This should fix a rare case where the Engine.IO connection was upgraded
to WebSocket while the Socket.IO socket was disconnected, which would
result in the following exception:
> TypeError: Cannot read properties of undefined (reading 'forEach')
> at subscribe (/node_modules/socket.io/dist/uws.js:87:11)
> at Socket.<anonymous> (/node_modules/socket.io/dist/uws.js:28:17)
> at Socket.emit (node:events:402:35)
> at WebSocket.onPacket (/node_modules/engine.io/build/socket.js:214:22)
> at WebSocket.emit (node:events:390:28)
> at WebSocket.onPacket (/node_modules/engine.io/build/transport.js:92:14)
> at WebSocket.onData (/node_modules/engine.io/build/transport.js:101:14)
> at message (/node_modules/engine.io/build/userver.js:56:30)
Related: https://github.com/socketio/socket.io/issues/4443
A specially crafted packet could be incorrectly decoded.
Example:
```js
const decoder = new Decoder();
decoder.on("decoded", (packet) => {
console.log(packet.data); // prints [ 'hello', [Function: splice] ]
})
decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]');
decoder.add(Buffer.from("world"));
```
As usual, please remember not to trust user input.
For some reason, the lockfile was not in sync anymore with the
package.json file:
> `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync.
That may be linked to a new version of Node.js (v16.15.1).
We could also split the declaration of RawData with the "browser"
field:
```
// for Node.js
export type RawData = string | Buffer | ArrayBuffer | ArrayBufferView; // no Blob
// for the browser
export type RawData = string | ArrayBuffer | ArrayBufferView | Blob; // no Buffer
```
But it does not seem supported by the TypeScript compiler, so we'll
revert to just using "any" for now.
Related: https://github.com/socketio/engine.io-parser/issues/128
This feature was added in `socket.io@4.5.0`:
```js
io.timeout(1000).emit("some-event", (err, responses) => {
// ...
});
```
Thanks to this change, it will now work with multiple Socket.IO
servers.
Related: https://github.com/socketio/socket.io/issues/4163
This is similar to `onAny()`, but for outgoing packets.
Syntax:
```js
socket.onAnyOutgoing((event, ...args) => {
console.log(event);
});
```
Related: 531104d332
This commit allows to:
- provide an ESM version of those modules ([1])
- reduce the attack surface in case of supply chain attacks
- reduce the size of the bundle with tree-shaking
As a downside, we won't receive security updates for those modules
anymore.
[1]: socketio/socket.io-client#1536
Related: df32277c3f
The "disconnect" event will now include additional details to help
debugging if anything has gone wrong.
Example when a payload is over the maxHttpBufferSize value in HTTP
long-polling mode:
```js
socket.on("disconnect", (reason, details) => {
console.log(reason); // "transport error"
// in that case, details is an error object
console.log(details.message); "xhr post error"
console.log(details.description); // 413 (the HTTP status of the response)
// details.context refers to the XMLHttpRequest object
console.log(details.context.status); // 413
console.log(details.context.responseText); // ""
});
```
Related: b9252e2074
