chore(deps): bump socket.io from 4.6.1 to 4.7.1

[dependabot[bot]]

Bumps socket.io from 4.6.1 to 4.7.1.

Release notes

Sourced from socket.io's releases.

4.7.1

The client bundle contains a few fixes regarding the WebTransport support.

Links

• Diff: https://github.com/socketio/socket.io/compare/4.7.0...4.7.1
• Client release: 4.7.1
• engine.io@~6.5.0 (no change)
• ws@~8.11.0 (no change)

4.7.0

Bug Fixes

• remove the Partial modifier from the socket.data type (#4740) (e5c62ca)

Features

Support for WebTransport

The Socket.IO server can now use WebTransport as the underlying transport.

WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.

References:

• https://w3c.github.io/webtransport/
• https://developer.mozilla.org/en-US/docs/Web/API/WebTransport
• https://developer.chrome.com/articles/webtransport/

Until WebTransport support lands in Node.js, you can use the @fails-components/webtransport package:

import { readFileSync } from "fs";
import { createServer } from "https";
import { Server } from "socket.io";
import { Http3Server } from "@fails-components/webtransport";
// WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements)
const cert = readFileSync("/path/to/my/cert.pem");
const key = readFileSync("/path/to/my/key.pem");
const httpsServer = createServer({
key,
cert
});
httpsServer.listen(3000);
const io = new Server(httpsServer, {
</tr></table>

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.7.1 (2023-06-28)

The client bundle contains a few fixes regarding the WebTransport support.

Dependencies

• engine.io@~6.5.0 (no change)
• ws@~8.11.0 (no change)

4.7.0 (2023-06-22)

Bug Fixes

• remove the Partial modifier from the socket.data type (#4740) (e5c62ca)

Features

Support for WebTransport

The Socket.IO server can now use WebTransport as the underlying transport.

WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.

References:

• https://w3c.github.io/webtransport/
• https://developer.mozilla.org/en-US/docs/Web/API/WebTransport
• https://developer.chrome.com/articles/webtransport/

Until WebTransport support lands in Node.js, you can use the @fails-components/webtransport package:

import { readFileSync } from "fs";
import { createServer } from "https";
import { Server } from "socket.io";
import { Http3Server } from "@fails-components/webtransport";
// WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements)
const cert = readFileSync("/path/to/my/cert.pem");
const key = readFileSync("/path/to/my/key.pem");
const httpsServer = createServer({
key,
cert
});
</tr></table>

... (truncated)

Commits

• 2f6cc2f chore(release): 4.7.1
• 00d8ee5 chore(release): 4.7.0
• 2dd5fa9 ci: add Node.js 20 in the test matrix
• a5dff0a docs(examples): increase httpd ProxyTimeout value (2)
• 3035c25 docs(examples): increase httpd ProxyTimeout value
• 63f181c feat: serve client bundles with CORS headers
• a250e28 chore: bump engine.io to version 6.5.0
• e5c62ca fix: remove the Partial modifier from the socket.data type (#4740)
• 01d3762 docs(changelog): update the version range of the engine.io dependency
• faf914c chore(release): 4.6.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security[bot]]

Removed dependencies detected. Learn more about Socket for GitHub ↗︎

🚮 Removed packages: socket.io@4.6.1