Bump engine.io and ember-cli

Bumps engine.io to 3.6.1 and updates ancestor dependency ember-cli. These dependencies need to be updated together.

Updates engine.io from 1.8.0 to 3.6.1

Release notes

3.6.1

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}
Please upgrade as soon as possible.

Bug Fixes

catch errors when destroying invalid upgrades (83c4071)

3.6.0

Bug Fixes

add extension in the package.json main entry (#608) (3ad0567)

do not reset the ping timer after upgrade (1f5d469)

Features

decrease the default value of maxHttpBufferSize (58e274c)

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

increase the default value of pingTimeout (f55a79a)

Links

Diff: https://github.com/socketio/engine.io/compare/3.5.0...3.6.0

Client release: -

... (truncated)

Changelog

Sourced from engine.io's changelog.

3.6.1 (2022-11-20)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}
Please upgrade as soon as possible.

Bug Fixes

catch errors when destroying invalid upgrades (83c4071)

6.2.1 (2022-11-20)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}
Please upgrade as soon as possible.

Bug Fixes

... (truncated)

Commits

67a3a87 chore(release): 3.6.1
83c4071 fix: catch errors when destroying invalid upgrades
f62f265 chore(release): 3.6.0
f55a79a feat: increase the default value of pingTimeout
1f5d469 fix: do not reset the ping timer after upgrade
3ad0567 fix: add extension in the package.json main entry (#608)
58e274c feat: decrease the default value of maxHttpBufferSize
b9dee7b chore(release): 3.5.0
19cc582 feat: add support for all cookie options
5ad2736 feat: disable perMessageDeflate by default
Additional commits viewable in compare view

Updates ember-cli from 2.16.2 to 2.18.2

Changelog

Sourced from ember-cli's changelog.

v2.18.2

The following changes are required if you are upgrading from the previous version:

Users

ember new diff

Upgrade your project's ember-cli version - docs

Addon Developers

ember addon diff

Core Contributors

No changes required

Community Contributions

#7569 mark "lib" folder as node style in eslint for apps @kellyselden

#7589 upgrade testem @stefanpenner

#7594 Install optional dependencies when creating a new project @tomdale

Thank you to all who took the time to contribute!

v2.18.1

The following changes are required if you are upgrading from the previous version:

Users

ember new diff

Upgrade your project's ember-cli version - docs

Addon Developers

ember addon diff

Core Contributors

No changes required

Community Contributions

#7566 testem: Use --no-sandbox on TravisCI @Turbo87

Thank you to all who took the time to contribute!

v2.18.0

The following changes are required if you are upgrading from the previous version:

Users

ember new diff

Upgrade your project's ember-cli version - docs

... (truncated)

Commits

ad9322d Release v2.18.2
dd1027d add-to-output-repos: Add set -e to fail fast
bebae07 Merge pull request #7594 from ember-cli/hotfix-optional-dependencies
4ebd110 [BACKPORT release] Install optional dependencies when creating a new project
d1131d8 Merge pull request #7589 from ember-cli/release-backport-testem
a0f4063 [BACKPORT release] upgrade testem
5038ff4 Merge pull request #7569 from kellyselden/eslint-lib
ff50de2 mark "lib" folder as node style in eslint for apps
3eec1c8 2.18.1
24aeacc Merge pull request #7566 from Turbo87/no-sandbox
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/draios/sysdig-inspect/network/alerts).