![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [engine.io](https://github.com/socketio/engine.io) to 6.2.1 and updates ancestor dependency [karma](https://github.com/karma-runner/karma). These dependencies need to be updated together. Updates `engine.io` from 3.2.1 to 6.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/socketio/engine.io/releases">engine.io's releases</a>.</em></p> <blockquote> <h2>6.2.1</h2> <p>:warning: This release contains an important security fix :warning:</p> <p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p> <pre><code>Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:209:20) Emitted 'error' event on Socket instance at: at emitErrorNT (internal/streams/destroy.js:106:8) at emitErrorCloseNT (internal/streams/destroy.js:74:3) at processTicksAndRejections (internal/process/task_queues.js:80:21) { errno: -104, code: 'ECONNRESET', syscall: 'read' } </code></pre> <p>Please upgrade as soon as possible.</p> <h3>Bug Fixes</h3> <ul> <li>catch errors when destroying invalid upgrades (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/658">#658</a>) (<a href="https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6">425e833</a>)</li> </ul> <h2>6.2.0</h2> <h2>Features</h2> <ul> <li>add the "maxPayload" field in the handshake details (<a href="https://github.com/socketio/engine.io/commit/088dcb4dff60df39785df13d0a33d3ceaa1dff38">088dcb4</a>)</li> </ul> <p>So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.</p> <p>This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:</p> <pre><code>0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000} </code></pre> <h4>Links</h4> <ul> <li>Diff: <a href="https://github.com/socketio/engine.io/compare/6.1.3...6.2.0">https://github.com/socketio/engine.io/compare/6.1.3...6.2.0</a></li> <li>Client release: <a href="https://github.com/socketio/engine.io-client/releases/tag/6.2.0">6.2.0</a></li> <li>ws version: <a href="https://github.com/websockets/ws/releases/tag/8.2.3">~8.2.3</a></li> </ul> <h2>6.1.3</h2> <h3>Bug Fixes</h3> <ul> <li><strong>typings:</strong> allow CorsOptionsDelegate as cors options (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/641">#641</a>) (<a href="https://github.com/socketio/engine.io/commit/a463d268ed90064e7863679bda423951de108c36">a463d26</a>)</li> <li><strong>uws:</strong> properly handle chunked content (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/642">#642</a>) (<a href="https://github.com/socketio/engine.io/commit/33674403084c329dc6ad026c4122333a6f8a9992">3367440</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/socketio/engine.io/blob/main/CHANGELOG.md">engine.io's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/socketio/engine.io/compare/6.2.0...6.2.1">6.2.1</a> (2022-11-20)</h2> <p>:warning: This release contains an important security fix :warning:</p> <p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p> <pre><code>Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:209:20) Emitted 'error' event on Socket instance at: at emitErrorNT (internal/streams/destroy.js:106:8) at emitErrorCloseNT (internal/streams/destroy.js:74:3) at processTicksAndRejections (internal/process/task_queues.js:80:21) { errno: -104, code: 'ECONNRESET', syscall: 'read' } </code></pre> <p>Please upgrade as soon as possible.</p> <h3>Bug Fixes</h3> <ul> <li>catch errors when destroying invalid upgrades (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/658">#658</a>) (<a href="https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6">425e833</a>)</li> </ul> <h1><a href="https://github.com/socketio/engine.io/compare/3.5.0...3.6.0">3.6.0</a> (2022-06-06)</h1> <h3>Bug Fixes</h3> <ul> <li>add extension in the package.json main entry (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/608">#608</a>) (<a href="https://github.com/socketio/engine.io/commit/3ad0567dbd57cfb7c2ff4e8b7488d80f37022b4a">3ad0567</a>)</li> <li>do not reset the ping timer after upgrade (<a href="https://github.com/socketio/engine.io/commit/1f5d4699862afee1e410fcb0e1f5e751ebcd2f9f">1f5d469</a>), closes <a href="https://github-redirect.dependabot.com//github-redirect.dependabot.com/socketio/socket.io-client-swift/pull/1309/issues/issuecomment-768475704">socketio/socket.io-client-swift#1309</a></li> </ul> <h3>Features</h3> <ul> <li>decrease the default value of maxHttpBufferSize (<a href="https://github.com/socketio/engine.io/commit/58e274c437e9cbcf69fd913c813aad8fbd253703">58e274c</a>)</li> </ul> <p>This change reduces the default value from 100 mb to a more sane 1 mb.</p> <p>This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.</p> <p>See also: <a href="https://github.com/advisories/GHSA-j4f2-536g-r55m">https://github.com/advisories/GHSA-j4f2-536g-r55m</a></p> <ul> <li>increase the default value of pingTimeout (<a href="https://github.com/socketio/engine.io/commit/f55a79a28a5fbc6c9edae876dd11308b89cc979e">f55a79a</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/socketio/engine.io/commit/24b847be6a61b64efc8c8c4d058a69259ad67693"><code>24b847b</code></a> chore(release): 6.2.1</li> <li><a href="https://github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6"><code>425e833</code></a> fix: catch errors when destroying invalid upgrades (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/658">#658</a>)</li> <li><a href="https://github.com/socketio/engine.io/commit/99adb00ba11d80ab27a4a2f4afd0eebd8aa406c5"><code>99adb00</code></a> chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...</li> <li><a href="https://github.com/socketio/engine.io/commit/d196f6a6b746b5e362b131a1a16901a3db12cb21"><code>d196f6a</code></a> chore(deps): bump minimatch from 3.0.4 to 3.1.2 (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/660">#660</a>)</li> <li><a href="https://github.com/socketio/engine.io/commit/7c1270f98c51e51dfae1237492a56276070fd10e"><code>7c1270f</code></a> chore(deps): bump nanoid from 3.1.25 to 3.3.1 (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/659">#659</a>)</li> <li><a href="https://github.com/socketio/engine.io/commit/535a01d8898a5cc858c9d6031fc5ecda96ea4579"><code>535a01d</code></a> ci: add Node.js 18 in the test matrix</li> <li><a href="https://github.com/socketio/engine.io/commit/1b71a6f5cb868c934696ae3cc1a92d1168ec8505"><code>1b71a6f</code></a> docs: remove "Vanilla JS" highlight from README (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/656">#656</a>)</li> <li><a href="https://github.com/socketio/engine.io/commit/917d1d29e13f2e8f523c3738f6413f67b587aebe"><code>917d1d2</code></a> refactor: replace deprecated <code>String.prototype.substr()</code> (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/646">#646</a>)</li> <li><a href="https://github.com/socketio/engine.io/commit/020801ab8ce2d4cba517fe04df89b39d403123a5"><code>020801a</code></a> chore: add changelog for version 3.6.0</li> <li><a href="https://github.com/socketio/engine.io/commit/ed1d6f912ce61b13e2ae7ce7a1027b8c5fae2f15"><code>ed1d6f9</code></a> test: make test script work on Windows (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/643">#643</a>)</li> <li>Additional commits viewable in <a href="https://github.com/socketio/engine.io/compare/3.2.1...6.2.1">compare view</a></li> </ul> </details> <br /> Updates `karma` from 3.0.0 to 6.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/karma-runner/karma/releases">karma's releases</a>.</em></p> <blockquote> <h2>v6.4.1</h2> <h2><a href="https://github.com/karma-runner/karma/compare/v6.4.0...v6.4.1">6.4.1</a> (2022-09-19)</h2> <h3>Bug Fixes</h3> <ul> <li>pass integrity value (<a href="https://github.com/karma-runner/karma/commit/63d86befd3431fe8e1500e22f4f115a3762d000a">63d86be</a>)</li> </ul> <h2>v6.4.0</h2> <h1><a href="https://github.com/karma-runner/karma/compare/v6.3.20...v6.4.0">6.4.0</a> (2022-06-14)</h1> <h3>Features</h3> <ul> <li>support SRI verification of link tags (<a href="https://github.com/karma-runner/karma/commit/dc51a2e0e9b9805f7740f52fde01bcd20adc2dfc">dc51a2e</a>)</li> <li>support SRI verification of script tags (<a href="https://github.com/karma-runner/karma/commit/6a54b1c2a1df8214c470b8a5cc8036912874637e">6a54b1c</a>)</li> </ul> <h2>v6.3.20</h2> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.19...v6.3.20">6.3.20</a> (2022-05-13)</h2> <h3>Bug Fixes</h3> <ul> <li>prefer IPv4 addresses when resolving domains (<a href="https://github.com/karma-runner/karma/commit/e17698f950af83bf2b3edc540d2a3e1fb73cba59">e17698f</a>), closes <a href="https://github-redirect.dependabot.com/karma-runner/karma/issues/3730">#3730</a></li> </ul> <h2>v6.3.19</h2> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.18...v6.3.19">6.3.19</a> (2022-04-19)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> error out when opening a new tab fails (<a href="https://github.com/karma-runner/karma/commit/099b85ed0a46e37dd7cb14fc1596cbb1b3eabce9">099b85e</a>)</li> </ul> <h2>v6.3.18</h2> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.17...v6.3.18">6.3.18</a> (2022-04-13)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> upgrade socket.io to v4.4.1 (<a href="https://github.com/karma-runner/karma/commit/52a30bbc6e168333a8592c26c9f40678d6ab74ea">52a30bb</a>)</li> </ul> <h2>v6.3.17</h2> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.16...v6.3.17">6.3.17</a> (2022-02-28)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update colors to maintained version (<a href="https://github-redirect.dependabot.com/karma-runner/karma/issues/3763">#3763</a>) (<a href="https://github.com/karma-runner/karma/commit/fca18843e7a04eeb67b86cb3cfc3db794d66f445">fca1884</a>)</li> </ul> <h2>v6.3.16</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/karma-runner/karma/blob/master/CHANGELOG.md">karma's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/karma-runner/karma/compare/v6.4.0...v6.4.1">6.4.1</a> (2022-09-19)</h2> <h3>Bug Fixes</h3> <ul> <li>pass integrity value (<a href="https://github.com/karma-runner/karma/commit/63d86befd3431fe8e1500e22f4f115a3762d000a">63d86be</a>)</li> </ul> <h1><a href="https://github.com/karma-runner/karma/compare/v6.3.20...v6.4.0">6.4.0</a> (2022-06-14)</h1> <h3>Features</h3> <ul> <li>support SRI verification of link tags (<a href="https://github.com/karma-runner/karma/commit/dc51a2e0e9b9805f7740f52fde01bcd20adc2dfc">dc51a2e</a>)</li> <li>support SRI verification of script tags (<a href="https://github.com/karma-runner/karma/commit/6a54b1c2a1df8214c470b8a5cc8036912874637e">6a54b1c</a>)</li> </ul> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.19...v6.3.20">6.3.20</a> (2022-05-13)</h2> <h3>Bug Fixes</h3> <ul> <li>prefer IPv4 addresses when resolving domains (<a href="https://github.com/karma-runner/karma/commit/e17698f950af83bf2b3edc540d2a3e1fb73cba59">e17698f</a>), closes <a href="https://github-redirect.dependabot.com/karma-runner/karma/issues/3730">#3730</a></li> </ul> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.18...v6.3.19">6.3.19</a> (2022-04-19)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> error out when opening a new tab fails (<a href="https://github.com/karma-runner/karma/commit/099b85ed0a46e37dd7cb14fc1596cbb1b3eabce9">099b85e</a>)</li> </ul> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.17...v6.3.18">6.3.18</a> (2022-04-13)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> upgrade socket.io to v4.4.1 (<a href="https://github.com/karma-runner/karma/commit/52a30bbc6e168333a8592c26c9f40678d6ab74ea">52a30bb</a>)</li> </ul> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.16...v6.3.17">6.3.17</a> (2022-02-28)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update colors to maintained version (<a href="https://github-redirect.dependabot.com/karma-runner/karma/issues/3763">#3763</a>) (<a href="https://github.com/karma-runner/karma/commit/fca18843e7a04eeb67b86cb3cfc3db794d66f445">fca1884</a>)</li> </ul> <h2><a href="https://github.com/karma-runner/karma/compare/v6.3.15...v6.3.16">6.3.16</a> (2022-02-10)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> mitigate the "Open Redirect Vulnerability" (<a href="https://github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d">ff7edbb</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/karma-runner/karma/commit/00131213bf337e563126611b06b79218a560dc9a"><code>0013121</code></a> chore(release): 6.4.1 [skip ci]</li> <li><a href="https://github.com/karma-runner/karma/commit/63d86befd3431fe8e1500e22f4f115a3762d000a"><code>63d86be</code></a> fix: pass integrity value</li> <li><a href="https://github.com/karma-runner/karma/commit/84f7cc3d4a0770337140776e86d9740e0aad82f8"><code>84f7cc3</code></a> chore(release): 6.4.0 [skip ci]</li> <li><a href="https://github.com/karma-runner/karma/commit/f2d0663105eba0b9ea7f281230546282a46015ad"><code>f2d0663</code></a> docs: add integrity parameter</li> <li><a href="https://github.com/karma-runner/karma/commit/dc51a2e0e9b9805f7740f52fde01bcd20adc2dfc"><code>dc51a2e</code></a> feat: support SRI verification of link tags</li> <li><a href="https://github.com/karma-runner/karma/commit/6a54b1c2a1df8214c470b8a5cc8036912874637e"><code>6a54b1c</code></a> feat: support SRI verification of script tags</li> <li><a href="https://github.com/karma-runner/karma/commit/5e71cf591e9006ad2621dd88d09739bfbffd463c"><code>5e71cf5</code></a> chore(release): 6.3.20 [skip ci]</li> <li><a href="https://github.com/karma-runner/karma/commit/e17698f950af83bf2b3edc540d2a3e1fb73cba59"><code>e17698f</code></a> fix: prefer IPv4 addresses when resolving domains</li> <li><a href="https://github.com/karma-runner/karma/commit/60f4f794ea8472e4ace8e5c2d8744f83078a1277"><code>60f4f79</code></a> build: add Node 16 and 18 to the CI matrix</li> <li><a href="https://github.com/karma-runner/karma/commit/6ff5aafe9578a5f958adf2d565d45e4b5d204245"><code>6ff5aaf</code></a> chore(release): 6.3.19 [skip ci]</li> <li>Additional commits viewable in <a href="https://github.com/karma-runner/karma/compare/v3.0.0...v6.4.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sureshsundar86/UI/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be still under discussion. The issue was opened by dependabot[bot] and has received 0 comments.
Add a comment
Comment form would go here