search

GoogleChromeLabs / ProjectVisBug

FireBug for designers › Edit any webpage, in any state https://a.nerdy.dev/gimme-visbug
https://visbug.web.app
Apache License 2.0
5.41k stars 284 forks source link

Bump engine.io and browser-sync #572

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps engine.io to 6.2.0 and updates ancestor dependency browser-sync. These dependencies need to be updated together.

Updates engine.io from 3.2.1 to 6.2.0

Release notes

Sourced from engine.io's releases.

6.2.0

Features

  • add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

Links

6.1.3

Bug Fixes

  • typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
  • uws: properly handle chunked content (#642) (3367440)

Links

6.1.2

Bug Fixes

  • uws: expose additional uWebSockets.js options (#634) (49bb7cf)
  • uws: fix HTTP long-polling with CORS (45112a3)
  • uws: handle invalid websocket upgrades (8b4d6a8)

Links

6.1.1

:warning: This release contains an important security fix :warning:

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.2.0 (2022-04-17)

Features

  • add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

6.1.3 (2022-02-23)

Bug Fixes

  • typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
  • uws: properly handle chunked content (#642) (3367440)

6.1.2 (2022-01-18)

Bug Fixes

  • uws: expose additional uWebSockets.js options (#634) (49bb7cf)
  • uws: fix HTTP long-polling with CORS (45112a3)
  • uws: handle invalid websocket upgrades (8b4d6a8)

6.1.1 (2022-01-11)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14) at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22) at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10)

... (truncated)

Commits
  • d7e3ab7 chore(release): 6.2.0
  • 088dcb4 feat: add the "maxPayload" field in the handshake details
  • 657f04e chore: add Node.js 16 in the test matrix
  • e24b27b refactor: return an HTTP 413 response for too large payloads
  • ce3fe9d chore(release): 6.1.3
  • 1bc5b1a chore: bump engine.io-parser to version 5.0.3
  • 5df4f18 perf(uws): remove nested inner functions
  • 3367440 fix(uws): properly handle chunked content (#642)
  • a463d26 fix(typings): allow CorsOptionsDelegate as cors options (#641)
  • 90fb0a9 chore(release): 6.1.2
  • Additional commits viewable in compare view


Updates browser-sync from 2.26.13 to 2.27.10

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

added snippet: boolean option

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GoogleChromeLabs/ProjectVisBug/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.