Open
Conversation
Bumps [xmlhttprequest-ssl](https://github.com/mjwwit/node-XMLHttpRequest) from 1.5.5 to 2.0.0. - [Release notes](https://github.com/mjwwit/node-XMLHttpRequest/releases) - [Commits](mjwwit/node-XMLHttpRequest@1.5.5...2.0.0) --- updated-dependencies: - dependency-name: xmlhttprequest-ssl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
atomist
bot
added
auto-branch-delete:on-close
Related: #510
```js
const { App } = require("uWebSockets.js");
const { uServer } = require("engine.io");
const app = new App();
const server = new uServer();
server.attach(app);
app.listen(3000);
```
Reference: https://github.com/uNetworking/uWebSockets.js
Related: #578
The v3 parser (used for compatibility with older clients) was broken during the migration to TypeScript ([1]). This was not caught in the test suite because the Node.js client does not support binary packet in polling mode (packets are base64-encoded). [1]: c0d6eaa Backported from 6.0.x branch: 3f42262
The uWebSocket.js App has no close method for now, so we can't properly stop the engine at the end of the tests, hence the "--exit".
Merged from the 6.0.x branch.
**IMPORTANT SECURITY FIX** A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process: > RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear > at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14) > at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22) > at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10) > at writeOrBuffer (internal/streams/writable.js:358:12) This bug was introduced by [1], included in `engine.io@4.0.0`, so previous releases are not impacted. [1]: f3c291f Thanks to Marcus Wejderot from Mevisio for the responsible disclosure.
…636) Bumps [engine.io](https://github.com/socketio/engine.io) from 4.0.0 to 4.1.2. - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/4.1.2/CHANGELOG.md) - [Commits](4.0.0...4.1.2) --- updated-dependencies: - dependency-name: engine.io dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
When binding to an uWebSockets.js App, there was an unhandled case that could crash the server: ``` curl "http://localhost:3000/engine.io/?EIO=4&transport=websocket" ``` would result in: ``` Error: Returning from a request handler without responding or attaching an abort handler is forbidden! terminate called without an active exception ``` Note: this does not apply to the default server based on ws, because the error was caught elsewhere in the source code. Related: socketio/socket.io#4250
You can now pass additional options:
```js
const { App } = require("uWebSockets.js");
const { uServer } = require("engine.io");
const app = new App();
const server = new uServer();
server.attach(app, {
compression: uWS.DEDICATED_COMPRESSOR_128KB, // defaults to none
idleTimeout: 60, // defaults to 120
maxBackpressure: 8 * 1024 // defaults to 1024 * 1024
});
app.listen(3000);
```
Related: #633
When binding to an uWebSockets.js application, the server could crash
with the following error:
```
TypeError: res.onData is not a function
at Polling.onDataRequest (build/transports-uws/polling.js:133:13)
at Polling.onRequest (build/transports-uws/polling.js:47:18)
at callback (build/userver.js:80:56)
```
Related: #637
Note to future self: URL for dependencies from GitHub must use "git+https" instead of "git+ssh" to make the CI pass, else you will encounter the following error: ``` npm ERR! Error while executing: npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/uNetworking/uWebSockets.js.git npm ERR! npm ERR! Warning: Permanently added the RSA host key for IP address '140.82.112.3' to the list of known hosts. npm ERR! git@github.com: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository. npm ERR! npm ERR! Please make sure you have the correct access rights npm ERR! and the repository exists. npm ERR! npm ERR! exited with error code: 128 ```
Merged from #630
With the engine based on µWebSockets.js (introduced in version 6.1.0), a huge request body split in multiple chunks would throw the following error: > node:buffer:254 > TypedArrayPrototypeSet(target, source, targetStart); > ^ > > TypeError: Cannot perform %TypedArray%.prototype.set on a detached ArrayBuffer > at Buffer.set (<anonymous>) > at _copyActual (node:buffer:254:3) > node:buffer:254 > TypedArrayPrototypeSet(target, source, targetStart); > ^ > > TypeError: Cannot perform %TypedArray%.prototype.set on a detached ArrayBuffer > at Buffer.set (<anonymous>) > at _copyActual (node:buffer:254:3) > at Function.concat (node:buffer:562:12) > at onEnd (.../node_modules/engine.io/build/transports-uws/polling.js:126:32) > at .../node_modules/engine.io/build/transports-uws/polling.js:143:17 Note: µWebSockets.js does not currently support chunked transfer encoding.
In order to make sure the types added in [1] are included. Related: - #639 - #640 [1]: socketio/engine.io-parser@ad5bd7d
Before this, the connection was closed abrutly with an HTTP 502 response. See also: f8100f9 Related: socketio/socket.io#4293
So that clients in HTTP long-polling can decide how many packets they
have to send to stay under the maxHttpBufferSize value.
This is a backward compatible change which should not mandate a new
major revision of the protocol (we stay in v4), as we only add a field
in the JSON-encoded handshake data:
```
0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}
```
Related: socketio/socket.io-client#1531
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )