github/socket.io
1
1
Fork 0
mirror of https://github.com/socketio/socket.io.git synced 2026-01-13 00:48:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
198 Commits 24 Branches 205 Tags
socket.io-parser@4.2.4
Commit Graph

198 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Arrachequesne
164ba2a11e chore(release): 4.2.4 
Diff: https://github.com/socketio/socket.io-parser/compare/4.2.3...4.2.4
socket.io-parser@4.2.4 		2023-05-31 10:56:08 +02:00
Damien Arrachequesne
b0e6400c93 fix: properly detect plain objects 
The typeof check was not sufficient, as it also matches arrays and
nulls.
 2023-05-31 10:44:05 +02:00
Damien Arrachequesne
d9db4737a3 fix: ensure reserved events cannot be used as event names 2023-05-31 08:29:52 +02:00
Damien Arrachequesne
6a5a004d1e docs(changelog): include changelog for release 3.4.3 2023-05-22 10:06:05 +02:00
Damien Arrachequesne
b6c824f824 chore(release): 4.2.3 
Diff: https://github.com/socketio/socket.io-parser/compare/4.2.2...4.2.3
 2023-05-22 08:25:34 +02:00
Damien Arrachequesne
dcc70d9678 refactor: export typescript declarations for the commonjs build 
Related: https://github.com/socketio/socket.io/issues/4621#issuecomment-1551853243
 2023-05-22 08:25:34 +02:00
Damien Arrachequesne
3b78117bf6 fix: check the format of the event name 
A packet like '2[{"toString":"foo"}]' was decoded as:

{
  type: EVENT,
  data: [ { "toString": "foo" } ]
}

Which would then throw an error when passed to the EventEmitter class:

> TypeError: Cannot convert object to primitive value
>    at Socket.emit (node:events:507:25)
>    at .../node_modules/socket.io/lib/socket.js:531:14

History of the isPayloadValid() method:

- added in [78f9fc2](78f9fc2999) (v4.0.1, socket.io@3.0.0)
- updated in [1c220dd](1c220ddbf4) (v4.0.4, socket.io@3.1.0)
 2023-05-22 08:25:33 +02:00
dependabot[bot]
0841bd5623 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121) 
Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 1.0.32 to 1.0.33.
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/changelog.md)
- [Commits](https://github.com/faisalman/ua-parser-js/compare/1.0.32...1.0.33)

---
updated-dependencies:
- dependency-name: ua-parser-js
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-25 07:23:55 +01:00
Damien Arrachequesne
28dd668502 chore(release): 4.2.2 
Diff: https://github.com/socketio/socket.io-parser/compare/4.2.1...4.2.2
 2023-01-19 10:43:49 +01:00
Damien Arrachequesne
22c42e3545 fix: calling destroy() should clear all internal state 
If a client was in the process of receiving some binary attachments
when the connection was abruptly closed, then the manager would call
`decoder.destroy()` ([1]) but was then stuck in a "parse error" loop
upon reconnection (since it expected a binary attachment and not a
CONNECT packet).

[1]: a1c528b089/lib/manager.ts (L520)
 2023-01-19 10:16:42 +01:00
Damien Arrachequesne
ae8dd88995 fix: do not modify the input packet upon encoding 
Note: this issue has existed since Socket.IO v1.0 (see [1]), because
the `deconstructPacket()` method also mutates its input argument.

This also explains why some adapters (like [2]) need to use
`process.nextTick()` when extending the `broadcast()` method, because
`Adapter.broadcast()` calls `Encoder.encode()` ([3]).

Related:

- https://github.com/socketio/socket.io/issues/4374
- https://github.com/socketio/socket.io-mongo-adapter/issues/10

[1]: 299849b002
[2]: https://github.com/socketio/socket.io-postgres-adapter/blob/0.3.0/lib/index.ts#L587-L590
[3]: https://github.com/socketio/socket.io-adapter/blob/2.4.0/lib/index.ts#L148
 2023-01-19 10:06:13 +01:00
Damien Arrachequesne
9143aa4c8e chore: update browserslist 2022-11-15 10:34:46 +01:00
Damien Arrachequesne
194a9b762e ci: migrate from zuul to webdriver.io 
zuul is now archived [1] and does not support the new W3C WebDriver
protocol, since it relies on the wd package [2] under the hood, which
uses the (now deprecated) JSON Wire Protocol.

We will now use the webdriver.io test framework, which allows to run
our tests in local and on Sauce Labs (cross-browser and mobile tests).
This allows us to run our tests on latest versions of Android and iOS,
since Sauce Labs only supports the W3C WebDriver protocol for these
platforms ([3]).

[1]: https://github.com/defunctzombie/zuul
[2]: https://github.com/admc/wd
[3]: https://docs.saucelabs.com/dev/w3c-webdriver-capabilities/
 2022-11-15 10:13:08 +01:00
Dirk Stolle
a9758da4be ci: update actions in GitHub Actions workflows (#117) 2022-11-15 10:02:20 +01:00
Damien Arrachequesne
f0af8834f8 docs: add missing versions in the changelog 
Related: https://github.com/advisories/GHSA-qm95-pgcg-qqfq
 2022-11-09 11:42:23 +01:00
Damien Arrachequesne
5a2ccff9d1 chore(release): 4.2.1 
Diff: https://github.com/socketio/socket.io-parser/compare/4.2.0...4.2.1
 2022-06-27 15:42:25 +02:00
Damien Arrachequesne
b5d0cb7dc5 fix: check the format of the index of each attachment 
A specially crafted packet could be incorrectly decoded.

Example:

```js
const decoder = new Decoder();

decoder.on("decoded", (packet) => {
  console.log(packet.data); // prints [ 'hello', [Function: splice] ]
})

decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]');
decoder.add(Buffer.from("world"));
```

As usual, please remember not to trust user input.
 2022-06-27 15:39:24 +02:00
Damien Arrachequesne
c7514b5aa6 chore(release): 4.2.0 
Diff: https://github.com/socketio/socket.io-parser/compare/4.1.2...4.2.0
 2022-04-18 00:26:27 +02:00
Damien Arrachequesne
931f1526a4 chore: add Node.js 16 in the test matrix 
See also: https://github.com/nodejs/Release
 2022-04-18 00:21:14 +02:00
Damien Arrachequesne
6c9cb27aeb chore: bump @socket.io/component-emitter to version 3.1.0 
Related: https://github.com/socketio/socket.io-client/issues/1536
 2022-04-18 00:20:17 +02:00
David Pfeffer
b08bc1a93e feat: allow the usage of custom replacer and reviver (#112) 
Co-authored-by: Mocanu Cristian <mocanu.cristian93@gmail.com>
 2022-04-18 00:19:02 +02:00
Damien Arrachequesne
aed252c742 chore(release): 4.1.2 
Diff: https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2
 2022-02-17 07:37:18 +01:00
dependabot[bot]
89209fa22a chore: bump cached-path-relative from 1.0.2 to 1.1.0 (#113) 
Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/ashaffer/cached-path-relative/releases)
- [Commits](https://github.com/ashaffer/cached-path-relative/commits)

---
updated-dependencies:
- dependency-name: cached-path-relative
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-17 07:19:50 +01:00
dependabot[bot]
0a3b556de3 chore: bump path-parse from 1.0.6 to 1.0.7 (#108) 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-17 07:18:40 +01:00
Gabba90
7f6b262ac8 fix: allow objects with a null prototype in binary packets (#114) 2022-02-17 07:18:11 +01:00
dependabot[bot]
8e8346b706 chore: bump ajv from 6.12.2 to 6.12.6 (#115) 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.2 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.12.2...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-16 21:57:15 +01:00
Damien Arrachequesne
ea86f413ed chore(release): 4.1.1 
DIff: https://github.com/socketio/socket.io-parser/compare/4.1.0...4.1.1
 2021-10-14 13:52:49 +02:00
Damien Arrachequesne
eb708d1936 chore: bump @socket.io/component-emitter to version 3.0.0 
The typed events have been moved from [1] to [2], in order to remove
the intermediary class and reduce the bundle size.

Diff: https://github.com/socketio/emitter/compare/2.0.0...3.0.0

[1]: https://github.com/socketio/socket.io-client/
[2]: https://github.com/socketio/emitter/
 2021-10-14 13:11:55 +02:00
Damien Arrachequesne
5ad3e5cc4b chore(release): 4.1.0 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.4...4.1.0
 2021-10-11 22:37:46 +02:00
Damien Arrachequesne
388c616a92 feat: provide an ESM build with and without debug 
See also: 00d7e7d7ee
 2021-10-11 22:35:12 +02:00
dependabot[bot]
75530b4dcd chore: bump browserslist from 4.12.0 to 4.16.6 (#106) 
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.12.0 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.12.0...4.16.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-13 10:47:42 +02:00
dependabot[bot]
57324f3048 chore: bump elliptic from 6.5.3 to 6.5.4 (#102) 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-13 10:47:33 +02:00
Damien Arrachequesne
af1b23ca85 chore(release): 4.0.4 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.3...4.0.4
 2021-01-15 01:45:17 +01:00
Damien Arrachequesne
1c220ddbf4 fix: allow integers as event names 
This commit restores the possibility to use integers as event names,
which was possible in Socket.IO v2.
 2021-01-15 01:38:03 +01:00
Damien Arrachequesne
444520d6cd chore(release): 4.0.3 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.2...4.0.3
 2021-01-05 11:26:13 +01:00
Damien Arrachequesne
b076dbb722 ci: migrate to GitHub Actions 
Due to the recent changes to the Travis CI platform (see [1]), we will
now use GitHub Actions to run the tests.

Reference: https://docs.github.com/en/free-pro-team@latest/actions/guides/building-and-testing-nodejs

[1]: https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
 2021-01-05 11:24:49 +01:00
Damien Arrachequesne
7c380d38eb chore: bump debug version 2021-01-05 11:00:39 +01:00
Damien Arrachequesne
f2098b031d chore(release): 4.0.2 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.1...4.0.2
 2020-11-25 11:00:16 +01:00
Damien Arrachequesne
66973a340c chore: cleanup dist folder before compilation 2020-11-25 10:59:02 +01:00
Pascal Sthamer
4efa005846 fix: move @types/component-emitter to dependencies (#99) 
Otherwise consumers of socket.io-parser (and socket.io) need to have it
listed in their devDependencies.
 2020-11-25 10:51:40 +01:00
Damien Arrachequesne
c04443375f docs: add compatibility table 2020-11-05 16:16:36 +01:00
Damien Arrachequesne
e339323654 chore(release): 4.0.1 
Diff: https://github.com/socketio/socket.io-parser/compare/3.4.1...4.0.1
 2020-11-05 16:07:35 +01:00
Damien Arrachequesne
412769fd18 chore(release): 4.0.1-rc3 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.1-rc2...4.0.1-rc3
 2020-10-26 00:16:09 +01:00
Damien Arrachequesne
db1d27432d refactor: rename ERROR to CONNECT_ERROR 
The meaning is not modified: this packet type is still used by the
server when the connection to a namespace is refused. But I feel the
name makes more sense:

```js
socket.on("connect", () => {});
socket.on("connect_error", () => {});

// instead of
socket.on("error", () => {});
```
 2020-10-25 22:57:26 +01:00
Aleksey Druzhinin
e3d272f542 docs: fix small typo (#98) 2020-10-21 23:28:36 +02:00
Damien Arrachequesne
64b6648236 chore(release): 4.0.1-rc2 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.1-rc1...4.0.1-rc2
 2020-10-15 10:24:47 +02:00
Damien Arrachequesne
58b3d09f1c chore: protocol version 5 
There are two differences with the 4th version:

- a CONNECT packet can now contain a payload (for authentication purposes)
- the underlying Engine.IO protocol has been updated

Reference: https://github.com/socketio/engine.io-protocol#difference-between-v3-and-v4
 2020-10-15 01:51:51 +02:00
Damien Arrachequesne
285e7cd0d8 feat: move binary detection back to the parser 
The binary detection was moved from the parser to the client/server in
[1], in order to allow the user to skip the binary detection for huge
JSON payloads.

```js
socket.binary(false).emit(...);
```

The binary detection is needed in the default parser, because the
payload is encoded with JSON.stringify(), which does not support binary
content (ArrayBuffer, Blob, ...).

But other parsers (like [2] or [3]) do not need this check, so we'll
move the binary detection back here and remove the socket.binary()
method, as this use case is now covered by the ability to provide your
own parser.

Note: the hasBinary method was copied from [4].

[1]: f44256c523
[2]: https://github.com/darrachequesne/socket.io-msgpack-parser
[3]: https://github.com/darrachequesne/socket.io-json-parser
[4]: https://github.com/darrachequesne/has-binary
 2020-10-15 01:46:47 +02:00
Damien Arrachequesne
7fc3c42234 chore(release): 4.0.1-rc1 
Diff: https://github.com/socketio/socket.io-parser/compare/4.0.0...4.0.1-rc1
 2020-10-12 15:21:44 +02:00
Damien Arrachequesne
78f9fc2999 feat: add support for a payload in a CONNECT packet 2020-10-08 02:00:09 +02:00