Skip to content
New issue

Have a question about this project?Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to ourterms of serviceand privacy statement.We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump engine.io and gatsby in /docs #3897

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump engine.io and gatsby in /docs #3897

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf ofgithub Jun 10, 2023
edited
Loading

Bumpsengine.ioto 6.4.2 and updates ancestor dependencygatsby.These dependencies need to be updated together.

Updatesengine.iofrom 6.2.1 to 6.4.2

Release notes

Sourced fromengine.io's releases.

6.4.2

⚠️This release contains an important security fix⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings:make clientsCount public (#675) (bd6d471)
  • uws:prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to@​tyiloand@​cieldevillefor helping!

Links

6.4.1

This release contains6e78489,which exports theBaseServerclass in order to restore the compatibility with thenodenextmodule resolution strategy of TypeScript.

Reference:https://www.typescriptlang.org/tsconfig/#moduleResolution

Related:socketio/socket.io#4621

Links

6.4.0

Features

  • add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

... (truncated)

Changelog

Sourced fromengine.io's changelog.

6.4.2(2023-05-02)

⚠️This release contains an important security fix⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings:make clientsCount public (#675) (bd6d471)
  • uws:prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to@​tyiloand@​cieldevillefor helping!

Dependencies

6.4.1(2023-02-20)

This release contains6e78489,which exports theBaseServerclass in order to restore the compatibility with thenodenextmodule resolution strategy of TypeScript.

Reference:https://www.typescriptlang.org/tsconfig/#moduleResolution

Related:socketio/socket.io#4621

Dependencies

6.4.0(2023-02-06)

... (truncated)

Commits
  • 95e2153chore(release): 6.4.2
  • fc480b4fix: prevent crash when provided with an invalid query param
  • 0141951refactor(types): ensure compatibility with Express middlewares
  • 8b22162fix(uws): prevent crash when using with middlewares
  • 9395782fix: include error handling for Express middlewares (#674)
  • 911d0e3refactor: return HTTP 400 upon invalid request overlap
  • bd6d471fix(typings): make clientsCount public (#675)
  • 7033c0echore(release): 6.4.1
  • 6e78489refactor: export BaseServer class (#669)
  • 535b068docs: add upgrade event in the documentation
  • Additional commits viewable incompare view

Updatesgatsbyfrom 4.25.7 to 5.10.0

Release notes

Sourced fromgatsby's releases.

v5.10.0

Welcome to[email protected]release (May 2023 #1)

This release focused on bug fixes and perf improvements. Check outnotable bugfixes and improvements.

Bleeding Edge:Want to try new features as soon as possible? Installgatsby@nextand let us know if you have anyissues.

Previous release notes

Full changelog

v5.9.0

Welcome to[email protected]release (April 2023 #1)

Key highlights of this release:

Bleeding Edge:Want to try new features as soon as possible? Installgatsby@nextand let us know if you have anyissues.

Previous release notes

Full changelog

v5.7.0

Welcome to[email protected]release (February 2023 #2)

This release focused on bug fixes and perf improvements. Check outnotable bugfixes and improvements.

Bleeding Edge:Want to try new features as soon as possible? Installgatsby@nextand let us know if you have anyissues.

Previous release notes

Full changelog

v5.6.0

Welcome to[email protected]release (February 2023 #1)

Key highlights of this release:

Bleeding Edge:Want to try new features as soon as possible? Installgatsby@nextand let us know if you have anyissues.

Previous release notes

Full changelog

... (truncated)

Commits

You can trigger a rebase of this PR by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebasewill rebase this PR
  • @dependabot recreatewill recreate this PR, overwriting any edits that have been made to it
  • @dependabot mergewill merge this PR after your CI passes on it
  • @dependabot squash and mergewill squash and merge this PR after your CI passes on it
  • @dependabot cancel mergewill cancel a previously requested merge and block automerging
  • @dependabot reopenwill reopen this PR if it is closed
  • @dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from theSecurity Alerts page.
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps): bump engine.io and gatsby in /docs
3445137 
Bumps [engine.io](https://github.com/socketio/engine.io) to 6.4.2 and updates ancestor dependency [gatsby](https://github.com/gatsbyjs/gatsby). These dependencies need to be updated together.


Updates `engine.io` from 6.2.1 to 6.4.2
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@6.2.1...6.4.2)

Updates `gatsby` from 4.25.7 to 5.10.0
- [Release notes](https://github.com/gatsbyjs/gatsby/releases)
- [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gatsbyjs/gatsby/compare/[email protected]@5.10.0)

---
updated-dependencies:
- dependency-name: engine.io
dependency-type: indirect
- dependency-name: gatsby
dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Relates to an upstream dependency javascript PR that update Javascript code labels Jun 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Relates to an upstream dependency javascript PR that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants