Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump engine.io from 6.1.3 to 6.4.2 in /twake/backend/node #2795

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 3, 2023

Bumps engine.io from 6.1.3 to 6.4.2.

Release notes

Sourced from engine.io's releases.

6.4.2

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @​tyilo and @​cieldeville for helping!

Links

6.4.1

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Links

6.4.0

Features

  • add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.4.2 (2023-05-02)

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @​tyilo and @​cieldeville for helping!

Dependencies

6.4.1 (2023-02-20)

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Dependencies

6.4.0 (2023-02-06)

... (truncated)

Commits
  • 95e2153 chore(release): 6.4.2
  • fc480b4 fix: prevent crash when provided with an invalid query param
  • 0141951 refactor(types): ensure compatibility with Express middlewares
  • 8b22162 fix(uws): prevent crash when using with middlewares
  • 9395782 fix: include error handling for Express middlewares (#674)
  • 911d0e3 refactor: return HTTP 400 upon invalid request overlap
  • bd6d471 fix(typings): make clientsCount public (#675)
  • 7033c0e chore(release): 6.4.1
  • 6e78489 refactor: export BaseServer class (#669)
  • 535b068 docs: add upgrade event in the documentation
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [engine.io](https://github.com/socketio/engine.io) from 6.1.3 to 6.4.2.
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@6.1.3...6.4.2)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 3, 2023
@github-actions
Copy link

github-actions bot commented May 3, 2023

Lines Statements Branches Functions
Coverage: 59%
59.35% (5305/8939) 50.49% (2250/4456) 59.03% (1304/2209)
Coverage Report (10%)
File% Stmts% Branch% Funcs% LinesUncovered Line #s
All files10.287.498.9510.46 
core/config0000 
   index.ts0000 
core/crypto83.8272.7366.6783.82 
   index.ts7571.4333.337537–49
   legacy.ts84.6262.55084.6214, 41
   v1.ts8577.781008526, 48, 62
   v2.ts86.9677.7810086.9626, 48, 65
core/platform/framework46.8831.585046.88 
   configuration.ts87.542.8610087.527
   event-bus.ts21.4302521.4319–43
   factory.ts16.670016.6720–28
   index.ts0000 
   logger.ts1005010010010–21
core/platform/framework/api10.322.7811.1110.57 
   application-configuration.ts0000 
   class.ts0000 
   component.ts000010–65
   constants.ts100100100100 
   container.ts000017–71
   context.ts0000 
   crud-service.ts39.132527.7842.8690–94, 102–167
   index.ts0000 
   lifecycle.ts0000 
   service-configuration.ts0000 
   service-definition.ts0000 
   service-interface.ts0000 
   service-options.ts0000 
   service-provider.ts0000 
   service-state.ts0000 
   service.ts1.75001.7524–131
core/platform/framework/decorators28.57033.3328.57 
   consumes.ts10001001003
   index.ts0000 
   prefix.ts00005–6
   service-name.ts00005–7
core/platform/framework/decorators/realtime83.0265.798584.31 
   created.ts10083.3310010031
   deleted.ts10083.3310010025
   index.ts83.3361.11759066
   saved.ts300503018–38
   updated.ts100100100100 
core/platform/framework/utils0000 
   component-utils.ts000015–107
   loader.ts00009–43
core/platform/services/database/services/orm62.538.4666.6764.52 
   utils.ts62.538.4666.6764.5218–31, 62–63, 89, 103
core/platform/services/database/services/orm/connectors/cassandra42.3733.338040.54 
   query-builder.ts88.3770.3784.6289.1927, 67–71, 127
   typeTransforms.ts1611.835016.2240–43, 48, 51, 57, 63–104, 112–173
core/platform/services/database/services/orm/decorators10080100100 
   column.ts100100100100 
   entity.ts1005010010023
   index.ts0000 
core/platform/services/knowledge-graph0000 
   api-client.ts000015–178
   index.ts000022–165
   types.ts0000 
core/platform/services/message-queue83.3371.8888.8987.5 
   api.ts83.3371.8888.8987.5165, 190, 201, 249–253
core/platform/services/realtime66.675066.6766.67 
   bus.ts7510066.677514
   types.ts505066.675021
services5005 
   global-resolver.ts5005134–225
services/applications010000 
   realtime.ts0100004–12
services/applications/entities12.5100012.5 
   application.search.ts0100006
   application.ts1010001014–101
   company-application.ts2010002012–27
services/applications/services0000 
   applications.ts000029–141
   company-applications.ts000031–182
   hooks.ts000021–92
   internal-event-to-hooks.ts00009–52
services/channels100100100100 
   types.ts0000 
   utils.ts100100100100 
services/channels/entities1.45001.45 
   channel-activity.ts000013–57
   channel-counters.ts100100100100 
   channel-member-read-cursors.ts01000012–26
   channel-member.ts000019–137
   channel-pending-emails.ts01000013–45
   channel.search.ts0100006
   channel.ts000017–105
   default-channel.ts01000012–33
   direct-channel.ts000018–46
   index.ts0000 
   member.ts0100004
   tab.ts000011–48
services/channels/services0000 
   tab.ts000024–135
services/channels/services/channel0.34000.35 
   realtime.ts00007–49
   service.ts0.36000.3766–983
   types.ts000033–65
services/channels/services/channel/default2.33002.35 
   listener.ts3.57003.5713–110
   service.ts1.72001.7536–256
services/channels/services/channel/pending-emails3.57003.7 
   service.ts3.57003.733–178
services/channels/services/member1.28001.31 
   realtime.ts00007–40
   service.ts1.32001.3690–910
services/channels/services/pubsub9.33009.33 
   index.ts01000011–22
   new-channel-activity.ts7.69007.6919–85
   new-direct-channel-message.ts4.17004.1714–87
   new-pending-emails-in-workspace-join-channels.ts20002019–51
   new-user-in-workspace-join-default-channels.ts16.670016.6718–52
   new-workspace.ts11.110011.1111–51
services/console5.26005.26 
   client-factory.ts16.670016.679–16
   service.ts000023–76
services/console/clients0000 
   internal.ts000034–105
   remote.ts000036–509
services/console/processing1001.02 
   merge.ts1001.0257–416
services/documents8.73009.48 
   const.ts100100100100 
   utils.ts8.33009.0540–84, 98–117, 126–128, 142–152, 162–167, 177–182, 198–231, 247–263, 281–301, 322–331, 350–445, 463–519, 541–574, 585–602, 613–627, 640–656, 671–684, 711–739, 759–805
services/documents/entities9.09009.09 
   drive-file.search.ts00005
   drive-file.ts7.1410007.1416–70
   drive-twake-tab.ts16.67100016.6711–27
   file-version.ts8.3310008.3311–54
services/documents/services0000 
   index.ts000055–838
services/documents/services/engine0000 
   extract-keywords.ts000013–77
   index.ts0100009–16
   save-keywords.ts000013–62
services/files28.570033.33 
   utils.ts28.570033.335–9, 20
services/files/entities0000 
   file.ts000010–51
services/files/services0000 
   index.ts000023–312
   preview.ts000018–65
services/files/web28.57100028.57 
   routes.ts28.57100028.578–50, 54, 58
services/files/web/controllers0000 
   files.ts000017–104
   index.ts0000 
services/messages/entities11.880011.88 
   message-channel-marked-refs.ts1010001011–50
   message-channel-refs-reversed.ts14.29100014.2911–38
   message-channel-refs.ts14.29100014.2911–38
   message-file-refs.ts8.3310008.3311–58
   message-files.search.ts2000206–28
   message-files.ts2510002513–22
   message-user-inbox-refs-reversed.ts16.67100016.6711–34
   message-user-inbox-refs.ts12.5100012.511–42
   message-user-marked_refs.ts1010001011–50
   messages.search.ts00008–38
   messages.ts1010001017–132
   threads.ts12.5100012.511–50
   user-message-bookmarks.ts14.29100014.2911–36
services/messages/services0.76000.79 
   messages-files.ts000018–168
   messages-operations.ts000025–299
   messages.ts0.32000.3375–1056, 1064
   threads.ts000030–302
   user-bookmarks.ts000027–100
   utils.ts12.120013.3321–23, 34–58, 69–72, 85–92
   views.ts000044–454
services/messages/services/engine0000 
   index.ts000035–110
services/messages/services/engine/processors/channel-marked0000 
   index.ts000015–41
services/messages/services/engine/processors/channel-view0000 
   index.ts000019–140
services/messages/services/engine/processors/files0000 
   index.ts000019–140
services/messages/services/engine/processors/links0000 
   index.ts000017–83
services/messages/services/engine/processors/message-to-hooks0000 
   index.ts000013–101
services/messages/services/engine/processors/message-to-notifications0000 
   index.ts000016–173
services/messages/services/engine/processors/system-activity-message0000 
   index.ts000011–49
services/messages/services/engine/processors/user-inbox0000 
   index.ts000022–89
services/messages/services/engine/processors/user-marked010000 
   index.ts0100009
services/messages/web50100050 
   realtime.ts501000504, 8, 12
services/messages/web/controllers0.5000.51 
   index.ts16.67002013–17
   messages.ts000054–522
   threads.ts000042–90
   user-bookmarks.ts000038–122
   views.ts000037–309
services/messages/web/controllers/views1.96002 
   recent-files.ts000019–28
   search-files.ts2.08002.1344–63, 77–210
services/notifications/entities31.031004.7631.03 
   channel-member-notification-preferences.ts37.5100037.515–33, 49
   channel-thread-users.ts33.331002033.3315–38
   index.ts0000 
   user-notification-badges.ts27.27100027.2720–63, 77
   user-notification-digest.ts2510002518–42
services/notifications/notifiers88.8910010088.89 
   index.ts0000 
   mobile-push.ts88.8910010088.8929
services/notifications/services0.9201.640.98 
   bages.ts000036–300
   channel-preferences.ts2.86003.0324–155
   channel-thread-users.ts000022–66
   digest.ts000019–161
   mobile-push.ts000013–57
   preferences.ts000026–141
   realtime.ts5010050504
services/notifications/services/engine010000 
   index.ts01000018–34
services/notifications/services/engine/processors40.132.950.9439.5 
   channel-member-created.ts000016–73
   channel-member-deleted.ts000015–95
   channel-member-updated.ts000014–49
   mark-channel-as-read.ts000011–64
   mark-channel-as-unread.ts000011–62
   mobile-push-notifications.ts000016–46
   new-channel-message.ts96.1575.7694.449632, 94
   push-to-users.ts68.8954.1771.4368.8939, 76–77, 131, 192–193, 206–209, 213–216
   reaction-notification.ts000020–128
services/online100100100100 
   constants.ts100100100100 
services/online/entities20100020 
   user-online.ts2010002012–31
services/online/pubsub0000 
   index.ts000010–25
   processor.ts000014–50
services/online/service0000 
   index.ts000019–172
services/previews60755065.22 
   utils.ts60755065.2210–13, 26, 31, 46, 65
services/previews/services/files/engine1.92002 
   clear.ts000012–46
   index.ts01000011–13
   service.ts2.7002.7819–116
services/previews/services/files/processing37.1734.6264.7137.5 
   image.ts000014–53
   office.ts10001012–27
   pdf.ts000011–42
   service.ts000021–69
   video.ts97.629010097.62127
services/previews/services/links/engine0000 
   index.ts0100007–9
   service.ts000013–78
services/previews/services/links/processing91.6766.6710091.67 
   image.ts1005010010014
   link.ts91.366.6710091.346, 56
   service.ts85.717010085.7133, 44
services/statistics100100100100 
   types.ts100100100100 
services/statistics/entities50100050 
   statistics.ts5010005029
services/statistics/pubsub11.110011.11 
   messages.ts11.110011.119–30
services/statistics/service0000 
   index.ts000016–67
services/tags/entities28.57100028.57 
   index.ts0000 
   tags.ts28.57100028.5718–41, 49
services/tags/services010000 
   tags.ts01000021–55
services/user010000 
   realtime.ts0100009–44
services/user/entities22.220022.22 
   company.ts5010005061
   company_user.ts2510002526–62
   device.ts5010005031
   external_company.ts5010005026
   external_user.ts5010005024
   user.search.ts00006–18
   user.ts9.09009.0931–146
services/user/services0000 
   companies.ts000049–351
services/user/services/external_links0000 
   index.ts000018–64
services/user/services/users0000 
   service.ts000051–392
services/user/web0000 
   types.ts0000 
services/workspaces010000 
   realtime.ts0100006–29
services/workspaces/entities37.50040 
   workspace.ts5010005049
   workspace_counters.ts100100100100 
   workspace_invite_domain.ts5010005029
   workspace_invite_tokens.ts5010005035
   workspace_pending_users.ts5010005036
   workspace_user.ts14.290016.6725–48
services/workspaces/services0000 
   workspace.ts000082–862
utils10.1103.9210.29 
   coalesce.ts00003–6
   company.ts00005–46
   counters.ts100011.1114–22
   files.ts17.50019.4414–16, 25–26, 38–55, 65, 75–80, 91–103
   handleError.ts00006–10
   messages.ts000010–110
   mime.ts100100100100 
   password-encoder.ts00007–80
   pick.ts100100100100 
   types.ts100100100100 
   users.ts000015–94
   uuid-reducer.ts250033.332–4, 11–13
   workspace.ts00007–46

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants