chore(deps): bump engine.io, @nestjs/platform-socket.io and socket.io

[dependabot]

Bumps engine.io, @nestjs/platform-socket.io and socket.io. These dependencies needed to be updated together.
Updates engine.io from 6.0.1 to 6.2.0

Release notes

Sourced from engine.io's releases.

6.2.0

Features

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

Links

• Diff: socketio/engine.io@6.1.3...6.2.0
• Client release: 6.2.0
• ws version: ~8.2.3

6.1.3

Bug Fixes

• typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
• uws: properly handle chunked content (#642) (3367440)

Links

• Diff: socketio/engine.io@6.1.2...6.1.3
• Client release: -
• ws version: ~8.2.3

6.1.2

Bug Fixes

• uws: expose additional uWebSockets.js options (#634) (49bb7cf)
• uws: fix HTTP long-polling with CORS (45112a3)
• uws: handle invalid websocket upgrades (8b4d6a8)

Links

• Diff: socketio/engine.io@6.1.1...6.1.2
• Client release: -
• ws version: ~8.2.3

6.1.1

⚠️ This release contains an important security fix ⚠️

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.2.0 (2022-04-17)

Features

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

6.1.3 (2022-02-23)

Bug Fixes

• typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
• uws: properly handle chunked content (#642) (3367440)

6.1.2 (2022-01-18)

Bug Fixes

• uws: expose additional uWebSockets.js options (#634) (49bb7cf)
• uws: fix HTTP long-polling with CORS (45112a3)
• uws: handle invalid websocket upgrades (8b4d6a8)

6.1.1 (2022-01-11)

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14) at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22) at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10)

... (truncated)

Commits

• d7e3ab7 chore(release): 6.2.0
• 088dcb4 feat: add the "maxPayload" field in the handshake details
• 657f04e chore: add Node.js 16 in the test matrix
• e24b27b refactor: return an HTTP 413 response for too large payloads
• ce3fe9d chore(release): 6.1.3
• 1bc5b1a chore: bump engine.io-parser to version 5.0.3
• 5df4f18 perf(uws): remove nested inner functions
• 3367440 fix(uws): properly handle chunked content (#642)
• a463d26 fix(typings): allow CorsOptionsDelegate as cors options (#641)
• 90fb0a9 chore(release): 6.1.2
• Additional commits viewable in compare view

Updates @nestjs/platform-socket.io from 8.2.3 to 8.4.7

Release notes

Sourced from @​nestjs/platform-socket.io's releases.

v8.4.7 (2022-06-14)

Enhancements

• microservices
  • #9719 feat(microservices): exposes base context on the main package (@​delucca)
  • #9751 fix(microservices): adds feedback message when RabbitMQ server connection hangs (@​delucca)
• common
  • #9742 Improve stripProtoKeys performance, especially for TypedArray (@​mjgp2)

Dependencies

• #9731 chore(deps-dev): bump apollo-server-core from 3.8.1 to 3.8.2 (@​dependabot[bot])
• #9762 chore(deps-dev): bump lint-staged from 13.0.0 to 13.0.1 (@​dependabot[bot])
• #9764 chore(deps-dev): bump graphql-tools from 8.2.11 to 8.2.12 (@​dependabot[bot])
• #9765 chore(deps-dev): bump point-of-view from 6.2.1 to 6.3.0 (@​dependabot[bot])
• #9769 chore(deps-dev): bump mongoose from 6.3.5 to 6.3.8 (@​dependabot[bot])
• #9729 chore(deps-dev): bump cache-manager from 4.0.0 to 4.0.1 (@​dependabot[bot])
• #9730 chore(deps-dev): bump typescript from 4.7.2 to 4.7.3 (@​dependabot[bot])
• #9732 chore(deps-dev): bump apollo-server-express from 3.8.1 to 3.8.2 (@​dependabot[bot])
• #9735 chore(deps-dev): bump ts-morph from 15.0.0 to 15.1.0 (@​dependabot[bot])
• #9740 chore(deps-dev): bump @​grpc/proto-loader from 0.6.12 to 0.6.13 (@​dependabot[bot])
• #9756 chore(deps-dev): bump @​types/node from 17.0.38 to 17.0.42 (@​dependabot[bot])
• #9757 chore(deps): bump fast-json-stringify from 3.2.0 to 4.1.0 (@​dependabot[bot])
• #9711 chore(deps-dev): bump @​nestjs/apollo from 10.0.13 to 10.0.14 (@​dependabot[bot])
• #9712 chore(deps-dev): bump lint-staged from 12.5.0 to 13.0.0 (@​dependabot[bot])
• #9710 chore(deps-dev): bump cache-manager from 3.6.3 to 4.0.0 (@​dependabot[bot])
• #9709 chore(deps-dev): bump @​commitlint/cli from 17.0.1 to 17.0.2 (@​dependabot[bot])
• #9713 chore(deps-dev): bump core-js from 3.22.7 to 3.22.8 (@​dependabot[bot])
• #9723 chore(deps-dev): bump @​nestjs/graphql from 10.0.13 to 10.0.15 (@​dependabot[bot])
• #9722 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 (@​dependabot[bot])
• #9721 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 in /sample/04-grpc (@​dependabot[bot])
• #9724 chore(deps-dev): bump amqplib from 0.9.1 to 0.10.0 (@​dependabot[bot])
• #9700 chore(deps-dev): bump kafkajs from 2.0.1 to 2.0.2 (@​dependabot[bot])
• #9701 chore(deps-dev): bump @​types/node from 17.0.36 to 17.0.38 (@​dependabot[bot])
• #9702 chore(deps-dev): bump point-of-view from 5.3.0 to 6.2.1 (@​dependabot[bot])
• #9703 chore(deps-dev): bump lint-staged from 12.4.3 to 12.5.0 (@​dependabot[bot])

Committers: 5

• Antonio T. alias Tony (@​Tony133)
• Daniel De Lucca (@​delucca)
• Matthew Painter (@​mjgp2)
• Sushant Zope (@​sushant9096)
• Volodymyr Tytarenko (@​bovatitar)

v8.4.5 (2022-05-13)

Bug fixes

• core
  • #9456 fix(core): scoped injection with symbol field name (@​MyAeroCode)

Enhancements

... (truncated)

Commits

• f383352 chore(@​nestjs) publish v8.4.7 release
• 11c32df Merge pull request #9731 from nestjs/dependabot/npm_and_yarn/apollo-server-co...
• 995b516 Merge pull request #9719 from delucca-workspaces/feat/export-base-rpc-context
• 5523139 Merge pull request #9686 from sushant9096/master
• 279f6fa Merge pull request #9751 from delucca-workspaces/fix/server-transport-connect...
• 52cf0b7 Merge pull request #9762 from nestjs/dependabot/npm_and_yarn/lint-staged-13.0.1
• bc3b431 Merge pull request #9764 from nestjs/dependabot/npm_and_yarn/graphql-tools-8....
• ba971a7 Merge pull request #9765 from nestjs/dependabot/npm_and_yarn/point-of-view-6.3.0
• 6e7cf52 Merge pull request #9769 from nestjs/dependabot/npm_and_yarn/mongoose-6.3.8
• 92fc598 chore(deps-dev): bump mongoose from 6.3.5 to 6.3.8
• Additional commits viewable in compare view

Updates socket.io from 4.4.0 to 4.5.1

Release notes

Sourced from socket.io's releases.

4.5.1

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#4351) (9b43c91)

Links:

• Diff: socketio/socket.io@4.5.0...4.5.1
• Client release: 4.5.1
• engine.io version: ~6.2.0 (diff)
• ws version: ~8.2.3

4.5.0

Bug Fixes

• typings: ensure compatibility with TypeScript 3.x (#4259) (02c87a8)

Features

• add support for catch-all listeners for outgoing packets (531104d)

This is similar to onAny(), but for outgoing packets.

Syntax:

socket.onAnyOutgoing((event, ...args) => {
  console.log(event);
});

• broadcast and expect multiple acks (8b20457)

Syntax:

io.timeout(1000).emit("some-event", (err, responses) => {
  // ...
});

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.5.1 (2022-05-17)

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#4351) (9b43c91)

4.5.0 (2022-04-23)

Bug Fixes

• typings: ensure compatibility with TypeScript 3.x (#4259) (02c87a8)

Features

• add support for catch-all listeners for outgoing packets (531104d)

This is similar to onAny(), but for outgoing packets.

Syntax:

socket.onAnyOutgoing((event, ...args) => {
  console.log(event);
});

• broadcast and expect multiple acks (8b20457)

Syntax:

io.timeout(1000).emit("some-event", (err, responses) => {
  // ...
});

• add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

... (truncated)

Commits

• 5ab8289 chore(release): 4.5.1
• 30430f0 fix: forward the local flag to the adapter when using fetchSockets()
• 9b43c91 fix(typings): add HTTPS server to accepted types (#4351)
• 8ecfcba chore(release): 4.5.0
• 572133a docs(examples): update example with webpack
• 6e1bb62 chore: bump engine.io to version 6.2.0
• 06e6838 docs(examples): add server bundling example with rollup
• 1f03a44 docs(examples): update create-react-app example (#4347)
• be3d7f0 docs(examples): add TODO example with Postgres and Node.js cluster
• d12aab2 docs(examples): add example with express-session
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.