Bump the npm_and_yarn group across 1 directory with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: karma.

Updates karma from 1.3.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates body-parser from 1.15.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to [email protected] by @​wesleytodd in expressjs/body-parser#527
• deps: [email protected] by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

1.20.1

• deps: [email protected]
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

1.20.1 / 2022-10-06

• deps: [email protected]
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • deps: [email protected]

1.19.2 / 2022-02-15

• deps: [email protected]
• deps: [email protected]
  • Fix handling of __proto__ keys
• deps: [email protected]
  • deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: [email protected] (#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 0.1.5 to 1.8.5

Changelog

Sourced from braces's changelog.

[1.8.5] - 2016-05-21

• Refactor (#10)

[1.8.4] - 2016-04-20

• fixes jonschlinkert/micromatch#66

[1.8.0] - 2015-03-18

• adds exponent examples, tests
• fixes the first example in jonschlinkert/micromatch#38

[1.6.0] - 2015-01-30

• optimizations, bash mode:
• improve path escaping

[1.5.0] - 2015-01-28

• Merge pull request #5 from eush77/lib-files

[1.4.0] - 2015-01-24

• add extglob tests
• externalize exponent function
• better whitespace handling

[1.3.0] - 2015-01-24

• make regex patterns explicity

[1.1.0] - 2015-01-11

• don't create a match group with makeRe

[1.0.0] - 2014-12-23

• Merge commit '97b05f5544f8348736a8efaecf5c32bbe3e2ad6e'
• support empty brace syntax
• better bash coverage
• better support for regex strings

[0.1.4] - 2014-11-14

• improve recognition of bad args, recognize mismatched argument types
• support escaping
• remove pathname-expansion
• support whitespace in patterns

... (truncated)

Commits

• See full diff in compare view

Updates engine.io from 1.6.10 to 6.6.4

Release notes

Sourced from engine.io's releases.

[email protected]

The bump of the cookie dependency was reverted, as it drops support for older Node.js versions (< 14).

Dependencies

• ws@~8.17.1 (no change)

[email protected]

This release contains a bump of the cookie dependency.

Release notes: https://github.com/jshttp/cookie/releases/tag/v1.0.0

Dependencies

• ws@~8.17.1 (no change)

[email protected]

Bug Fixes

• correctly consume the ws package (#5220) (7fcddcb)

Dependencies

• ws@~8.17.1 (no change)

[email protected]

Bug Fixes

• types: remove ws type from .d.ts file (175a2c5)
• prevent infinite loop with Node.js built-in WebSocket (4865f2e)

Dependencies

• ws@~8.17.1 (no change)

[email protected]

This release contains a bump of the cookie dependency.

See also: GHSA-pxg6-pf52-xh8x

Dependencies

• ws@~8.17.1 (no change)

[email protected]

Bug Fixes

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by darrachequesne, a new releaser for engine.io since your current version.

Updates fsevents from 1.0.15 to 2.3.3

Release notes

Sourced from fsevents's releases.

Release v2.3.3

Released to npm as v2.3.3

Release v2.3.2

Released to npm as v2.3.2

Release v2.3.1

Released to npm as v2.3.1

Release contains universal binary for x86 & amd64 (m1) chips

Release v2.2.2

Released to npm as v2.2.2

Universal Binary Support x86-64 & amd64(m1)

Release v2.2.0

Electron Enabled (no static functions/variables)

Release v1.2.3

No release notes provided.

Release v2.1.2

No release notes provided.

2.1.0

Latest stable release

Release NAPI v2.0.6

Include essential files only.

Release NAPI v2.0.5

No release notes provided.

Release NAPI v2.0.4

No release notes provided.

Release NAPI v2.0.3

Moved NAPI version out of experimental.

NAPI release

No release notes provided.

deprecated

Fixing the API for chokidar since it was calling FSEvents as a constructor

deprecated

We have upgraded to N-API. For that reason we have also dropped support for node < 6.

For that reason, we have made this a major version bump so dependents have to opt in. The actual API remains entirely the same, so if you are depending on fsevents, it should be as simple as changing the version number in your package.json.

... (truncated)

Commits

• 2db891e Release v2.3.3
• 8ec87bf Update nodejs.yml (#392)
• c20c3af readme
• 63709df Merge pull request #384 from aleksanb/subdirs
• a77340f Handle MustScanSubDirs for large projects
• 66be519 Update README.md (#371)
• 2f2a858 Update README.md (#364)
• a7f5d00 Release v2.3.2
• fab136a fix: issue #355 (#356)
• 328ae39 Release v2.3.1
• Additional commits viewable in compare view

Updates http-proxy from 1.15.2 to 1.18.1

Release notes

Sourced from http-proxy's releases.

Long overdue maintenance

Due to some great contributions I'm happy to announce a new release of http-proxy containing numerous bug fixes, feature additions and documentation improvements. Thanks to all who contributed for their patience and willingness to contribute despite perceived stagnation in activity in the project. I welcome all contributions and those who are interested in getting more involved with the project. Below I will highlight the changes that landed in the latest version but you can find the full diff of the changes in nodejitsu/node-http-proxy#1251

• Add option to rewrite path of set-cookie headers. @​swillis12
• Add option for overriding http METHOD when proxying request @​AydinChavez
• Feature: selfHandleResponse for taking responsibility in returning your own response when listening on the proxyRes event. @​cpd0101 @​guoxiangyang
• Add followRedirects option @​n30n0v
• Document timeout option @​jlaamanen
• Fix documentation typos @​carpsareokiguess
• Document buffer option @​jonhunter1977
• Include websocket non-upgrade response instead of just closing the socket. Allows auth schemes to be possible with websocket proxying. @​Tigge
• Stop using the writeHead method explicitly and let node handle it internally to prevent thrown errors @​jakefurler
• Be more defensive in handling of detecting response state when proxying @​thiagobustamante

Changelog

Sourced from http-proxy's changelog.

v1.18.1 - 2020-05-17

Merged

• Skip sending the proxyReq event when the expect header is present [#1447](https://github.com/http-party/node-http-proxy/issues/1447)
• Remove node6 support, add node12 to build [#1397](https://github.com/http-party/node-http-proxy/issues/1397)

1.18.0 - 2019-09-18

Merged

• Added in auto-changelog module set to keepachangelog format [#1373](https://github.com/http-party/node-http-proxy/issues/1373)
• fix 'Modify Response' readme section to avoid unnecessary array copying [#1300](https://github.com/http-party/node-http-proxy/issues/1300)
• Fix incorrect target name for reverse proxy example [#1135](https://github.com/http-party/node-http-proxy/issues/1135)
• Fix modify response middleware example [#1139](https://github.com/http-party/node-http-proxy/issues/1139)
• [dist] Update dependency async to v3 [#1359](https://github.com/http-party/node-http-proxy/issues/1359)
• Fix path to local http-proxy in examples. [#1072](https://github.com/http-party/node-http-proxy/issues/1072)
• fix reverse-proxy example require path [#1067](https://github.com/http-party/node-http-proxy/issues/1067)
• Update README.md [#970](https://github.com/http-party/node-http-proxy/issues/970)
• [dist] Update dependency request to ~2.88.0 [SECURITY] [#1357](https://github.com/http-party/node-http-proxy/issues/1357)
• [dist] Update dependency eventemitter3 to v4 [#1365](https://github.com/http-party/node-http-proxy/issues/1365)
• [dist] Update dependency colors to v1 [#1360](https://github.com/http-party/node-http-proxy/issues/1360)
• [dist] Update all non-major dependencies [#1356](https://github.com/http-party/node-http-proxy/issues/1356)
• [dist] Update dependency agentkeepalive to v4 [#1358](https://github.com/http-party/node-http-proxy/issues/1358)
• [dist] Update dependency nyc to v14 [#1367](https://github.com/http-party/node-http-proxy/issues/1367)
• [dist] Update dependency concat-stream to v2 [#1363](https://github.com/http-party/node-http-proxy/issues/1363)
• x-forwarded-host overwrite for mutli level proxies [#1267](https://github.com/http-party/node-http-proxy/issues/1267)
• [refactor doc] Complete rename to http-party org. [#1362](https://github.com/http-party/node-http-proxy/issues/1362)
• Highlight correct lines for createProxyServer [#1117](https://github.com/http-party/node-http-proxy/issues/1117)
• Fix docs for rewrite options - 201 also handled [#1147](https://github.com/http-party/node-http-proxy/issues/1147)
• Update .nyc_output [#1339](https://github.com/http-party/node-http-proxy/issues/1339)
• Configure Renovate [#1355](https://github.com/http-party/node-http-proxy/issues/1355)
• [examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded [#1264](https://github.com/http-party/node-http-proxy/issues/1264)

Commits

• [dist] New test fixtures. 7e4a0e5
• [dist] End of an era. a9b09cc
• [dist] Version bump. 1.18.0 9bbe486
• [fix] Latest versions. 59c4403
• [fix test] Update tests. dd1d08b
• [dist] Update dependency ws to v3 [SECURITY] b00911c
• [dist] .gitattributes all the things. fc93520
• [dist] Regenerate package-lock.json. 16d4f8a

1.17.0 - 2018-04-20

Merged

• Fix overwriting of global options [#1074](https://github.com/http-party/node-http-proxy/issues/1074)

... (truncated)

Commits

• 9b96cd7 1.18.1
• 335aeeb Skip sending the proxyReq event when the expect header is present (#1447)
• dba3966 Remove node6 support, add node12 to build (#1397)
• 9bbe486 [dist] Version bump. 1.18.0
• 6e4bef4 Added in auto-changelog module set to keepachangelog format (#1373)
• d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)
• 244303b Fix incorrect target name for reverse proxy example (#1135)
• b4028ba Fix modify response middleware example (#1139)
• 77a9815 [dist] Update dependency async to v3 (#1359)
• c662f9e Fix path to local http-proxy in examples. (#1072)
• Additional commits viewable in compare view

Updates log4js from 0.6.38 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

• fix(7922e82): regex for stacktrace - thanks @​lamweili
  • addresses #1377 which has a regression since 6.8.0 from #1363 at commit 7922e82

6.9.0

• feat: support for idempotent logging on browser - thanks @​aellerton
  • addresses #968, #1270, #1288, #1372
• docs: added that log4js.getLogger() may call log4js.configure() - thanks @​lamweili

6.8.0

• feat: added log4js.isConfigured() API - thanks @​lamweili
  • docs: added log4js.isConfigured() - thanks @​lamweili
• feat(layout): support a specifier on %m - thanks @​lamweili
• fix: tilde expansion for windows - thanks @​lamweili
• docs: updated typescript usage - thanks @​lamweili
• test: improved test for fileAppender - thanks @​lamweili
• ci: generate coverage report in both text and html - thanks @​lamweili
• ci: replaced deprecated github set-output - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps): bump streamroller from 3.1.3 to 3.1.5
  • chore(deps): updated package-lock.json
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.3.0 to 17.4.4
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.3.0 to 17.4.4
  • chore(deps-dev): bump eslint from 8.28.0 to 8.34.0
  • chore(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0
  • chore(deps-dev): bump eslint-import-resolver-node from 0.3.6 to 0.3.7
  • chore(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.5
  • chore(deps-dev): bump fs-extra from 10.1.0 to 11.1.0
  • chore(deps-dev): bump husky from 8.0.2 to 8.0.3
  • chore(deps-dev): bump prettier from 2.8.0 to 2.8.4
  • chore(deps-dev): bump tap from 16.3.2 to 16.3.4
  • chore(deps-dev): bump typescript from 4.9.3 to 4.9.5
  • chore(deps-dev): updated package-lock.json
• chore(deps-dev): bump json5 from 1.0.1 to 1.0.2 - thanks @​Dependabot

6.7.1

• type: updated Configuration.levels type to allow for custom log levels - thanks @​lamweili
• docs: fixed typo in layouts.md - thanks @​dtslvr
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.1.2 to 17.3.0
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.1.0 to 17.3.0
  • chore(deps-dev): bump eslint from 8.24.0 to 8.28.0
  • chore(deps-dev): bump husky from 8.0.1 to 8.0.2
  • chore(deps-dev): bump prettier from 2.7.1 to 2.8.0
  • chore(deps-dev): bump tap from 16.3.0 to 16.3.2

... (truncated)

Commits

• 26dcec6 6.9.1
• 63ae5b9 Merge pull request #1379 from log4js-node/update-docs
• 185fa66 docs: updated changelog for 6.9.1
• ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
• 2628688 fix(7922e82): regex for stacktrace
• b3919d8 6.9.0
• 7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
• f89e7b6 docs: updated changelog for 6.9.0
• 0082928 Merge pull request #1375 from log4js-node/update-docs
• c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates mime from 1.3.4 to 2.6.0

Changelog

Sourced from mime's changelog.

2.6.0 (2021-11-02)

Features

• [email protected] (cef0cc4)

2.5.2 (2021-02-17)

Bug Fixes

• update to [email protected], fixes #253 (f10e6aa)

2.5.0 (2021-01-16)

Features

• improved CLI (#244) (c8a8356)

2.4.7 (2020-12-16)

Bug Fixes

• update to latest mime-db (43b09ef)

2.4.6 (2020-05-27)

Bug Fixes

• add cli.js to package.json files (#237) (6c070bc)

2.4.5 (2020-05-01)

Bug Fixes

• fix #236 (7f4ecd0)
• update to latest mime-db (c5cb3f2)

2.4.4 (2019-06-07)

2.4.3 (2019-05-15)

2.4.2 (2019-04-07)

Bug Fixes

• don't use arrow function introduced in 2.4.1 (2e00b5c)

2.4.1 (2019-04-03)

Bug Fixes

... (truncated)

Commits

• 7c7c265 chore(release): 2.6.0
• cef0cc4 feat: [email protected]
• 01a9524 chore: update outdated dependencies
• f5f2050 chore(deps): bump lodash from 4.17.15 to 4.17.21 (#258)
• 301a837 chore(deps): bump glob-parent from 5.1.1 to 5.1.2 (#259)
• f805834 chore: revert to [email protected] (for node 8 support)
• 29d52df chore(release): 2.5.2
• f10e6aa fix: update to [email protected], fixes #253
• 9847c9f Merge branch 'master' of github.com:broofa/mime
• c95d7ab chore(release): 2.5.0
• Additional commits viewable in compare view

Updates negotiator from 0.4.9 to 0.6.3

Release notes

Sourced from negotiator's releases.

0.6.3

• Revert "Lazy-load modules from main entry point"

0.6.2

• Fix sorting charset, encoding, and language with extra parameters

0.6.1

• perf: improve Accept parsing speed
• perf: improve Accept-Charset parsing speed
• perf: improve Accept-Encoding parsing speed
• perf: improve Accept-Language parsing speed

0.6.0

• Fix including type extensions in parameters in Accept parsing
• Fix parsing Accept parameters with quoted equals
• Fix parsing Accept parameters with quoted semicolons
• Lazy-load modules from main entry point
• perf: delay type concatenation until needed
• perf: enable strict mode
• perf: hoist regular expressions
• perf: remove closures getting spec properties
• perf: remove a closure from media type parsing
• perf: remove property delete from media type parsing

0.5.3

• Fix media type parameter matching to be case-insensitive

0.5.2

• Fix comparing media types with quoted values
• Fix splitting media types with quoted commas

0.5.1

• Fix preference sorting to be stable for long acceptable lists

0.5.0

• Fix list return order when large accepted list
• Fix missing identity encoding when q=0 exists
• Remove dynamic building of Negotiator class

Changelog

Sourced from negotiator's changelog.

0.6.3 / 2022-01-22

• Revert "Lazy-load modules from main entry point"

0.6.2 / 2019-04-29

• Fix sorting charset, encoding, and language with extra parameters

0.6.1 / 2016-05-02

• perf: improve Accept parsing speed
• perf: improve Accept-Charset parsing speed
• perf: improve Accept-Encoding parsing speed
• perf: improve Accept-Language parsing speed

0.6.0 / 2015-09-29

• Fix including type extensions in parameters in Accept parsing
• Fix parsing Accept parameters with quoted equals
• Fix parsing Accept parameters with quoted semicolons
• Lazy-load modules from main entry point
• perf: delay type concatenation until needed
• perf: enable strict mode
• perf: hoist regular expressions
• perf: remove closures getting spec properties
• perf: remove a closure from media type parsing
• perf: remove property delete from media type parsing

0.5.3 / 2015-05-10

• Fix media type parameter matching to be case-insensitive

0.5.2 / 2015-05-06

• Fix comparing media types with quoted values
• Fix splitting media types with quoted commas

0.5.1 / 2015-02-14

• Fix preference sorting to be stable for long acceptable lists

0.5.0 / 2014-12-18

... (truncated)

Commits

• 40a5acb 0.6.3
• 438a9bc Revert "Lazy-load modules from main entry point"
• 6e155dd build: [email protected]
• 13be933 build: support Node.js 17.x
• cb7e172 build: [email protected]
• 94144c6 build: [email protected]
• 497d303 build: [email protected]
• aea24f0 build: [email protected]
• b6a5e5a build: use GitHub Actions instead of Travis CI
• a42215a lint: split variable declarations
• Additional commits viewable in compare view

Updates socket.io-parser from 2.2.2 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

Links

• Diff: socketio/socket.io-parser@4.2.3...4.2.4

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (3b78117)

Links

• Diff: socketio/socket.io-parser@4.2.2...4.2.3

4.2.2

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

Links

• Diff: socketio/socket.io-parser@4.2.1...4.2.2

4.2.1

Bug Fixes

• check the format of the index of each attachment (b5d0cb7)

Links

• Diff: socketio/socket.io-parser@4.2.0...4.2.1

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

• check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

• check the format of the event name (3b78117)

4.2.2 (2023-01-19)

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

3.3.3 (2022-11-09)

Bug Fixes

• check the format of the index of each attachment (fb21e42)

3.4.2 (2022-11-09)

... (truncated)

Commits

• 164ba2a chore(release): 4.2.4
• b0e6400 fix: properly detect plain objects
• d9db473 fix: ensure reserved events cannot be used as event names
• 6a5a004 docs(changelog): include changelog for release 3.4.3
• b6c824f chore(release): 4.2.3
• dcc70d9 refactor: export typescript declarations for the commonjs build
• 3b78117 fix: check the format of the event name
• 0841bd5 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121)
• 28dd668 chore(release): 4.2.2
• 22c42e3 fix: calling destroy() should clear all internal state
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by darrachequesne, a new releaser for socket.io-parser since your current version.

Updates socket.io from 1.4.7 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

• engine.io@~6.6.0 (no change)
• ws@~8.17.1 (no change)

[email protected]

Bug Fixes

• bundle: do not mangle the "_placeholder" attribute (