search

luismayta / landslide-theme

Landslide Theme
GNU Lesser General Public License v3.0
2 stars 0 forks source link

ci(deps): Update dependency socket.io to v2 [SECURITY] #13

Open renovate[bot] opened 3 years ago

renovate[bot] commented 3 years ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
socket.io ~1.3.7 -> ~2.5.1 age adoption passing confidence
socket.io ~1.7.4 -> ~2.5.1 age adoption passing confidence

:warning: MAJOR MAJOR MAJOR :warning:

GitHub Vulnerability Alerts

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CVE-2024-38355

Impact

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

node:events:502
    throw err; // Unhandled 'error' event
    ^

Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined)
    at new NodeError (node:internal/errors:405:5)
    at Socket.emit (node:events:500:17)
    at /myapp/node_modules/socket.io/lib/socket.js:531:14
    at process.processTicksAndRejections (node:internal/process/task_queues:77:11) {
  code: 'ERR_UNHANDLED_ERROR',
  context: undefined
}

Affected versions

Version range Needs minor update?
4.6.2...latest Nothing to do
3.0.0...4.6.1 Please upgrade to socket.io@4.6.2 (at least)
2.3.0...2.5.0 Please upgrade to socket.io@2.5.1

Patches

This issue is fixed by https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115, included in socket.io@4.6.2 (released in May 2023).

The fix was backported in the 2.x branch today: https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

Workarounds

As a workaround for the affected versions of the socket.io package, you can attach a listener for the "error" event:

io.on("connection", (socket) => {
  socket.on("error", () => {
    // ...
  });
});

For more information

If you have any questions or comments about this advisory:

Thanks a lot to Paul Taylor for the responsible disclosure.

References

Release Notes

socketio/socket.io (socket.io) ### [`v2.5.1`](https://togithub.com/socketio/socket.io/releases/tag/2.5.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.5.0...2.5.1) ##### Bug Fixes - add a noop handler for the error event ([d30630b](https://togithub.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/2.5.0...2.5.1 - Client release: `-` - engine.io version: `~3.6.0` (no change) - ws version: `~7.5.10` ### [`v2.5.0`](https://togithub.com/socketio/socket.io/releases/tag/2.5.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.4.1...2.5.0) :warning: WARNING :warning: The default value of the `maxHttpBufferSize` option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service. Security advisory: https://github.com/advisories/GHSA-j4f2-536g-r55m ##### Bug Fixes - fix race condition in dynamic namespaces ([05e1278](https://togithub.com/socketio/socket.io/commit/05e1278cfa99f3ecf3f8f0531ffe57d850e9a05b)) - ignore packet received after disconnection ([22d4bdf](https://togithub.com/socketio/socket.io/commit/22d4bdf00d1a03885dc0171125faddfaef730066)) - only set 'connected' to true after middleware execution ([226cc16](https://togithub.com/socketio/socket.io/commit/226cc16165f9fe60f16ff4d295fb91c8971cde35)) - prevent the socket from joining a room after disconnection ([f223178](https://togithub.com/socketio/socket.io/commit/f223178eb655a7713303b21a78f9ef9e161d6458)) ##### Links: - Diff: https://github.com/socketio/socket.io/compare/2.4.1...2.5.0 - Client release: [2.5.0](https://togithub.com/socketio/socket.io-client/releases/tag/2.5.0) - engine.io version: `~3.6.0` ([diff](https://togithub.com/socketio/engine.io/compare/3.5.0...3.6.0)) - ws version: `~7.4.2` ### [`v2.4.1`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#241-2021-01-07) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.4.0...2.4.1) ##### Reverts - fix(security): do not allow all origins by default ([a169050](https://togithub.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0)) ### [`v2.4.0`](https://togithub.com/socketio/socket.io/releases/tag/2.4.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.3.0...2.4.0) Related blog post: https://socket.io/blog/socket-io-2-4-0/ ##### Features (from Engine.IO) - add support for all cookie options ([19cc582](https://togithub.com/socketio/engine.io/commit/19cc58264a06dca47ed401fbaca32dcdb80a903b)) - disable perMessageDeflate by default ([5ad2736](https://togithub.com/socketio/engine.io/commit/5ad273601eb66c7b318542f87026837bf9dddd21)) ##### Bug Fixes - **security:** do not allow all origins by default ([f78a575](https://togithub.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7)) - properly overwrite the query sent in the handshake ([d33a619](https://togithub.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e)) :warning: **BREAKING CHANGE** :warning: Previously, CORS was enabled by default, which meant that a Socket.IO server sent the necessary CORS headers (`Access-Control-Allow-xxx`) to **any** domain. This will not be the case anymore, and you now have to explicitly enable it. Please note that you are not impacted if: - you are using Socket.IO v2 and the `origins` option to restrict the list of allowed domains - you are using Socket.IO v3 (disabled by default) This commit also removes the support for '\*' matchers and protocol-less URL: io.origins('https://example.com:443'); => io.origins(['https://example.com']); io.origins('localhost:3000'); => io.origins(['http://localhost:3000']); io.origins('http://localhost:*'); => io.origins(['http://localhost:3000']); io.origins('*:3000'); => io.origins(['http://localhost:3000']); To restore the previous behavior (please use with caution): ```js io.origins((_, callback) => { callback(null, true); }); ``` See also: - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - https://socket.io/docs/v3/handling-cors/ - https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#CORS-handling Thanks a lot to [@​ni8walk3r](https://togithub.com/ni8walk3r) for the security report. ##### Links: - Milestone: [2.4.0](https://togithub.com/socketio/socket.io/milestone/22) - Diff: https://github.com/socketio/socket.io/compare/2.3.0...2.4.0 - Client release: [2.4.0](https://togithub.com/socketio/socket.io-client/releases/tag/2.4.0) - engine.io version: `~3.5.0` - ws version: `~7.4.2` ### [`v2.3.0`](https://togithub.com/socketio/socket.io/releases/tag/2.3.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.2.0...2.3.0) This release mainly contains a bump of the `engine.io` and `ws` packages, but no additional features. ##### Links: - Milestone: [2.3.0](https://togithub.com/socketio/socket.io/milestone/18) - Diff: https://github.com/socketio/socket.io/compare/2.2.0...2.3.0 - Client release: [2.3.0](https://togithub.com/socketio/socket.io-client/releases/tag/2.3.0) - engine.io version: `~3.4.0` (diff: https://github.com/socketio/engine.io/compare/3.3.1...3.4.2) - ws version: `^7.1.2` (diff: https://github.com/websockets/ws/compare/6.1.2...7.3.1) ### [`v2.2.0`](https://togithub.com/socketio/socket.io/releases/tag/2.2.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.1.1...2.2.0) #### Features - add cache-control header when serving the client source ([#​2907](https://togithub.com/socketio/socket.io/issues/2907)) #### Bug fixes - throw an error when trying to access the clients of a dynamic namespace ([#​3355](https://togithub.com/socketio/socket.io/issues/3355)) ##### Links - Milestone: [2.2.0](https://togithub.com/socketio/socket.io/milestone/17) - Diff: https://github.com/socketio/socket.io/compare/2.1.1...2.2.0 - Client release: [2.2.0](https://togithub.com/socketio/socket.io-client/releases/tag/2.2.0) - engine.io version: `~3.3.1` (diff: https://github.com/socketio/engine.io/compare/3.2.0...3.3.1) - ws version: `~6.1.0` (diff: https://github.com/websockets/ws/compare/3.3.1...6.1.2) ### [`v2.1.1`](https://togithub.com/socketio/socket.io/releases/tag/2.1.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.1.0...2.1.1) #### Features - add local flag to the socket object ([https://github.com/socketio/socket.io/pull/3219](https://togithub.com/socketio/socket.io/pull/3219)) ```js socket.local.to('room101').emit(/* */); ``` #### Bug fixes **(client)** fire an error event on middleware failure for non-root namespace ([https://github.com/socketio/socket.io-client/pull/1202](https://togithub.com/socketio/socket.io-client/pull/1202)) ##### Links: - Milestone: [2.1.1](https://togithub.com/socketio/socket.io/milestone/16) - Diff: https://github.com/socketio/socket.io/compare/2.1.0...2.1.1 - Client release: [2.1.1](https://togithub.com/socketio/socket.io-client/releases/tag/2.1.1) - engine.io version: `~3.2.0` - ws version: `~3.3.1` ### [`v2.1.0`](https://togithub.com/socketio/socket.io/releases/tag/2.1.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.0.4...2.1.0) #### Features - add a 'binary' flag ([#​3185](https://togithub.com/socketio/socket.io/issues/3185)) ```js // by default, the object is recursively scanned to check whether it contains some binary data // in the following example, the check is skipped in order to improve performance socket.binary(false).emit('plain-object', object); // it also works at the namespace level io.binary(false).emit('plain-object', object); ``` - add support for dynamic namespaces ([#​3195](https://togithub.com/socketio/socket.io/issues/3195)) ```js io.of(/^\/dynamic-\d+$/).on('connect', (socket) => { // socket.nsp.name = '/dynamic-101' }); // client-side const client = require('socket.io-client')('/dynamic-101'); ``` #### Bug fixes - properly emit 'connect' when using a custom namespace ([#​3197](https://togithub.com/socketio/socket.io/issues/3197)) - include the protocol in the origins check ([#​3198](https://togithub.com/socketio/socket.io/issues/3198)) #### Important note :warning: from Engine.IO [3.2.0 release](https://togithub.com/socketio/engine.io/releases/tag/3.2.0) There are two non-breaking changes that are somehow quite important: - `ws` was reverted as the default wsEngine ([https://github.com/socketio/engine.io/pull/550](https://togithub.com/socketio/engine.io/pull/550)), as there was several blocking issues with `uws`. You can still use `uws` by running `npm install uws --save` in your project and using the `wsEngine` option: ```js var engine = require('engine.io'); var server = engine.listen(3000, { wsEngine: 'uws' }); ``` - `pingTimeout` now defaults to 5 seconds (instead of 60 seconds): [https://github.com/socketio/engine.io/pull/551](https://togithub.com/socketio/engine.io/pull/551) ##### Links: - Milestone: [2.1.0](https://togithub.com/socketio/socket.io/milestone/14) - Diff: https://github.com/socketio/socket.io/compare/2.0.4...2.1.0 - Client release: [2.1.0](https://togithub.com/socketio/socket.io-client/releases/tag/2.1.0) - engine.io version: `~3.2.0` (diff: https://github.com/socketio/engine.io/compare/3.1.0...3.2.0) - ws version: `~3.3.1` (diff: https://github.com/websockets/ws/compare/2.3.1...3.3.1) ### [`v2.0.4`](https://togithub.com/socketio/socket.io/releases/tag/2.0.4) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.0.3...2.0.4) #### Bug fixes - do not throw when receiving an unhandled error packet ([#​3038](https://togithub.com/socketio/socket.io/issues/3038)) - reset rooms object before broadcasting from namespace ([#​3039](https://togithub.com/socketio/socket.io/issues/3039)) ##### Links: - Milestone: [2.0.4](https://togithub.com/socketio/socket.io/milestone/13) - Diff: [2.0.3...2.0.4](https://togithub.com/socketio/socket.io/compare/2.0.3...2.0.4) - Client release: [2.0.4](https://togithub.com/socketio/socket.io-client/releases/tag/2.0.4) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.3`](https://togithub.com/socketio/socket.io/releases/tag/2.0.3) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.0.2...2.0.3) #### Bug fixes - reset rooms object before broadcasting ([#​2970](https://togithub.com/socketio/socket.io/issues/2970)) - fix middleware initialization ([#​2969](https://togithub.com/socketio/socket.io/issues/2969)) ##### Links: - Milestone: [2.0.3](https://togithub.com/socketio/socket.io/milestone/12) - Diff: [2.0.2...2.0.3](https://togithub.com/socketio/socket.io/compare/2.0.2...2.0.3) - Client release: [2.0.3](https://togithub.com/socketio/socket.io-client/releases/tag/2.0.3) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.2`](https://togithub.com/socketio/socket.io/releases/tag/2.0.2) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.0.1...2.0.2) #### Bug fixes - fix timing issues with middleware ([#​2948](https://togithub.com/socketio/socket.io/issues/2948)) ##### Links: - Milestone: [2.0.2](https://togithub.com/socketio/socket.io/milestone/11) - Diff: [2.0.1...2.0.2](https://togithub.com/socketio/socket.io/compare/2.0.1...2.0.2) - Client release: [2.0.2](https://togithub.com/socketio/socket.io-client/releases/tag/2.0.2) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.1`](https://togithub.com/socketio/socket.io/releases/tag/2.0.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.0.0...2.0.1) #### Bug fixes \- update path of client file ([#​2934](https://togithub.com/socketio/socket.io/issues/2934)) ##### Links: - Milestone: [2.0.1](https://togithub.com/socketio/socket.io/milestone/9) - Diff: [2.0.0...2.0.1](https://togithub.com/socketio/socket.io/compare/2.0.0...2.0.1) - Client release: [2.0.1](https://togithub.com/socketio/socket.io-client/releases/tag/2.0.1) - Diff `engine.io`: - - Diff `ws`: - ### [`v2.0.0`](https://togithub.com/socketio/socket.io/releases/tag/2.0.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.7.4...2.0.0) This major release brings several performance improvements: - [uws](https://togithub.com/uWebSockets/uWebSockets) is now the default Websocket engine. It should bring significant improvement in performance (particularly in terms of memory consumption) (https://github.com/socketio/engine.io/releases/tag/2.0.0) - the Engine.IO and Socket.IO handshake packets were merged, reducing the number of roundtrips necessary to establish a connection. ([#​2833](https://togithub.com/socketio/socket.io/issues/2833)) - it is now possible to provide a custom parser according to the needs of your application ([#​2829](https://togithub.com/socketio/socket.io/issues/2829)). Please take a look at the [example](https://togithub.com/socketio/socket.io/tree/master/examples/custom-parsers) for more information. Please note that this release is not backward-compatible, due to: - a breaking change related to utf-8 encoding in engine.io-parser ([https://github.com/socketio/engine.io-parser/pull/81](https://togithub.com/socketio/engine.io-parser/pull/81)) - an update to make the socket id on the client match the id on the server-side ([https://github.com/socketio/socket.io-client/pull/1058](https://togithub.com/socketio/socket.io-client/pull/1058)) Please also note that if you are using a self-signed certificate, `rejectUnauthorized` now defaults to `true` ([https://github.com/socketio/engine.io-client/pull/558](https://togithub.com/socketio/engine.io-client/pull/558)). Finally, the API documentation is now in the repository ([here](https://togithub.com/socketio/socket.io/blob/master/docs/API.md)), and the content of the website [here](https://togithub.com/socketio/socket.io-website). Do not hesitate if you see something wrong or missing! The full list of changes: - \[feat] Move binary detection to the parser ([#​2923](https://togithub.com/socketio/socket.io/issues/2923)) - \[feat] Allow to join several rooms at once ([#​2879](https://togithub.com/socketio/socket.io/issues/2879)) - \[feat] Merge Engine.IO and Socket.IO handshake packets ([#​2833](https://togithub.com/socketio/socket.io/issues/2833)) - \[feat] Allow the use of custom parsers ([#​2829](https://togithub.com/socketio/socket.io/issues/2829)) - \[fix] Use path.resolve by default and require.resolve as a fallback ([#​2797](https://togithub.com/socketio/socket.io/issues/2797)) (by [@​a-lucas](https://togithub.com/a-lucas)) - \[fix] Properly close the connection on error ([#​2681](https://togithub.com/socketio/socket.io/issues/2681)) (by [@​Nibbler999](https://togithub.com/Nibbler999)) - \[fix] Prevent null from being accepted as argument ([#​2606](https://togithub.com/socketio/socket.io/issues/2606)) (by [@​ianbrode](https://togithub.com/ianbrode)) - \[perf] Use shared instance of the encoder ([#​2825](https://togithub.com/socketio/socket.io/issues/2825)) (by [@​Nibbler999](https://togithub.com/Nibbler999)) - \[perf] Reset properties instead of deleting them ([#​2826](https://togithub.com/socketio/socket.io/issues/2826)) (by [@​Nibbler999](https://togithub.com/Nibbler999)) - \[perf] micro-optimisations ([#​2793](https://togithub.com/socketio/socket.io/issues/2793)) (by [@​billouboq](https://togithub.com/billouboq)) - \[chore] Merge history of 1.7.x and 0.9.x branches ([#​2930](https://togithub.com/socketio/socket.io/issues/2930)) - \[chore] Added backers and sponsors on the README ([#​2933](https://togithub.com/socketio/socket.io/issues/2933)) (by [@​xdamman](https://togithub.com/xdamman)) - \[chore] Bump dependencies ([#​2926](https://togithub.com/socketio/socket.io/issues/2926)) - \[chore] Bump socket.io-adapter to version 1.0.0 ([#​2867](https://togithub.com/socketio/socket.io/issues/2867)) - \[chore] Bump engine.io to version 2.0.2 ([#​2864](https://togithub.com/socketio/socket.io/issues/2864)) - \[chore] Bump engine.io to version 2.0.0 ([#​2832](https://togithub.com/socketio/socket.io/issues/2832)) (by [@​sgress454](https://togithub.com/sgress454)) - \[chore] Update issue template with fiddle ([#​2811](https://togithub.com/socketio/socket.io/issues/2811)) - \[chore] Update copyright year LICENSE to 2017 ([#​2803](https://togithub.com/socketio/socket.io/issues/2803)) (by [@​isabellatea](https://togithub.com/isabellatea)) - \[docs] Add an example of custom parser ([#​2929](https://togithub.com/socketio/socket.io/issues/2929)) - \[docs] Replace non-breaking space with proper whitespace ([#​2913](https://togithub.com/socketio/socket.io/issues/2913)) (by [@​epicTCK](https://togithub.com/epicTCK)) - \[docs] Update emit cheatsheet ([#​2906](https://togithub.com/socketio/socket.io/issues/2906)) (by [@​FarazPatankar](https://togithub.com/FarazPatankar)) - \[docs] Explicitly document that Server extends EventEmitter ([#​2874](https://togithub.com/socketio/socket.io/issues/2874)) (by [@​i8-pi](https://togithub.com/i8-pi)) - \[docs] Add server.engine.generateId attribute ([#​2880](https://togithub.com/socketio/socket.io/issues/2880)) (by [@​efkan](https://togithub.com/efkan)) - \[docs] Fix wrong space character in README ([#​2900](https://togithub.com/socketio/socket.io/issues/2900)) (by [@​SimenB](https://togithub.com/SimenB)) - \[docs] Fix documentation for 'connect' event ([#​2898](https://togithub.com/socketio/socket.io/issues/2898)) (by [@​swhgoon](https://togithub.com/swhgoon)) - \[docs] Add webpack build example ([#​2828](https://togithub.com/socketio/socket.io/issues/2828)) - \[docs] Update the wording to match the code example ([#​2853](https://togithub.com/socketio/socket.io/issues/2853)) (by [@​timruffles](https://togithub.com/timruffles)) - \[docs] Small addition to the Express Readme Part ([#​2846](https://togithub.com/socketio/socket.io/issues/2846)) (by [@​H3rby7](https://togithub.com/H3rby7)) - \[docs] Add a 'Features' section in the README ([#​2824](https://togithub.com/socketio/socket.io/issues/2824)) - \[docs] Add httpd cluster example ([#​2819](https://togithub.com/socketio/socket.io/issues/2819)) - \[docs] Add haproxy cluster example ([#​2818](https://togithub.com/socketio/socket.io/issues/2818)) - \[docs] Add nginx cluster example ([#​2817](https://togithub.com/socketio/socket.io/issues/2817)) - \[docs] Implement whiteboard example ([#​2810](https://togithub.com/socketio/socket.io/issues/2810)) - \[docs] Fix documentation for `local` flag ([#​2816](https://togithub.com/socketio/socket.io/issues/2816)) - \[docs] Add emit cheatsheet ([#​2815](https://togithub.com/socketio/socket.io/issues/2815)) - \[docs] Add pingInterval/pingTimeout/transports options in the API documentation ([#​2814](https://togithub.com/socketio/socket.io/issues/2814)) - \[docs] Add an example for socket.join() method ([#​2813](https://togithub.com/socketio/socket.io/issues/2813)) - \[docs] Fix a typo on `clients` method in the API documentation ([#​2812](https://togithub.com/socketio/socket.io/issues/2812)) - \[docs] Fix wrong argument name in API.md ([#​2802](https://togithub.com/socketio/socket.io/issues/2802)) (by [@​andrea11](https://togithub.com/andrea11)) - \[docs] Add install script on Readme.md ([#​2780](https://togithub.com/socketio/socket.io/issues/2780)) (by [@​bananaappletw](https://togithub.com/bananaappletw)) - \[docs] API documentation ([#​2784](https://togithub.com/socketio/socket.io/issues/2784)) Besides, we are proud to announce that Socket.IO is now a part of open collective: https://opencollective.com/socketio. More on that later. ### [`v1.7.4`](https://togithub.com/socketio/socket.io/releases/tag/1.7.4) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.7.3...1.7.4) - \[chore] Bump engine.io to version 1.8.4 ### [`v1.7.3`](https://togithub.com/socketio/socket.io/releases/tag/1.7.3) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.7.2...1.7.3) - \[chore] Bump engine.io-client to version 1.8.3 ### [`v1.7.2`](https://togithub.com/socketio/socket.io/releases/tag/1.7.2) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.7.1...1.7.2) - \[chore] Bump engine.io to version 1.8.2 ([#​2782](https://togithub.com/socketio/socket.io/issues/2782)) - \[fix] Fixes socket.use error packet ([#​2772](https://togithub.com/socketio/socket.io/issues/2772)) ### [`v1.7.1`](https://togithub.com/socketio/socket.io/releases/tag/1.7.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.7.0...1.7.1) (following `socket.io-client` update) ### [`v1.7.0`](https://togithub.com/socketio/socket.io/releases/tag/1.7.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.6.0...1.7.0) - \[docs] Comment connected socket availability for adapters ([#​2081](https://togithub.com/socketio/socket.io/issues/2081)) - \[docs] Fixed grammar issues in the README.md ([#​2159](https://togithub.com/socketio/socket.io/issues/2159)) - \[feature] serve sourcemap for socket.io-client ([#​2482](https://togithub.com/socketio/socket.io/issues/2482)) - \[feature] Add a `local` flag ([#​2628](https://togithub.com/socketio/socket.io/issues/2628)) - \[chore] Bump engine.io to version 1.8.1 ([#​2765](https://togithub.com/socketio/socket.io/issues/2765)) - \[chore] Update client location and serve minified file ([#​2766](https://togithub.com/socketio/socket.io/issues/2766)) ### [`v1.6.0`](https://togithub.com/socketio/socket.io/releases/tag/1.6.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.5.1...1.6.0) - \[fix] Make ETag header comply with standard. ([#​2603](https://togithub.com/socketio/socket.io/issues/2603)) - \[feature] Loading client script on demand. ([#​2567](https://togithub.com/socketio/socket.io/issues/2567)) - \[test] Fix leaking clientSocket ([#​2721](https://togithub.com/socketio/socket.io/issues/2721)) - \[feature] Add support for all event emitter methods ([#​2601](https://togithub.com/socketio/socket.io/issues/2601)) - \[chore] Update year to 2016 ([#​2456](https://togithub.com/socketio/socket.io/issues/2456)) - \[feature] Add support for socket middleware ([#​2306](https://togithub.com/socketio/socket.io/issues/2306)) - \[feature] add support for Server#close(callback) ([#​2748](https://togithub.com/socketio/socket.io/issues/2748)) - \[fix] Don't drop query variables on handshake ([#​2745](https://togithub.com/socketio/socket.io/issues/2745)) - \[example] Add disconnection/reconnection logs to the chat example ([#​2675](https://togithub.com/socketio/socket.io/issues/2675)) - \[perf] Minor code optimizations ([#​2219](https://togithub.com/socketio/socket.io/issues/2219)) - \[chore] Bump debug to version 2.3.3 ([#​2754](https://togithub.com/socketio/socket.io/issues/2754)) - \[chore] Bump engine.io to version 1.8.0 ([#​2755](https://togithub.com/socketio/socket.io/issues/2755)) - \[chore] Bump socket.io-adapter to version 0.5.0 ([#​2756](https://togithub.com/socketio/socket.io/issues/2756)) ### [`v1.5.1`](https://togithub.com/socketio/socket.io/releases/tag/1.5.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.5.0...1.5.1) - \[fix] Avoid swallowing exceptions thrown by user event handlers ([#​2682](https://togithub.com/socketio/socket.io/issues/2682)) - \[test] Use client function to unify `client` in test script ([#​2731](https://togithub.com/socketio/socket.io/issues/2731)) - \[docs] Add link to LICENSE ([#​2221](https://togithub.com/socketio/socket.io/issues/2221)) - \[docs] Fix JSDoc of optional parameters ([#​2465](https://togithub.com/socketio/socket.io/issues/2465)) - \[docs] Fix typo ([#​2724](https://togithub.com/socketio/socket.io/issues/2724)) - \[docs] Link readme npm package badge to npm registry page ([#​2612](https://togithub.com/socketio/socket.io/issues/2612)) - \[docs] Minor fixes ([#​2526](https://togithub.com/socketio/socket.io/issues/2526)) - \[chore] Bump socket.io-parser to 2.3.0 ([#​2730](https://togithub.com/socketio/socket.io/issues/2730)) - \[chore] Add Github issue and PR templates ([#​2733](https://togithub.com/socketio/socket.io/issues/2733)) - \[chore] Bump engine.io to 1.7.2 ([#​2729](https://togithub.com/socketio/socket.io/issues/2729)) - \[chore] Bump socket.io-parser to 2.3.1 ([#​2734](https://togithub.com/socketio/socket.io/issues/2734)) ### [`v1.5.0`](https://togithub.com/socketio/socket.io/releases/tag/1.5.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.8...1.5.0) - \[feature] stop append /# before id when no namespace ([#​2509](https://togithub.com/socketio/socket.io/issues/2509)) - \[feature] Add a 'disconnecting' event to access to socket.rooms upon disconnection ([#​2332](https://togithub.com/socketio/socket.io/issues/2332)) - \[fix] Fix query string management ([#​2422](https://togithub.com/socketio/socket.io/issues/2422)) - \[fix] add quote to exec paths, prevent error when spaces in path ([#​2508](https://togithub.com/socketio/socket.io/issues/2508)) - \[docs] Prevent mixup for new programmers ([#​2599](https://togithub.com/socketio/socket.io/issues/2599)) - \[example] Fix chat display in Firefox ([#​2477](https://togithub.com/socketio/socket.io/issues/2477)) - \[chore] Add gulp & babel in the build process ([#​2471](https://togithub.com/socketio/socket.io/issues/2471)) - \[chore] Bump engine.io to 1.7.0 ([#​2707](https://togithub.com/socketio/socket.io/issues/2707)) - \[chore] Remove unused zuul-ngrok dependency ([#​2708](https://togithub.com/socketio/socket.io/issues/2708)) - \[chore] Point towards current master of socket.io-client ([#​2710](https://togithub.com/socketio/socket.io/issues/2710)) - \[chore] Restrict files included in npm package ([#​2709](https://togithub.com/socketio/socket.io/issues/2709)) - \[chore] Link build badge to master branch ([#​2549](https://togithub.com/socketio/socket.io/issues/2549)) ### [`v1.4.8`](https://togithub.com/socketio/socket.io/compare/1.4.7...1.4.8) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.7...1.4.8) ### [`v1.4.7`](https://togithub.com/socketio/socket.io/compare/1.4.6...1.4.7) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.6...1.4.7) ### [`v1.4.6`](https://togithub.com/socketio/socket.io/compare/1.4.5...1.4.6) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.5...1.4.6) ### [`v1.4.5`](https://togithub.com/socketio/socket.io/compare/1.4.4...1.4.5) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.4...1.4.5) ### [`v1.4.4`](https://togithub.com/socketio/socket.io/compare/1.4.3...1.4.4) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.3...1.4.4) ### [`v1.4.3`](https://togithub.com/socketio/socket.io/compare/1.4.2...1.4.3) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.2...1.4.3) ### [`v1.4.2`](https://togithub.com/socketio/socket.io/compare/1.4.1...1.4.2) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.1...1.4.2) ### [`v1.4.1`](https://togithub.com/socketio/socket.io/compare/1.4.0...1.4.1) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.4.0...1.4.1) ### [`v1.4.0`](https://togithub.com/socketio/socket.io/compare/1.3.7...1.4.0) [Compare Source](https://togithub.com/socketio/socket.io/compare/1.3.7...1.4.0)

Configuration

📅 Schedule: Branch creation - "" in timezone America/Lima, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR was generated by Mend Renovate. View the repository job log.