[Snyk] Upgrade engine.io-client from 4.0.0 to 6.1.1

[snyk-bot]

Snyk has created this PR to upgrade engine.io-client from 4.0.0 to 6.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 23 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-11-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: engine.io-client

• 6.1.1 - 2021-11-14
  

  Bug Fixes

  • add package name in nested package.json (6e798fb)
  • fix vite build for CommonJS users (c557707)

  Links

  • Diff: 6.1.0...6.1.1
  • Server release: -
  • ws version: ~8.2.3
• 6.1.0 - 2021-11-08
  

  The minor bump is due to changes on the server side.

  Bug Fixes

  • typings: allow any value in the query option (018e1af)
  • typings: allow port to be a number (#680) (8f68f77)

  Links

  • Diff: 6.0.2...6.1.0
  • Server release: 6.1.0
  • ws version: ~8.2.3
• 6.0.3 - 2021-11-14
  

  Some bug fixes were backported from master, to be included by the latest socket.io-client version.

  Bug Fixes

  • add package name in nested package.json (32511ee)
  • fix vite build for CommonJS users (9fcaf58)

  Links

  • Diff: 6.0.2...6.0.3
  • Server release: -
  • ws version: ~8.2.3
• 6.0.2 - 2021-10-15
  

  Bug Fixes

  • bundle: fix vite build (faa9f31)

  Links

  • Diff: 6.0.1...6.0.2
  • Server release: -
  • ws version: ~8.2.3
• 6.0.1 - 2021-10-14
  

  Bug Fixes

  • fix usage with vite (4971914)

  Links

  • Diff: 6.0.0...6.0.1
  • Server release: -
  • ws version: ~8.2.3
• 6.0.0 - 2021-10-08
  

  This major release contains three important changes:

  • the codebase was migrated to TypeScript (7245b80)
  • rollup is now used instead of webpack to create the bundles (27de300)
  • code that provided support for ancient browsers (think IE8) was removed (c656192 and b2c7381)

  There is now three distinct builds (in the build/ directory):

  • CommonJS
  • ESM with debug
  • ESM without debug (rationale here: 00d7e7d)

  And three bundles (in the dist/ directory) :

  • engine.io.js: unminified UMD bundle
  • engine.io.min.js: minified UMD bundle
  • engine.io.esm.min.js: ESM bundle

  Please note that the communication protocol was not updated, so a v5 client will be able to reach a v6 server (and vice-versa).

  Reference: https://github.com/socketio/engine.io-protocol

  Features

  • provide an ESM build without debug (00d7e7d)

  BREAKING CHANGES

  • the enableXDR option is removed (c656192)
  • the jsonp and forceJSONP options are removed (b2c7381)

  Links

  • Diff: 5.2.0...6.0.0
  • Server release: 6.0.0
  • ws version: ~8.2.3 (diff)
• 5.2.0 - 2021-08-29
  

  Features

  • add an option to use native timer functions (#672) (5d1d5be)

  Links

  • Diff: 5.1.2...5.2.0
  • Server release: 5.2.0
  • ws version: ~7.4.2
• 5.1.2 - 2021-06-24
  

  Bug Fixes

  • emit ping when receiving a ping from the server (589d3ad)
  • websocket: fix timer blocking writes (#670) (f30a10b)

  Links

  • Diff: 5.1.1...5.1.2
  • Server release: -
  • ws version: ~7.4.2
• 5.1.1 - 2021-05-11
• 5.1.0 - 2021-05-04
• 5.0.1 - 2021-03-31
• 5.0.0 - 2021-03-10
• 4.1.4 - 2021-05-05
• 4.1.3 - 2021-03-31
• 4.1.2 - 2021-02-25
• 4.1.1 - 2021-02-02
• 4.1.0 - 2021-01-14
• 4.0.6 - 2021-01-04
• 4.0.5 - 2020-12-07
• 4.0.4 - 2020-11-17
• 4.0.3 - 2020-11-17
• 4.0.2 - 2020-11-09
• 4.0.1 - 2020-10-21
• 4.0.0 - 2020-09-10

from engine.io-client GitHub release notes

Commit messages

Package name: engine.io-client

• 3c40aa9 chore(release): 6.1.1
• 6e798fb fix: add package name in nested package.json
• c557707 fix: fix vite build for CommonJS users
• 8de51c3 chore: add bundle files as exportable asset (Discard writes made to an aborted uWS response socketio/engine.io#682)
• 2793628 chore: make postcompile.sh script work on macOS (Update userver.ts to work with alien mode socketio/engine.io#681)
• e7b4700 chore(release): 6.1.0
• e7ebf4b chore: update caniuse-lite
• c813fff test: skip flaky test
• 018e1af fix(typings): allow any value in the query option
• 8f68f77 fix(typings): allow port to be a number (#680)
• 68dc241 chore(release): 6.0.2
• faa9f31 fix(bundle): fix vite build
• 9a62294 chore(release): 6.0.1
• 00fcb6e chore: export package.json file
• 4971914 fix: fix usage with vite
• b3bb73a chore: bump @ socket.io/component-emitter to version 3.0.0
• 1524413 chore(release): 6.0.0
• c656192 refactor: remove XDomainRequest support
• 00d7e7d feat: provide an ESM build without debug
• b2c7381 refactor: remove JSONP polling
• 27de300 chore: migrate to rollup
• 221433e chore: bump ws
• 7245b80 chore: migrate to TypeScript
• c7e27b0 chore(release): 5.2.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs