Bump engine.io and webpack-dashboard

[dependabot[bot]]

Bumps engine.io to 6.2.1 and updates ancestor dependency webpack-dashboard. These dependencies need to be updated together.

Updates engine.io from 1.8.4 to 6.2.1

Release notes

Sourced from engine.io's releases.

6.2.1

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

• catch errors when destroying invalid upgrades (#658) (425e833)

6.2.0

Features

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

Links

• Diff: https://github.com/socketio/engine.io/compare/6.1.3...6.2.0
• Client release: 6.2.0
• ws version: ~8.2.3

6.1.3

Bug Fixes

• typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
• uws: properly handle chunked content (#642) (3367440)

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.2.1 (2022-11-20)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

• catch errors when destroying invalid upgrades (#658) (425e833)

3.6.0 (2022-06-06)

Bug Fixes

• add extension in the package.json main entry (#608) (3ad0567)
• do not reset the ping timer after upgrade (1f5d469), closes socketio/socket.io-client-swift#1309

Features

• decrease the default value of maxHttpBufferSize (58e274c)

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

• increase the default value of pingTimeout (f55a79a)

... (truncated)

Commits

• 24b847b chore(release): 6.2.1
• 425e833 fix: catch errors when destroying invalid upgrades (#658)
• 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
• d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
• 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
• 535a01d ci: add Node.js 18 in the test matrix
• 1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
• 917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
• 020801a chore: add changelog for version 3.6.0
• ed1d6f9 test: make test script work on Windows (#643)
• Additional commits viewable in compare view

Updates webpack-dashboard from 1.0.0 to 3.3.7

Release notes

Sourced from webpack-dashboard's releases.

v3.0.7

Features

• Very minor path normalization for displaying modules paths on Windows and Prettier fixes for Windows. Included in: FormidableLabs/webpack-dashboard#284 by @​ryan-roemer.
• Add AppVeyor for Windows builds in CI. Included in: FormidableLabs/webpack-dashboard#284 by @​ryan-roemer.

Migration Instructions

No changes required to start using v3.0.7 🎉.

v3.0.6

Features

• Prevent dashboard from spawning its own console for the child process on Windows. Closes #212. Included in: FormidableLabs/webpack-dashboard#284 by @​snack-able.

Migration Instructions

No changes required to start using v3.0.6 🎉.

v3.0.5

Features

• Use npm-run-all as task runner for package.json scripts. Included in: FormidableLabs/webpack-dashboard#283.
• Use test in lieu of test-summary for nyc coverage reporting on command line. Included in: FormidableLabs/webpack-dashboard#283.

Security

• Address handlebars security vulnerability. Included in: FormidableLabs/webpack-dashboard#282 by @​juliusl.
• Address additional security vulnerabilities in js-yaml. Included in: FormidableLabs/webpack-dashboard#283.

v3.0.4

v3.0.4 was an erroneous publish.

v3.0.3

Bugs

Socket.io disconnects / large stats object size: Dramatically reduce the size of the webpack stats object being sent from client (webpack plugin) to server (CLI). Add client error/disconnect information for better future debugging. Original issue: #279 and fix: #281.

Migration Instructions

No changes required to start using v3.0.3 🎉.

3.0.2

Features

• Upgrade inspectpack dependency to handle null chunks. Original issue: FormidableLabs/inspectpack#110 and upstream fix: FormidableLabs/inspectpack#111

Migration Instructions

No changes required to start using v3.0.2 🎉.

3.0.1

... (truncated)

Changelog

Sourced from webpack-dashboard's changelog.

3.3.7

• Bug: Move plugin types and update to webpack v5. #324

3.3.6

• Bug: Allow socket messages to be null. #335, #336

[3.3.5] - 2021-07-12

• Chore: Update dependencies. #333
• Coverage: Add CodeCov stats. #206
• CI: Update Node matrix to 12/14/16.

[3.3.4] - 2021-07-12

• Chore: Refactor internal stats consumption to perform inspectpack analysis in the main thread, without using main streams.
• Chore: Refactor internal handler in plugin to always be a wrapped function so that we can't accidentally have asynchronous code call the handler function after it is removed / nulled.
• Bugfix: Add message counting delayed cleanup in plugin to allow messages to drain in Dashboard. Fixes #294.

[3.3.3] - 2021-05-05

• Security: Update socket.io version to get rid of vulnerable xmlhttprequest-ssl package. Included in: FormidableLabs/webpack-dashboard#325 by @​texpert.

[3.3.2] - 2021-05-05

• Empty publish.

[3.3.1] - 2021-01-29

• Bugfix: Ensure Status is properly updating and reaches completion. Fixes #321

[3.3.0] - 2021-01-21

• Add webpack@5 support. Closes #316
• Bugfix: webpack@5 warning message conflict. Fixes #314
• Update various production dependencies.

[3.2.1] - 2020-08-24

• Add missing dependency on chalk. Included in: FormidableLabs/webpack-dashboard#309 by @​am-a.

[3.2.0] - 2019-09-08

• Add left / right navigation keys to assets in Modules and Problems screens. Included in: FormidableLabs/webpack-dashboard#288 by @​wapgear.

[3.1.0] - 2019-08-27

• Add DashboardPlugin({ includeAssets: [ "stringPrefix", /regexObj/ ] }) Webpack plugin filtering option.
• Add webpack-dashboard --include-assets stringPrefix1 -a stringPrefix2 CLI filtering option.

... (truncated)

Commits

• cb31516 3.3.7
• 3370126 Changes for 3.3.7
• 4802585 Bug: TS fixes (#341)
• 8a725a4 Merge pull request #340 from FormidableLabs/update-readme-images
• c80df63 update readme image urls
• 530a59d Cleaned up the issue template (#337)
• 983a80c 3.3.6
• cb0aaa2 Changes for 3.3.6
• ee73086 Bug: (#338)
• 1c958c4 3.3.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GeminiWind/VueJS_ChatRoom/network/alerts).