Bump engine.io and browser-sync

[dependabot[bot]]

Bumps engine.io to 6.4.0 and updates ancestor dependency browser-sync. These dependencies need to be updated together.

Updates engine.io from 3.5.0 to 6.4.0

Release notes

Sourced from engine.io's releases.

6.4.0

Features

• add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.

Syntax:

engine.use((req, res, next) => {
  // do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
engine.use(helmet());

Links

• Diff: https://github.com/socketio/engine.io/compare/6.3.1...6.4.0
• Client release: 6.4.0
• ws version: ~8.11.0 (no change)

6.3.1

Links

• Diff: https://github.com/socketio/engine.io/compare/6.3.0...6.3.1
• Client release: -
• ws version: ~8.11.0 (no change)

6.3.0

Bug Fixes

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.4.0 (2023-02-06)

Features

• add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

A workaround was possible by using the allowRequest option and the "headers" event, but this feels way cleaner and works with upgrade requests too.

Syntax:

engine.use((req, res, next) => {
  // do something
next();
});
// with express-session
import session from "express-session";
engine.use(session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));
// with helmet
import helmet from "helmet";
engine.use(helmet());

Dependencies

• ws@~8.11.0 (no change)

6.3.1 (2023-01-12)

Dependencies

• ws@~8.11.0 (no change)

... (truncated)

Commits

• 898bd1c chore(release): 6.4.0
• 6220d14 chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (#667)
• 24786e7 feat: add support for Express middlewares
• 4d6f454 chore(release): 6.3.1
• 69603b9 refactor: make the compress option optional
• ae1ea77 chore(release): 6.3.0
• a65a047 fix: wait for all packets to be sent before closing the WebSocket connection
• ed87609 fix: fix the ES module wrapper
• bc98bf1 refactor: bump prettier to version 2.8.1
• 33dc073 docs: add some TODOs for the next major release
• Additional commits viewable in compare view

Updates browser-sync from 2.27.5 to 2.27.11

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

• fix(cli): Where's the command help? fixes #1929 by @​shakyShane in BrowserSync/browser-sync#1945

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

• https://github.com/BrowserSync/browser-sync/commit/58ab4ab861d7c50b4349f25bdd4c7f8871d0ad32

Resolved Issues:

• BrowserSync/browser-sync#1850
• BrowserSync/browser-sync#1892
• BrowserSync/browser-sync#1925
• BrowserSync/browser-sync#1926
• BrowserSync/browser-sync#1933

Thanks to @​lachieh for the original PR, which helped me land this fix

2.26.0 -> 2.26.3

fixes

• application/wasm support - fixes #1598 d60cd916ff1c64a69fddaa5cd2ca1061f066266e
• deps - ensure previous users of browser-sync-client are not affected by new structure - fixes #1615 0a2ff5a25d9e5ca7df7b1ec63a235f76a220ada6
• npm audit fixes across all packages - fixes #1618 9f3fea4d0bef39b31c45e14cba669483f6e65448

Commits

• 01caeb3 v2.27.11
• 74873cc updated deps (#1995)
• 88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
• f6965a6 v2.27.10
• e6c7bed Updated portscanner to 2.2.0 (#1960)
• 6a587ec fix readme's
• 91258ae Merge branch 'browser-sync-1946-esbuild'
• f48d6b4 👋 app veyor
• 30c24dc Merge pull request #1947
• 9d24de5 drop webpack from UI
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/locomotivemtl/locomotive-boilerplate/network/alerts).

[cloudflare-pages[bot]]

Deploying with    Cloudflare Pages

Latest commit:	801b2f8
Status:	✅  Deploy successful!
Preview URL:	https://52b79fd2.locomotive-boilerplate.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-engi-6nek.locomotive-boilerplate.pages.dev

View logs

[mcaskill]

Resolved by 3fee6f4

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.