From e63f181ee71e1463fd8e948df9d226dd0ea40456 Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Thu, 21 Nov 2024 08:02:44 +0100
Subject: [PATCH 1/3] refactor(eio): import types from @types/cookie

---
 package-lock.json                        | 12 +---
 packages/engine.io/lib/server.ts         |  2 +-
 packages/engine.io/lib/types/cookie.d.ts | 82 ++++++++++++++++++++++++
 packages/engine.io/package.json          |  1 -
 4 files changed, 86 insertions(+), 11 deletions(-)
 create mode 100644 packages/engine.io/lib/types/cookie.d.ts

diff --git a/package-lock.json b/package-lock.json
index f0b8ca918d..e148842805 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2823,11 +2823,6 @@
         "@types/responselike": "^1.0.0"
       }
     },
-    "node_modules/@types/cookie": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
-      "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q=="
-    },
     "node_modules/@types/cors": {
       "version": "2.8.17",
       "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -15514,7 +15509,6 @@
       "version": "6.6.2",
       "license": "MIT",
       "dependencies": {
-        "@types/cookie": "^0.4.1",
         "@types/cors": "^2.8.12",
         "@types/node": ">=10.0.0",
         "accepts": "~1.3.4",
@@ -15530,7 +15524,7 @@
       }
     },
     "packages/engine.io-client": {
-      "version": "6.6.1",
+      "version": "6.6.2",
       "license": "MIT",
       "dependencies": {
         "@socket.io/component-emitter": "~3.1.0",
@@ -15572,7 +15566,7 @@
       }
     },
     "packages/socket.io": {
-      "version": "4.8.0",
+      "version": "4.8.1",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.4",
@@ -15596,7 +15590,7 @@
       }
     },
     "packages/socket.io-client": {
-      "version": "4.8.0",
+      "version": "4.8.1",
       "license": "MIT",
       "dependencies": {
         "@socket.io/component-emitter": "~3.1.0",
diff --git a/packages/engine.io/lib/server.ts b/packages/engine.io/lib/server.ts
index 0e3ae063ef..fa9147dfb5 100644
--- a/packages/engine.io/lib/server.ts
+++ b/packages/engine.io/lib/server.ts
@@ -12,7 +12,7 @@ import type {
   Server as HttpServer,
   ServerResponse,
 } from "http";
-import type { CookieSerializeOptions } from "cookie";
+import type { CookieSerializeOptions } from "./types/cookie";
 import type { CorsOptions, CorsOptionsDelegate } from "cors";
 import type { Duplex } from "stream";
 import { WebTransport } from "./transports/webtransport";
diff --git a/packages/engine.io/lib/types/cookie.d.ts b/packages/engine.io/lib/types/cookie.d.ts
new file mode 100644
index 0000000000..e5aa5b9754
--- /dev/null
+++ b/packages/engine.io/lib/types/cookie.d.ts
@@ -0,0 +1,82 @@
+// imported from `cookie@1.0.2` (https://www.npmjs.com/package/cookie/v/1.0.2)
+
+/**
+ * Serialize options.
+ */
+export interface CookieSerializeOptions {
+  /**
+   * Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
+   * Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode
+   * a value into a string suited for a cookie's value, and should mirror `decode` when parsing.
+   *
+   * @default encodeURIComponent
+   */
+  encode?: (str: string) => string;
+  /**
+   * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2).
+   *
+   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
+   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+   * so if both are set, they should point to the same date and time.
+   */
+  maxAge?: number;
+  /**
+   * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1).
+   * When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over.
+   *
+   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
+   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+   * so if both are set, they should point to the same date and time.
+   */
+  expires?: Date;
+  /**
+   * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3).
+   * When no domain is set clients consider the cookie to apply to the current domain only.
+   */
+  domain?: string;
+  /**
+   * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+   * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
+   */
+  path?: string;
+  /**
+   * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6).
+   * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`.
+   */
+  httpOnly?: boolean;
+  /**
+   * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5).
+   * When enabled, clients will only send the cookie back if the browser has a HTTPS connection.
+   */
+  secure?: boolean;
+  /**
+   * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/).
+   * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches.
+   *
+   * This is an attribute that has not yet been fully standardized, and may change in the future.
+   * This also means clients may ignore this attribute until they understand it. More information
+   * about can be found in [the proposal](https://github.com/privacycg/CHIPS).
+   */
+  partitioned?: boolean;
+  /**
+   * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
+   *
+   * - `'low'` will set the `Priority` attribute to `Low`.
+   * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+   * - `'high'` will set the `Priority` attribute to `High`.
+   *
+   * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
+   */
+  priority?: "low" | "medium" | "high";
+  /**
+   * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
+   *
+   * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+   * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
+   * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
+   * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+   *
+   * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
+   */
+  sameSite?: boolean | "lax" | "strict" | "none";
+}
diff --git a/packages/engine.io/package.json b/packages/engine.io/package.json
index 6c126c6b71..58824dce5e 100644
--- a/packages/engine.io/package.json
+++ b/packages/engine.io/package.json
@@ -31,7 +31,6 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@types/cookie": "^0.4.1",
     "@types/cors": "^2.8.12",
     "@types/node": ">=10.0.0",
     "accepts": "~1.3.4",

From 48b94da1df3ebcbcf5e998c7b2061486485c234d Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Thu, 21 Nov 2024 08:16:43 +0100
Subject: [PATCH 2/3] fix

---
 packages/engine.io/lib/types/{cookie.d.ts => cookie.ts} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename packages/engine.io/lib/types/{cookie.d.ts => cookie.ts} (100%)

diff --git a/packages/engine.io/lib/types/cookie.d.ts b/packages/engine.io/lib/types/cookie.ts
similarity index 100%
rename from packages/engine.io/lib/types/cookie.d.ts
rename to packages/engine.io/lib/types/cookie.ts

From 1f627638b8125891c5aaa5eae16ebbbcc00042d0 Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Thu, 21 Nov 2024 08:41:37 +0100
Subject: [PATCH 3/3] upgrade to cookie@1

---
 package-lock.json                      | 10 ++--
 packages/engine.io/lib/server.ts       |  4 +-
 packages/engine.io/lib/types/cookie.ts | 82 --------------------------
 packages/engine.io/package.json        |  2 +-
 4 files changed, 8 insertions(+), 90 deletions(-)
 delete mode 100644 packages/engine.io/lib/types/cookie.ts

diff --git a/package-lock.json b/package-lock.json
index e148842805..c46fc4801b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5756,11 +5756,11 @@
       "dev": true
     },
     "node_modules/cookie": {
-      "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz",
+      "integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==",
       "engines": {
-        "node": ">= 0.6"
+        "node": ">=18"
       }
     },
     "node_modules/cookie-signature": {
@@ -15513,7 +15513,7 @@
         "@types/node": ">=10.0.0",
         "accepts": "~1.3.4",
         "base64id": "2.0.0",
-        "cookie": "~0.7.2",
+        "cookie": "~1.0.2",
         "cors": "~2.8.5",
         "debug": "~4.3.1",
         "engine.io-parser": "~5.2.1",
diff --git a/packages/engine.io/lib/server.ts b/packages/engine.io/lib/server.ts
index fa9147dfb5..b3c708eed2 100644
--- a/packages/engine.io/lib/server.ts
+++ b/packages/engine.io/lib/server.ts
@@ -6,13 +6,13 @@ import { EventEmitter } from "events";
 import { Socket } from "./socket";
 import debugModule from "debug";
 import { serialize } from "cookie";
+import type { SerializeOptions } from "cookie";
 import { Server as DEFAULT_WS_ENGINE } from "ws";
 import type {
   IncomingMessage,
   Server as HttpServer,
   ServerResponse,
 } from "http";
-import type { CookieSerializeOptions } from "./types/cookie";
 import type { CorsOptions, CorsOptionsDelegate } from "cors";
 import type { Duplex } from "stream";
 import { WebTransport } from "./transports/webtransport";
@@ -123,7 +123,7 @@ export interface ServerOptions {
    * might be used for sticky-session. Defaults to not sending any cookie.
    * @default false
    */
-  cookie?: (CookieSerializeOptions & { name: string }) | boolean;
+  cookie?: (SerializeOptions & { name: string }) | boolean;
   /**
    * the options that will be forwarded to the cors module
    */
diff --git a/packages/engine.io/lib/types/cookie.ts b/packages/engine.io/lib/types/cookie.ts
deleted file mode 100644
index e5aa5b9754..0000000000
--- a/packages/engine.io/lib/types/cookie.ts
+++ /dev/null
@@ -1,82 +0,0 @@
-// imported from `cookie@1.0.2` (https://www.npmjs.com/package/cookie/v/1.0.2)
-
-/**
- * Serialize options.
- */
-export interface CookieSerializeOptions {
-  /**
-   * Specifies a function that will be used to encode a [cookie-value](https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1).
-   * Since value of a cookie has a limited character set (and must be a simple string), this function can be used to encode
-   * a value into a string suited for a cookie's value, and should mirror `decode` when parsing.
-   *
-   * @default encodeURIComponent
-   */
-  encode?: (str: string) => string;
-  /**
-   * Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.2).
-   *
-   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
-   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
-   * so if both are set, they should point to the same date and time.
-   */
-  maxAge?: number;
-  /**
-   * Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.1).
-   * When no expiration is set clients consider this a "non-persistent cookie" and delete it the current session is over.
-   *
-   * The [cookie storage model specification](https://tools.ietf.org/html/rfc6265#section-5.3) states that if both `expires` and
-   * `maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
-   * so if both are set, they should point to the same date and time.
-   */
-  expires?: Date;
-  /**
-   * Specifies the value for the [`Domain` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.3).
-   * When no domain is set clients consider the cookie to apply to the current domain only.
-   */
-  domain?: string;
-  /**
-   * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
-   * When no path is set, the path is considered the ["default path"](https://tools.ietf.org/html/rfc6265#section-5.1.4).
-   */
-  path?: string;
-  /**
-   * Enables the [`HttpOnly` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.6).
-   * When enabled, clients will not allow client-side JavaScript to see the cookie in `document.cookie`.
-   */
-  httpOnly?: boolean;
-  /**
-   * Enables the [`Secure` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.5).
-   * When enabled, clients will only send the cookie back if the browser has a HTTPS connection.
-   */
-  secure?: boolean;
-  /**
-   * Enables the [`Partitioned` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/).
-   * When enabled, clients will only send the cookie back when the current domain _and_ top-level domain matches.
-   *
-   * This is an attribute that has not yet been fully standardized, and may change in the future.
-   * This also means clients may ignore this attribute until they understand it. More information
-   * about can be found in [the proposal](https://github.com/privacycg/CHIPS).
-   */
-  partitioned?: boolean;
-  /**
-   * Specifies the value for the [`Priority` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
-   *
-   * - `'low'` will set the `Priority` attribute to `Low`.
-   * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
-   * - `'high'` will set the `Priority` attribute to `High`.
-   *
-   * More information about priority levels can be found in [the specification](https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1).
-   */
-  priority?: "low" | "medium" | "high";
-  /**
-   * Specifies the value for the [`SameSite` `Set-Cookie` attribute](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
-   *
-   * - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
-   * - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
-   * - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
-   * - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
-   *
-   * More information about enforcement levels can be found in [the specification](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7).
-   */
-  sameSite?: boolean | "lax" | "strict" | "none";
-}
diff --git a/packages/engine.io/package.json b/packages/engine.io/package.json
index 58824dce5e..c7b3bb154f 100644
--- a/packages/engine.io/package.json
+++ b/packages/engine.io/package.json
@@ -35,7 +35,7 @@
     "@types/node": ">=10.0.0",
     "accepts": "~1.3.4",
     "base64id": "2.0.0",
-    "cookie": "~0.7.2",
+    "cookie": "~1.0.2",
     "cors": "~2.8.5",
     "debug": "~4.3.1",
     "engine.io-parser": "~5.2.1",