[Snyk] Upgrade engine.io from 6.5.0 to 6.5.5

[X-oss-byte]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade engine.io from 6.5.0 to 6.5.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.

• The recommended version was released on 23 days ago.

Release notes

Package name: engine.io

• 6.5.5 - 2024-06-18
  

  This release contains a bump of the ws dependency, which includes an important security fix.

  Advisory: GHSA-3h5v-q93c-6h6q

  Bug Fixes

  • types: make socket.request writable (#697) (0efa04b)

  Links

  • Diff: 6.5.4...6.5.5
  • Client release: -
  • ws@~8.17.1 (diff)
• 6.5.4 - 2023-11-09
  

  This release contains some minor changes which should improve the memory usage of the server, notably this.

  Links

  • Diff: 6.5.3...6.5.4
  • Client release: -
  • ws version: ~8.11.0 (no change)
• 6.5.3 - 2023-10-06
  

  Bug Fixes

  • improve compatibility with node16 module resolution (#689) (c6bf8c0)
  • webtransport: properly handle abruptly closed connections (ff1c861)

  Links

  • Diff: 6.5.2...6.5.3
  • Client release: -
  • ws version: ~8.11.0 (no change)
• 6.5.2 - 2023-08-02
  

  Bug Fixes

  • webtransport: add proper framing (a306db0)

  Links

  • Diff: 6.5.1...6.5.2
  • Client release: -
  • ws version: ~8.11.0 (no change)
• 6.5.2-alpha.1 - 2023-08-01
• 6.5.1 - 2023-06-27
  

  Bug Fixes

  • prevent crash when accessing TextDecoder (#684) (6dd2bc4)

  Credits

  Huge thanks to @ iowaguy for helping!

  Links

  • Diff: 6.5.0...6.5.1
  • Client release: -
  • ws version: ~8.11.0 (no change)
• 6.5.0 - 2023-06-16
  

  Bug Fixes

  • uws: discard any write to an aborted uWS response (#682) (3144d27)

  Features

  Support for WebTransport

  The Engine.IO server can now use WebTransport as the underlying transport.

  WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. It's intended for two-way communications between a web client and an HTTP/3 server.

  References:

  • https://w3c.github.io/webtransport/
  • https://developer.mozilla.org/en-US/docs/Web/API/WebTransport
  • https://developer.chrome.com/articles/webtransport/

  Until WebTransport support lands in Node.js, you can use the @ fails-components/webtransport package:

  https://w3c.github.io/webtransport/#custom-certificate-requirements)
  const cert = readFileSync("/path/to/my/cert.pem");
  const key = readFileSync("/path/to/my/key.pem");

  const httpsServer = createServer({
  key,
  cert
  });

  httpsServer.listen(3000);

  const engine = new Server({
  transports: ["polling", "websocket", "webtransport"] // WebTransport is not enabled by default
  });

  engine.attach(httpsServer);

  const h3Server = new Http3Server({
  port: 3000,
  host: "0.0.0.0",
  secret: "changeit",
  cert,
  privKey: key,
  });

  (async () => {
  const stream = await h3Server.sessionStream("/engine.io/");
  const sessionReader = stream.getReader();

  while (true) {
  const { done, value } = await sessionReader.read();
  if (done) {
  break;
  }
  engine.onWebTransportSession(value);
  }
  })();

  h3Server.startServer();">

  import { readFileSync } from "fs";
  
  import { createServer } from "https";
  
  import { Server } from "engine.io";
  
  import { Http3Server } from "@ fails-components/webtransport";
  
  // WARNING: the total length of the validity period MUST NOT exceed two weeks (https://w3c.github.io/webtransport/#custom-certificate-requirements)
  
  const cert = readFileSync("/path/to/my/cert.pem");
  
  const key = readFileSync("/path/to/my/key.pem");
  const httpsServer = createServer({
  
  key,
  
  cert
  
  });
  httpsServer.listen(3000);
  const engine = new Server({
  
  transports: ["polling", "websocket", "webtransport"] // WebTransport is not enabled by default
  
  });
  engine.attach(httpsServer);
  const h3Server = new Http3Server({
  
  port: 3000,
  
  host: "0.0.0.0",
  
  secret: "changeit",
  
  cert,
  
  privKey: key,
  
  });
  (async () => {
  
  const stream = await h3Server.sessionStream("/engine.io/");
  
  const sessionReader = stream.getReader();
  while (true) {
  
  const { done, value } = await sessionReader.read();
  
  if (done) {
  
  break;
  
  }
  
  engine.onWebTransportSession(value);
  
  }
  
  })();
  h3Server.startServer();

  Added in 123b68c.

  Credits

  Huge thanks to @ OxleyS for helping!

  Links

  • Diff: 6.4.2...6.5.0
  • Client release: 6.5.0
  • ws version: ~8.11.0 (no change)

from engine.io GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8e4d444

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.