Update dependency socket.io to v4

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
socket.io (source)	dependencies	major	^3.1.0 → ^4.5.2

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
High	7.3	CVE-2023-32695
High	7.1	CVE-2022-41940

---

Release Notes

socketio/socket.io (socket.io)

v4.5.2

Compare Source

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

Links:

• Diff: socketio/socket.io@4.5.1...4.5.2
• Client release: 4.5.2
• engine.io version: ~6.2.0
• ws version: ~8.2.3

v4.5.1

Compare Source

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#​4351) (9b43c91)

Links:

• Diff: socketio/socket.io@4.5.0...4.5.1
• Client release: 4.5.1
• engine.io version: ~6.2.0
• ws version: ~8.2.3

v4.5.0

Compare Source

Bug Fixes

• typings: ensure compatibility with TypeScript 3.x (#​4259) (02c87a8)

Features

• add support for catch-all listeners for outgoing packets (531104d)

This is similar to onAny(), but for outgoing packets.

Syntax:

socket.onAnyOutgoing((event, ...args) => {
  console.log(event);
});

• broadcast and expect multiple acks (8b20457)

Syntax:

io.timeout(1000).emit("some-event", (err, responses) => {
  // ...
});

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize
value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as
we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

Links:

• Diff: socketio/socket.io@4.4.1...4.5.0
• Client release: 4.5.0
• engine.io version: ~6.2.0 (diff)
• ws version: ~8.2.3

v4.4.1

Compare Source

Bug Fixes

• types: make RemoteSocket.data type safe (#​4234) (770ee59)
• types: pass SocketData type to custom namespaces (#​4233) (f2b8de7)

Links:

• Diff: socketio/socket.io@4.4.0...4.4.1
• Client release: 4.4.1
• engine.io version: ~6.1.0 (diff)
• ws version: ~8.2.3

v4.4.0

Compare Source

Bug Fixes

• only set 'connected' to true after middleware execution (02b0f73)

Features

• add an implementation based on uWebSockets.js (c0d8c5a)

const { App } = require("uWebSockets.js");
const { Server } = require("socket.io");

const app = new App();
const io = new Server();

io.attachApp(app);

io.on("connection", (socket) => {
  // ...
});

app.listen(3000, (token) => {
  if (!token) {
    console.warn("port already in use");
  }
});

• add timeout feature (f0ed42f)

socket.timeout(5000).emit("my-event", (err) => {
  if (err) {
    // the client did not acknowledge the event in the given delay
  }
});

• add type information to socket.data (#​4159) (fe8730c)

interface SocketData {
  name: string;
  age: number;
}

const io = new Server<ClientToServerEvents, ServerToClientEvents, InterServerEvents, SocketData>();

io.on("connection", (socket) => {
  socket.data.name = "john";
  socket.data.age = 42;
});

Links:

• Diff: socketio/socket.io@4.3.2...4.4.0
• Client release: 4.4.0
• engine.io version: ~6.1.0 (diff)
• ws version: ~8.2.3

v4.3.2

Compare Source

Bug Fixes

• fix race condition in dynamic namespaces (#​4137) (9d86397)

Links:

• Diff: socketio/socket.io@4.3.1...4.3.2
• Client release: 4.3.2
• engine.io version: ~6.0.0
• ws version: ~8.2.3

v4.3.1

Compare Source

Bug Fixes

• fix server attachment (#​4127) (0ef2a4d)

Links:

• Diff: socketio/socket.io@4.3.0...4.3.1
• Client release: 4.3.1
• engine.io version: ~6.0.0
• ws version: ~8.2.3

v4.3.0

Compare Source

For this release, most of the work was done on the client side, see here.

Bug Fixes

• typings: add name field to cookie option (#​4099) (033c5d3)
• send volatile packets with binary attachments (dc81fcf)

Features

• serve ESM bundle (60edecb)

Links:

• Diff: socketio/socket.io@4.2.0...4.3.0
• Client release: 4.3.0
• engine.io version: ~6.0.0 (diff)
• ws version: ~8.2.3 (diff)

v4.2.0

Compare Source

Bug Fixes

• typings: allow async listener in typed events (ccfd8ca)

Features

• ignore the query string when serving client JavaScript (#​4024) (24fee27)

Links:

• Diff: socketio/socket.io@4.1.3...4.2.0
• Client release: 4.2.0
• engine.io version: ~5.2.0
• ws version: ~7.4.2

v4.1.3

Compare Source

Bug Fixes

• fix io.except() method (94e27cd)
• remove x-sourcemap header (a4dffc6)

Links:

• Diff: socketio/socket.io@4.1.2...4.1.3
• Client release: 4.1.3
• engine.io version: ~5.1.0
• ws version: ~7.4.2

v4.1.2

Compare Source

Bug Fixes

• typings: ensure compatibility with TypeScript 3.x (0cb6ac9)
• ensure compatibility with previous versions of the adapter (a2cf248)

Links:

• Diff: socketio/socket.io@4.1.1...4.1.2
• Client release: 4.1.2
• engine.io version: ~5.1.0
• ws version: ~7.4.2

v4.1.1

Compare Source

Bug Fixes

• typings: properly type server-side events (b84ed1e)
• typings: properly type the adapter attribute (891b187)

Links:

• Diff: socketio/socket.io@4.1.0...4.1.1
• Client release: 4.1.1
• engine.io version: ~5.1.0
• ws version: ~7.4.2

v4.1.0

Compare Source

Blog post: https://socket.io/blog/socket-io-4-1-0/

Features

• add support for inter-server communication (93cce05)
• notify upon namespace creation (499c892)
• add a "connection_error" event (7096e98, from engine.io)
• add the "initial_headers" and "headers" events (2527543, from engine.io)

Links:

• Diff: socketio/socket.io@4.0.2...4.1.0
• Client release: 4.1.0
• engine.io version: ~5.1.0
• ws version: ~7.4.2

v4.0.2

Compare Source

Bug Fixes

• typings: make "engine" attribute public (b81ce4c)
• properly export the Socket class (d65b6ee)

Links:

• Diff: socketio/socket.io@4.0.1...4.0.2
• Client release: 4.0.2
• engine.io version: ~5.0.0
• ws version: ~7.4.2

v4.0.1

Compare Source

Bug Fixes

• typings: add fallback to untyped event listener (#​3834) (a11152f)
• typings: update return type from emit (#​3843) (1a72ae4)

Links:

• Diff: socketio/socket.io@4.0.0...4.0.1
• Client release: 4.0.1
• engine.io version: ~5.0.0
• ws version: ~7.4.2

v4.0.0

Compare Source

Blog post: https://socket.io/blog/socket-io-4-release/
Migration guide: https://socket.io/docs/v3/migrating-from-3-x-to-4-0/

Bug Fixes

• make io.to(...) immutable (ac9e8ca)

Features

• add some utility methods (b25495c)
• add support for typed events (#​3822) (0107510)
• allow to exclude specific rooms when broadcasting (#​3789) (7de2e87)
• allow to pass an array to io.to(...) (085d1de)

BREAKING CHANGES

• io.to(...) now returns an immutable operator

Previously, broadcasting to a given room (by calling io.to()) would mutate the io instance, which could lead to surprising behaviors, like:

io.to("room1");
io.to("room2").emit(/* ... */); // also sent to room1

// or with async/await
io.to("room3").emit("details", await fetchDetails()); // random behavior: maybe in room3, maybe to all clients

Calling io.to() (or any other broadcast modifier) will now return an immutable instance.

Links:

• Diff: socketio/socket.io@3.1.2...4.0.0
• Client release: 4.0.0
• engine.io version: ~5.0.0
• ws version: ~7.4.2

v3.1.2

Compare Source

Bug Fixes

• ignore packets received after disconnection (494c64e)

Links:

• Diff: socketio/socket.io@3.1.1...3.1.2
• Client release: 3.1.2
• engine.io version: ~4.1.0
• ws version: ~7.4.2

v3.1.1

Compare Source

Bug Fixes

• properly parse the CONNECT packet in v2 compatibility mode (6f4bd7f)
• typings: add return types and general-case overload signatures (#​3776) (9e8f288)
• typings: update the types of "query", "auth" and "headers" (4f2e9a7)

Links:

• Diff: socketio/socket.io@3.1.0...3.1.1
• Client release: 3.1.1
• engine.io version: ~4.1.0
• ws version: ~7.4.2

---

• If you want to rebase/retry this PR, check this box