Bump engine.io from 6.2.0 to 6.4.0

[dependabot[bot]]

Bumps engine.io from 6.2.0 to 6.4.0.

Release notes

Sourced from engine.io's releases.

6.4.0

Features

• add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.

Syntax:

engine.use((req, res, next) => {
  // do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
engine.use(helmet());

Links

• Diff: https://github.com/socketio/engine.io/compare/6.3.1...6.4.0
• Client release: 6.4.0
• ws version: ~8.11.0 (no change)

6.3.1

Links

• Diff: https://github.com/socketio/engine.io/compare/6.3.0...6.3.1
• Client release: -
• ws version: ~8.11.0 (no change)

6.3.0

Bug Fixes

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.4.0 (2023-02-06)

Features

• add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.

Syntax:

engine.use((req, res, next) => {
  // do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
engine.use(helmet());

Dependencies

• ws@~8.11.0 (no change)

6.3.1 (2023-01-12)

Dependencies

• ws@~8.11.0 (no change)

... (truncated)

Commits

• 898bd1c chore(release): 6.4.0
• 6220d14 chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (#667)
• 24786e7 feat: add support for Express middlewares
• 4d6f454 chore(release): 6.3.1
• 69603b9 refactor: make the compress option optional
• ae1ea77 chore(release): 6.3.0
• a65a047 fix: wait for all packets to be sent before closing the WebSocket connection
• ed87609 fix: fix the ES module wrapper
• bc98bf1 refactor: bump prettier to version 2.8.1
• 33dc073 docs: add some TODOs for the next major release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #380.