Bump engine.io from 6.2.0 to 6.2.1 #3860

dependabot · 2022-11-22T06:38:34Z

Bumps engine.io from 6.2.0 to 6.2.1.

Release notes

6.2.1

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}
Please upgrade as soon as possible.

Bug Fixes

catch errors when destroying invalid upgrades (#658) (425e833)

Changelog

Sourced from engine.io's changelog.

6.2.1 (2022-11-20)

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}
Please upgrade as soon as possible.

Bug Fixes

catch errors when destroying invalid upgrades (#658) (425e833)

3.6.0 (2022-06-06)

Bug Fixes

add extension in the package.json main entry (#608) (3ad0567)

do not reset the ping timer after upgrade (1f5d469), closes socketio/socket.io-client-swift#1309

Features

decrease the default value of maxHttpBufferSize (58e274c)

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

See also: GHSA-j4f2-536g-r55m

increase the default value of pingTimeout (f55a79a)

Commits

24b847b chore(release): 6.2.1
425e833 fix: catch errors when destroying invalid upgrades (#658)
99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
535a01d ci: add Node.js 18 in the test matrix
1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
020801a chore: add changelog for version 3.6.0
ed1d6f9 test: make test script work on Windows (#643)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [engine.io](https://github.com/socketio/engine.io) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md) - [Commits](socketio/engine.io@6.2.0...6.2.1) --- updated-dependencies: - dependency-name: engine.io dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2022-11-30T19:24:17Z

Thank you for your contribution! Your pull request is merged, but may take a day or two to appear on the site.

* Wisepops Destination (#3859) * WIS-1670 Write Wisepops destination documentation * WIS-1670 Add warning title * WIS-1670 Update Wisepops documentation * WIS-1670 Fix typo * WIS-1670 Remove brands * fixes * Added metadata for actions and presets * Update src/connections/destinations/catalog/actions-wisepops/index.md Co-authored-by: Boris Hocdé <boris.hocde@gmail.com> * Fix private destination yaml Co-authored-by: boris <boris@wisepops.com> Co-authored-by: markzegarelli <mark.zegarelli@segment.com> Co-authored-by: Boris Hocdé <boris.hocde@gmail.com> * update 1flow destination name (#3866) * update 1flow destination name * Hide and unpublish old page * Add redirect Co-authored-by: markzegarelli <mark.zegarelli@segment.com> * Change name of Akita destination (#3871) * Change name of Akita destination * Fix auto formatting * Add docs for new Insider source (#3870) * Add docs for new Insider source * edits Co-authored-by: markzegarelli <mark.zegarelli@segment.com> * Update link for helpscout destination (#3875) * Bump loader-utils from 1.4.1 to 1.4.2 (#3867) Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update android-faqs.md (#3878) * Update android-faqs.md * Edits, remove image Co-authored-by: markzegarelli <mark.zegarelli@segment.com> * Functions edit (#3872) * Actions Pipedrive (#3857) * Added documentation for Actions Pipedrive * fixes * vale * Add metadata * Remove hardcoded action details [netlify-build] Co-authored-by: Max Strelnikov <max.strelnikov@pipedrive.com> Co-authored-by: markzegarelli <mark.zegarelli@segment.com> * Catalog update (#3879) * Audiences clarification * Minor fixes on Wisepops destination documentation (#3892) * WIS-1670 Remove link to missing section available presets * WIS-1670 Escape curly brackets * WIS-1670 Update group plan image * WIS-1670 Refer to Wisepops monthly quota * WIS-1670 Escape liquid tag * Added image to better illustrate the configuration of a Person Account (#3890) * Add required event field in example Track payload (#3889) * Remove link to private repository (#3888) * Remove images from doc, vale edits (#3887) * Add traits section for insider source (#3886) * Update data-export-options.md (#3884) removed double basic * Remove image from LinkedIn Audience docs (#3882) * Bump minimatch from 3.0.4 to 3.1.2 (#3876) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump engine.io from 6.2.0 to 6.2.1 (#3860) Bumps [engine.io](https://github.com/socketio/engine.io) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md) - [Commits](socketio/engine.io@6.2.0...6.2.1) --- updated-dependencies: - dependency-name: engine.io dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add proxy docs (#3895) Co-authored-by: Niall Brennan <niall.brennan@segment.com> * Catalog update (#3896) * Updated navbar, footer, and favicon (#3894) * Updated navbar, footer, and favicon * Update green color [netlify-build] * Revert color changes Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Segment Docs Robot <73141528+bot-docsteam@users.noreply.github.com> Co-authored-by: stayseesong <83784848+stayseesong@users.noreply.github.com> Co-authored-by: boris <boris@wisepops.com> Co-authored-by: Boris Hocdé <boris.hocde@gmail.com> Co-authored-by: Thomas Gilbert <64277654+tcgilbert@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: david morton <110892780+daveo237@users.noreply.github.com> Co-authored-by: rchinn-segment <93161299+rchinn-segment@users.noreply.github.com> Co-authored-by: Max Strelnikov <max.strelnikov@pipedrive.com> Co-authored-by: rchinn-segment <ryan.chinn@segment.com> Co-authored-by: Manning Peterson <mpeterson@twilio.com> Co-authored-by: kdaswani <49517136+kdaswani@users.noreply.github.com> Co-authored-by: Niall Brennan <niallbrennan87@gmail.com> Co-authored-by: Niall Brennan <niall.brennan@segment.com>

dependabot bot requested a review from a team as a code owner November 22, 2022 06:38

dependabot bot requested review from markzegarelli and removed request for a team November 22, 2022 06:38

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 22, 2022

dependabot bot force-pushed the dependabot/npm_and_yarn/engine.io-6.2.1 branch from b3570f2 to 9d59cf5 Compare November 28, 2022 22:38

markzegarelli approved these changes Nov 30, 2022

View reviewed changes

markzegarelli merged commit 50485b2 into develop Nov 30, 2022

markzegarelli deleted the dependabot/npm_and_yarn/engine.io-6.2.1 branch November 30, 2022 19:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump engine.io from 6.2.0 to 6.2.1 #3860

Bump engine.io from 6.2.0 to 6.2.1 #3860

Uh oh!

dependabot bot commented on behalf of github Nov 22, 2022 •

edited

Loading

Uh oh!

github-actions bot commented Nov 30, 2022

Uh oh!

Uh oh!

Bump engine.io from 6.2.0 to 6.2.1 #3860

Bump engine.io from 6.2.0 to 6.2.1 #3860

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 22, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

6.2.1

Bug Fixes

6.2.1 (2022-11-20)

Bug Fixes

3.6.0 (2022-06-06)

Bug Fixes

Features

Uh oh!

github-actions bot commented Nov 30, 2022

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Nov 22, 2022 •

edited

Loading