Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/engine.io-client
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1097056
Choose a base ref
...
head repository: socketio/engine.io-client
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 454940d
Choose a head ref
  • 10 commits
  • 17 files changed
  • 4 contributors

Commits on Sep 13, 2023

  1. docs: add note about the agent option 

    Related: #708
    @darrachequesne
    darrachequesne committed Sep 13, 2023
    Configuration menu
    Copy the full SHA
    3dcb88c View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2023

  1. fix: improve compatibility with node16 module resolution (#711) 

    Related:

- microsoft/TypeScript#46770 (comment)
- socketio/socket.io-client#1589
    @tylerbutler
    tylerbutler authored Nov 6, 2023
    Configuration menu
    Copy the full SHA
    46ef851 View commit details
    Browse the repository at this point in the history

  2. refactor: export TransportError (#709)

    @jbaldassari
    jbaldassari authored Nov 6, 2023
    Configuration menu
    Copy the full SHA
    c1795ef View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2023

  1. chore: bump @babel/traverse from 7.12.9 to 7.23.2 (#712) 

    Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.12.9 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 9, 2023
    Configuration menu
    Copy the full SHA
    f2aca29 View commit details
    Browse the repository at this point in the history

  2. chore: bump browserify-sign from 4.2.1 to 4.2.2 (#713) 

    Bumps [browserify-sign](https://github.com/crypto-browserify/browserify-sign) from 4.2.1 to 4.2.2.
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.2.1...v4.2.2)

---
updated-dependencies:
- dependency-name: browserify-sign
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 9, 2023
    Configuration menu
    Copy the full SHA
    8d86e0d View commit details
    Browse the repository at this point in the history

  3. fix: add a maximum length for the URL 

    The regular expression used to parse the URL provided by the user has a
time complexity of O(n^2), hence the length limitation.

Please note that this does not seem realistically exploitable, as an
attacker would have to be able to provide a malicious URL to the user
and inject it in the Engine.IO client.

We could also have:

- modified the regex, but there are a lot of edge cases and the current test coverage is probably not sufficient
- use the built-in URL object, but we would have to add a polyfill for old platforms like IE

Thanks to Young-jin Hwang from the Soonchunhyang University for the
responsible disclosure.
    @darrachequesne
    darrachequesne committed Nov 9, 2023
    Configuration menu
    Copy the full SHA
    707597d View commit details
    Browse the repository at this point in the history

  4. ci: add Node.js 20 in the test matrix 

    Reference: https://github.com/nodejs/Release
    @darrachequesne
    darrachequesne committed Nov 9, 2023
    Configuration menu
    Copy the full SHA
    ef9ad7d View commit details
    Browse the repository at this point in the history

  5. chore(release): 6.5.3 

    Diff: 6.5.2...6.5.3
    @darrachequesne
    darrachequesne committed Nov 9, 2023
    Configuration menu
    Copy the full SHA
    fa47916 View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2024

  1. chore: bump ws to version 8.17.1 

    Includes the following security fix: websockets/ws@e55e510

Advisory: GHSA-3h5v-q93c-6h6q
Diff: websockets/ws@8.11.0...8.17.1
    @darrachequesne
    darrachequesne committed Jun 18, 2024
    Configuration menu
    Copy the full SHA
    0eb956b View commit details
    Browse the repository at this point in the history

  2. chore(release): 6.5.4 

    Diff: 6.5.3...6.5.4
    @darrachequesne
    darrachequesne committed Jun 18, 2024
    Configuration menu
    Copy the full SHA
    454940d View commit details
    Browse the repository at this point in the history
Loading