search

UniCoderGroup / ucon

A totally different framework of user interface with components.
MIT License
2 stars 1 forks source link

fix(deps): update dependency socket.io to v4.7.2 #78

Open renovate[bot] opened 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
socket.io 4.5.0 -> 4.7.2 age adoption passing confidence

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

socketio/socket.io (socket.io) ### [`v4.7.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#472-2023-08-02) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.7.1...4.7.2) ##### Bug Fixes - clean up child namespace when client is rejected in middleware ([#​4773](https://togithub.com/socketio/socket.io/issues/4773)) ([0731c0d](https://togithub.com/socketio/socket.io/commit/0731c0d2f497d5cce596ea1ec32a67c08bcccbcd)) - **webtransport:** properly handle WebTransport-only connections ([3468a19](https://togithub.com/socketio/socket.io/commit/3468a197afe87e65eb0d779fabd347fe683013ab)) - **webtransport:** add proper framing ([a306db0](https://togithub.com/socketio/engine.io/commit/a306db09e8ddb367c7d62f45fec920f979580b7c)) ##### Dependencies - [`engine.io@~6.5.2`](https://togithub.com/socketio/engine.io/releases/tag/6.5.2) ([diff](https://togithub.com/socketio/engine.io/compare/6.5.0...6.5.2)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.7.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#471-2023-06-28) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.7.0...4.7.1) The client bundle contains a few fixes regarding the WebTransport support. ##### Dependencies - [`engine.io@~6.5.0`](https://togithub.com/socketio/engine.io/releases/tag/6.5.0) (no change) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.7.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#470-2023-06-22) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.2...4.7.0) ##### Bug Fixes - remove the Partial modifier from the socket.data type ([#​4740](https://togithub.com/socketio/socket.io/issues/4740)) ([e5c62ca](https://togithub.com/socketio/socket.io/commit/e5c62cad60fc7d16fbb024fd9be1d1880f4e6f5f)) ##### Features ##### Support for WebTransport The Socket.IO server can now use WebTransport as the underlying transport. WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server. References: - https://w3c.github.io/webtransport/ - https://developer.mozilla.org/en-US/docs/Web/API/WebTransport - https://developer.chrome.com/articles/webtransport/ Until WebTransport support lands [in Node.js](https://togithub.com/nodejs/node/issues/38478), you can use the `@fails-components/webtransport` package: ```js import { readFileSync } from "fs"; import { createServer } from "https"; import { Server } from "socket.io"; import { Http3Server } from "@​fails-components/webtransport"; // WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements) const cert = readFileSync("/path/to/my/cert.pem"); const key = readFileSync("/path/to/my/key.pem"); const httpsServer = createServer({ key, cert }); httpsServer.listen(3000); const io = new Server(httpsServer, { transports: ["polling", "websocket", "webtransport"] // WebTransport is not enabled by default }); const h3Server = new Http3Server({ port: 3000, host: "0.0.0.0", secret: "changeit", cert, privKey: key, }); (async () => { const stream = await h3Server.sessionStream("/socket.io/"); const sessionReader = stream.getReader(); while (true) { const { done, value } = await sessionReader.read(); if (done) { break; } io.engine.onWebTransportSession(value); } })(); h3Server.startServer(); ``` Added in [123b68c](https://togithub.com/socketio/engine.io/commit/123b68c04f9e971f59b526e0f967a488ee6b0116). ##### Client bundles with CORS headers The bundles will now have the right `Access-Control-Allow-xxx` headers. Added in [63f181c](https://togithub.com/socketio/socket.io/commit/63f181cc12cbbbf94ed40eef52d60f36a1214fbe). ##### Dependencies - [`engine.io@~6.5.0`](https://togithub.com/socketio/engine.io/releases/tag/6.5.0) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.2...6.5.0)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.6.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#462-2023-05-31) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.1...4.6.2) ##### Bug Fixes - **exports:** move `types` condition to the top ([#​4698](https://togithub.com/socketio/socket.io/issues/4698)) ([3d44aae](https://togithub.com/socketio/socket.io/commit/3d44aae381af38349fdb808d510d9f47a0c2507e)) ##### Dependencies - [`engine.io@~6.4.2`](https://togithub.com/socketio/engine.io/releases/tag/6.4.0) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.1...6.4.2)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.6.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#461-2023-02-20) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.6.0...4.6.1) ##### Bug Fixes - properly handle manually created dynamic namespaces ([0d0a7a2](https://togithub.com/socketio/socket.io/commit/0d0a7a22b5ff95f864216c529114b7dd41738d1e)) - **types:** fix nodenext module resolution compatibility ([#​4625](https://togithub.com/socketio/socket.io/issues/4625)) ([d0b22c6](https://togithub.com/socketio/socket.io/commit/d0b22c630208669aceb7ae013180c99ef90279b0)) ##### Dependencies - [`engine.io@~6.4.1`](https://togithub.com/socketio/engine.io/releases/tag/6.4.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.4.0...6.4.1)) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (no change) ### [`v4.6.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#460-2023-02-07) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.4...4.6.0) ##### Bug Fixes - add timeout method to remote socket ([#​4558](https://togithub.com/socketio/socket.io/issues/4558)) ([0c0eb00](https://togithub.com/socketio/socket.io/commit/0c0eb0016317218c2be3641e706cfaa9bea39a2d)) - **typings:** properly type emits with timeout ([f3ada7d](https://togithub.com/socketio/socket.io/commit/f3ada7d8ccc02eeced2b9b9ac8e4bc921eb630d2)) ##### Features ##### Promise-based acknowledgements This commit adds some syntactic sugar around acknowledgements: - `emitWithAck()` ```js try { const responses = await io.timeout(1000).emitWithAck("some-event"); console.log(responses); // one response per client } catch (e) { // some clients did not acknowledge the event in the given delay } io.on("connection", async (socket) => { // without timeout const response = await socket.emitWithAck("hello", "world"); // with a specific timeout try { const response = await socket.timeout(1000).emitWithAck("hello", "world"); } catch (err) { // the client did not acknowledge the event in the given delay } }); ``` - `serverSideEmitWithAck()` ```js try { const responses = await io.timeout(1000).serverSideEmitWithAck("some-event"); console.log(responses); // one response per server (except itself) } catch (e) { // some servers did not acknowledge the event in the given delay } ``` Added in [184f3cf](https://togithub.com/socketio/socket.io/commit/184f3cf7af57acc4b0948eee307f25f8536eb6c8). ##### Connection state recovery This feature allows a client to reconnect after a temporary disconnection and restore its state: - id - rooms - data - missed packets Usage: ```js import { Server } from "socket.io"; const io = new Server({ connectionStateRecovery: { // default values maxDisconnectionDuration: 2 * 60 * 1000, skipMiddlewares: true, }, }); io.on("connection", (socket) => { console.log(socket.recovered); // whether the state was recovered or not }); ``` Here's how it works: - the server sends a session ID during the handshake (which is different from the current `id` attribute, which is public and can be freely shared) - the server also includes an offset in each packet (added at the end of the data array, for backward compatibility) - upon temporary disconnection, the server stores the client state for a given delay (implemented at the adapter level) - upon reconnection, the client sends both the session ID and the last offset it has processed, and the server tries to restore the state The in-memory adapter already supports this feature, and we will soon update the Postgres and MongoDB adapters. We will also create a new adapter based on [Redis Streams](https://redis.io/docs/data-types/streams/), which will support this feature. Added in [54d5ee0](https://togithub.com/socketio/socket.io/commit/54d5ee05a684371191e207b8089f09fc24eb5107). ##### Compatibility (for real) with Express middlewares This feature implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle. Syntax: ```js io.engine.use((req, res, next) => { // do something next(); }); // with express-session import session from "express-session"; io.engine.use(session({ secret: "keyboard cat", resave: false, saveUninitialized: true, cookie: { secure: true } })); // with helmet import helmet from "helmet"; io.engine.use(helmet()); ``` A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too. Added in [24786e7](https://togithub.com/socketio/engine.io/commit/24786e77c5403b1c4b5a2bc84e2af06f9187f74a). ##### Error details in the disconnecting and disconnect events The `disconnect` event will now contain additional details about the disconnection reason. ```js io.on("connection", (socket) => { socket.on("disconnect", (reason, description) => { console.log(description); }); }); ``` Added in [8aa9499](https://togithub.com/socketio/socket.io/commit/8aa94991cee5518567d6254eec04b23f81510257). ##### Automatic removal of empty child namespaces This commit adds a new option, "cleanupEmptyChildNamespaces". With this option enabled (disabled by default), when a socket disconnects from a dynamic namespace and if there are no other sockets connected to it then the namespace will be cleaned up and its adapter will be closed. ```js import { createServer } from "node:http"; import { Server } from "socket.io"; const httpServer = createServer(); const io = new Server(httpServer, { cleanupEmptyChildNamespaces: true }); ``` Added in [5d9220b](https://togithub.com/socketio/socket.io/commit/5d9220b69adf73e086c27bbb63a4976b348f7c4c). ##### A new "addTrailingSlash" option The trailing slash which was added by default can now be disabled: ```js import { createServer } from "node:http"; import { Server } from "socket.io"; const httpServer = createServer(); const io = new Server(httpServer, { addTrailingSlash: false }); ``` In the example above, the clients can omit the trailing slash and use `/socket.io` instead of `/socket.io/`. Added in [d0fd474](https://togithub.com/socketio/engine.io/commit/d0fd4746afa396297f07bb62e539b0c1c4018d7c). ##### Performance Improvements - precompute the WebSocket frames when broadcasting ([da2b542](https://togithub.com/socketio/socket.io/commit/da2b54279749adc5279c9ac4742b01b36c01cff0)) ##### Dependencies - [`engine.io@~6.4.0`](https://togithub.com/socketio/engine.io/releases/tag/6.4.0) (https://github.com/socketio/engine.io/compare/6.2.1...6.4.0) - [`ws@~8.11.0`](https://togithub.com/websockets/ws/releases/tag/8.11.0) (https://github.com/websockets/ws/compare/8.2.3...8.11.0) ### [`v4.5.4`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#454-2022-11-22) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.3...4.5.4) This release contains a bump of: - `engine.io` in order to fix [CVE-2022-41940](https://togithub.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w) - `socket.io-parser` in order to fix [CVE-2022-2421](https://togithub.com/advisories/GHSA-qm95-pgcg-qqfq). ##### Dependencies - [`engine.io@~6.2.1`](https://togithub.com/socketio/engine.io/releases/tag/6.2.1) ([diff](https://togithub.com/socketio/engine.io/compare/6.2.0...6.2.1)) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v4.5.3`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#453-2022-10-15) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.2...4.5.3) ##### Bug Fixes - **typings:** accept an HTTP2 server in the constructor ([d3d0a2d](https://togithub.com/socketio/socket.io/commit/d3d0a2d5beaff51fd145f810bcaf6914213f8a06)) - **typings:** apply types to "io.timeout(...).emit()" calls ([e357daf](https://togithub.com/socketio/socket.io/commit/e357daf5858560bc84e7e50cd36f0278d6721ea1)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.1) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v4.5.2`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#452-2022-09-02) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.1...4.5.2) ##### Bug Fixes - prevent the socket from joining a room after disconnection ([18f3fda](https://togithub.com/socketio/socket.io/commit/18f3fdab12947a9fee3e9c37cfc1da97027d1473)) - **uws:** prevent the server from crashing after upgrade ([ba497ee](https://togithub.com/socketio/socket.io/commit/ba497ee3eb52c4abf1464380d015d8c788714364)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change) ### [`v4.5.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#451-2022-05-17) [Compare Source](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1) ##### Bug Fixes - forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60)) - **typings:** add HTTPS server to accepted types ([#​4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51)) ##### Dependencies - [`engine.io@~6.2.0`](https://togithub.com/socketio/engine.io/releases/tag/6.2.0) (no change) - [`ws@~8.2.3`](https://togithub.com/websockets/ws/releases/tag/8.2.3) (no change)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.