Bump socket.io-parser, socket.io-client, karma and browser-sync

[dependabot[bot]]

Bumps socket.io-parser to 4.2.1 and updates ancestor dependencies socket.io-parser, socket.io-client, karma and browser-sync. These dependencies need to be updated together.

Updates socket.io-parser from 2.3.1 to 4.2.1

Release notes

Sourced from socket.io-parser's releases.

4.2.1

Bug Fixes

• check the format of the index of each attachment (b5d0cb7)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.2.0...4.2.1

4.2.0

Features

• allow the usage of custom replacer and reviver (#112) (b08bc1a)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.1.2...4.2.0

4.1.2

Bug Fixes

• allow objects with a null prototype in binary packets (#114) (7f6b262)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2

4.1.1

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.1.0...4.1.1

4.1.0

Features

• provide an ESM build with and without debug (388c616)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.0.4...4.1.0

4.0.5

Bug Fixes

• check the format of the index of each attachment (b559f05)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.0.4...4.0.5

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.1 (2022-06-27)

Bug Fixes

• check the format of the index of each attachment (b5d0cb7)

4.2.0 (2022-04-17)

Features

• allow the usage of custom replacer and reviver (#112) (b08bc1a)

4.1.2 (2022-02-17)

Bug Fixes

• allow objects with a null prototype in binary packets (#114) (7f6b262)

4.1.1 (2021-10-14)

4.1.0 (2021-10-11)

Features

• provide an ESM build with and without debug (388c616)

4.0.4 (2021-01-15)

Bug Fixes

• allow integers as event names (1c220dd)

4.0.3 (2021-01-05)

4.0.2 (2020-11-25)

... (truncated)

Commits

• 5a2ccff chore(release): 4.2.1
• b5d0cb7 fix: check the format of the index of each attachment
• c7514b5 chore(release): 4.2.0
• 931f152 chore: add Node.js 16 in the test matrix
• 6c9cb27 chore: bump @​socket.io/component-emitter to version 3.1.0
• b08bc1a feat: allow the usage of custom replacer and reviver (#112)
• aed252c chore(release): 4.1.2
• 89209fa chore: bump cached-path-relative from 1.0.2 to 1.1.0 (#113)
• 0a3b556 chore: bump path-parse from 1.0.6 to 1.0.7 (#108)
• 7f6b262 fix: allow objects with a null prototype in binary packets (#114)
• Additional commits viewable in compare view

Updates socket.io-client from 1.7.4 to 4.5.3

Release notes

Sourced from socket.io-client's releases.

4.5.3

Bug Fixes

• do not swallow user exceptions (2403b88)

Links:

• Diff: https://github.com/socketio/socket.io-client/compare/4.5.2...4.5.3
• Server release: 4.5.3
• engine.io-client version: ~6.2.1
• ws version: ~8.2.3

Size of the bundles:

	min	min+gzip
socket.io.min.js	42.6 KB (-)	13.6 KB (-)
socket.io.msgpack.min.js	47.7 KB (-)	14.6 KB (-)
socket.io.esm.min.js	34.5 KB (-)	11.5 KB (-)

4.5.2

Bug Fixes

• handle ill-formatted packet from server (c597023)

Links:

• Diff: https://github.com/socketio/socket.io-client/compare/4.5.1...4.5.2
• Server release: 4.5.2
• engine.io-client version: ~6.2.1 (diff)
• ws version: ~8.2.3

Size of the bundles:

	min	min+gzip
socket.io.min.js	42.6 KB (-)	13.6 KB (-)
socket.io.msgpack.min.js	47.7 KB (-)	14.6 KB (-)
socket.io.esm.min.js	34.5 KB (-)	11.5 KB (-)

4.5.1

There were some minor bug fixes on the server side, which mandate a client bump.

Links:

• Diff: https://github.com/socketio/socket.io-client/compare/4.5.0...4.5.1
• Server release: 4.5.1
• engine.io-client version: ~6.2.1 (diff)
• ws version: ~8.2.3

... (truncated)

Changelog

Sourced from socket.io-client's changelog.

4.5.3 (2022-10-15)

Bug Fixes

• do not swallow user exceptions (2403b88)

4.5.2 (2022-09-02)

Bug Fixes

• handle ill-formatted packet from server (c597023)

4.5.1 (2022-05-17)

There were some minor bug fixes on the server side, which mandate a client bump.

4.5.0 (2022-04-23)

Features

• add details to the disconnect event (b862924)

The "disconnect" event will now include additional details to help debugging if anything has gone wrong.

Example when a payload is over the maxHttpBufferSize value in HTTP long-polling mode:

socket.on("disconnect", (reason, details) => {
  console.log(reason); // "transport error"
// in that case, details is an error object
console.log(details.message); "xhr post error"
console.log(details.description); // 413 (the HTTP status of the response)
// details.context refers to the XMLHttpRequest object
console.log(details.context.status); // 413
console.log(details.context.responseText); // ""
});

• add support for catch-all listeners for outgoing packets (74e3e60)

... (truncated)

Commits

• 2eca8da chore(release): 4.5.3
• 7c05688 docs: add jsdoc for each public method
• 2403b88 fix: do not swallow user exceptions
• 1098618 ci: temporarily remove iOS 16 from the test matrix
• 2d70813 chore(release): 4.5.2
• c597023 fix: handle ill-formatted packet from server
• 8c659bc chore: regenerate lockfile
• f0350a0 chore(release): 4.5.1
• abdba07 chore(release): 4.5.0
• faf68a5 chore: update default label for bug reports
• Additional commits viewable in compare view

Updates karma from 2.0.0 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits

• 0013121 chore(release): 6.4.1 [skip ci]
• 63d86be fix: pass integrity value
• 84f7cc3 chore(release): 6.4.0 [skip ci]
• f2d0663 docs: add integrity parameter
• dc51a2e feat: support SRI verification of link tags
• 6a54b1c feat: support SRI verification of script tags
• 5e71cf5 chore(release): 6.3.20 [skip ci]
• e17698f fix: prefer IPv4 addresses when resolving domains
• 60f4f79 build: add Node 16 and 18 to the CI matrix
• 6ff5aaf chore(release): 6.3.19 [skip ci]
• Additional commits viewable in compare view

Updates browser-sync from 2.24.1 to 2.27.10

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

• fix(cli): Where's the command help? fixes #1929 by @​shakyShane in BrowserSync/browser-sync#1945

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

• https://github.com/BrowserSync/browser-sync/commit/58ab4ab861d7c50b4349f25bdd4c7f8871d0ad32

Resolved Issues:

• BrowserSync/browser-sync#1850
• BrowserSync/browser-sync#1892
• BrowserSync/browser-sync#1925
• BrowserSync/browser-sync#1926
• BrowserSync/browser-sync#1933

Thanks to @​lachieh for the original PR, which helped me land this fix

added snippet: boolean option

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

... (truncated)

Commits

• f6965a6 v2.27.10
• e6c7bed Updated portscanner to 2.2.0 (#1960)
• 6a587ec fix readme's
• 91258ae Merge branch 'browser-sync-1946-esbuild'
• f48d6b4 👋 app veyor
• 30c24dc Merge pull request #1947
• 9d24de5 drop webpack from UI
• 7a00341 build client with esbuild
• c30868a v2.27.9
• 9b5fcdc fix(cli): Where's the command help? fixes #1929 (#1945)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ministryofjustice/cla_frontend/network/alerts).

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.