[Snyk] Security upgrade engine.io from 1.8.2 to 3.4.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: engine.io

The new version differs by 71 commits.

• ecfcc69 [chore] Release 3.4.0
• 7bf7581 [chore] Bump engine.io-parser to version 2.2.0
• c471e03 [chore] Bump `ws` to latest version (share the same socket.io channel among browser tabs socketio/socket.io#587)
• c144895 [feat] add additional debug messages (Session update socketio/socket.io#586)
• a967626 [chore] Bump debug to version 4.1.0 (Fixes #520. Updates to latest node_redis. socketio/socket.io#581)
• 5bbbfe2 [ci] remove Node.js 4 and 6 from the build matrix
• ad844f4 [fix] Deprecated Buffer usage in dependency (hybi-17 Unsupported socketio/socket.io#585)
• cb0ac6f [chore] Release 3.3.2
• ec4e12a [revert] Allow configuration of `Access-Control-Allow-Origin` value (Support Hybi10 binaryType socketio/socket.io#511)
• 64d6044 [chore] Release 3.3.1
• 9956445 [fix] Replace deprecated Buffer usage (Can't disable flash policy server socketio/socket.io#565)
• e081616 [chore] Point towards branch 'develop' of engine.io-client
• 2c856ca [chore] Release 3.3.0
• 3e2f415 [chore] Bump ws to version 6.1.0 (fixes #538 socketio/socket.io#564)
• ebf1a96 [feat] Allow configuration of `Access-Control-Allow-Origin` value (Support Hybi10 binaryType socketio/socket.io#511)
• 0151c6a [chore] Release 3.2.1
• bc7b239 [fix] Processing error code on abort connection (Hardcore caching for pro's socketio/socket.io#562)
• 6a16ea1 [test] Remove unnecessary assertion in test case (Blocking behavior when using polling socketio/socket.io#556)
• d93ef6a [docs] Add some initialization examples in the README
• 52ebe41 [chore] Release 3.2.0
• c624751 [revert] Make generateId method async ("websocket connection invalid" happens nondeterministically  socketio/socket.io#535)
• be3833b [refactor] Use Buffer.concat([]) to construct an empty buffer (throw new Error('Socket is not writable'); socketio/socket.io#555)
• 65b1ad1 [chore] Update default values for pingTimeout (Adding auth to the redis store. socketio/socket.io#551)
• 63e2528 [chore] Release 3.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic