.2.0` - ws version: `~8.2.3` ### [`v4.5.0`](https://togithub.com/socketio/socket.io/releases/tag/4.5.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.1...4.5.0) ##### Bug Fixes - **typings:** ensure compatibility with TypeScript 3.x ([#4259](https://togithub.com/socketio/socket.io/issues/4259)) ([02c87a8](https://togithub.com/socketio/socket.io/commit/02c87a85614e217b8e7b93753f315790ae9d99f6)) ##### Features - add support for catch-all listeners for outgoing packets ([531104d](https://togithub.com/socketio/socket.io/commit/531104d332690138b7aab84d5583d6204132c8b4)) This is similar to `onAny()`, but for outgoing packets. Syntax: ```js socket.onAnyOutgoing((event, ...args) => { console.log(event); }); ``` - broadcast and expect multiple acks ([8b20457](https://togithub.com/socketio/socket.io/commit/8b204570a94979bbec307f23ca078f30f5cf07b0)) Syntax: ```js io.timeout(1000).emit("some-event", (err, responses) => { // ... }); ``` - add the "maxPayload" field in the handshake details ([088dcb4](https://togithub.com/socketio/engine.io/commit/088dcb4dff60df39785df13d0a33d3ceaa1dff38)) So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value. This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data: 0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000} ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.4.1...4.5.0 - Client release: [4.5.0](https://togithub.com/socketio/socket.io-client/releases/tag/4.5.0) - engine.io version: `~6.2.0` ([diff](https://togithub.com/socketio/engine.io/compare/6.1.0...6.2.0)) - ws version: `~8.2.3` ### [`v4.4.1`](https://togithub.com/socketio/socket.io/releases/tag/4.4.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.4.0...4.4.1) ##### Bug Fixes - **types:** make `RemoteSocket.data` type safe ([#4234](https://togithub.com/socketio/socket.io/issues/4234)) ([770ee59](https://togithub.com/socketio/socket.io/commit/770ee5949fb47c2556876c622f06c862573657d6)) - **types:** pass `SocketData` type to custom namespaces ([#4233](https://togithub.com/socketio/socket.io/issues/4233)) ([f2b8de7](https://togithub.com/socketio/socket.io/commit/f2b8de71919e1b4d3e57f15a459972c1d1064787)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/4.4.0...4.4.1 - Client release: [4.4.1](https://togithub.com/socketio/socket.io-client/releases/tag/4.4.1) - engine.io version: `~6.1.0` ([diff](https://togithub.com/socketio/engine.io/compare/6.0.0...6.1.0)) - ws version: `~8.2.3` ### [`v4.4.0`](https://togithub.com/socketio/socket.io/releases/tag/4.4.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.3.2...4.4.0) ##### Bug Fixes - only set 'connected' to true after middleware execution ([02b0f73](https://togithub.com/socketio/socket.io/commit/02b0f73e2c64b09c72c5fbf7dc5f059557bdbe50)) ##### Features - add an implementation based on uWebSockets.js ([c0d8c5a](https://togithub.com/socketio/socket.io/commit/c0d8c5ab234d0d2bef0d0dec472973cc9662f647)) ```js const { App } = require("uWebSockets.js"); const { Server } = require("socket.io"); const app = new App(); const io = new Server(); io.attachApp(app); io.on("connection", (socket) => { // ... }); app.listen(3000, (token) => { if (!token) { console.warn("port already in use"); } }); ``` - add timeout feature ([f0ed42f](https://togithub.com/socketio/socket.io/commit/f0ed42f18cabef20ad976aeec37077b6bf3837a5)) ```js socket.timeout(5000).emit("my-event", (err) => { if (err) { // the client did not acknowledge the event in the given delay } }); ``` - add type information to `socket.data` ([#4159](https://togithub.com/socketio/socket.io/issues/4159)) ([fe8730c](https://togithub.com/socketio/socket.io/commit/fe8730ca0f15bc92d5de81cf934c89c76d6af329)) ```js interface SocketData { name: string; age: number; } const io = new ServerConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.