chore(release): engine.io@6.6.4

Diff: https://github.com/socketio/socket.io/compare/engine.io@6.6.3...engine.io@6.6.4

package-lock.json

@@ -42,6 +42,7 @@
         "base64-arraybuffer": "^1.0.2",
         "benchmark": "^2.1.4",
         "blob": "^0.1.0",
+        "cookie": "~0.7.2",
         "eiows": "^7.1.0",
         "engine.io-client-v3": "npm:engine.io-client@^3.5.2",
         "expect.js": "^0.3.1",
@@ -2823,11 +2824,6 @@
         "@types/responselike": "^1.0.0"
       }
     },
-    "node_modules/@types/cookie": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
-      "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q=="
-    },
     "node_modules/@types/cors": {
       "version": "2.8.17",
       "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -15511,10 +15507,9 @@
       }
     },
     "packages/engine.io": {
-      "version": "6.6.2",
+      "version": "6.6.3",
       "license": "MIT",
       "dependencies": {
-        "@types/cookie": "^0.4.1",
         "@types/cors": "^2.8.12",
         "@types/node": ">=10.0.0",
         "accepts": "~1.3.4",
@@ -15530,7 +15525,7 @@
       }
     },
     "packages/engine.io-client": {
-      "version": "6.6.1",
+      "version": "6.6.3",
       "license": "MIT",
       "dependencies": {
         "@socket.io/component-emitter": "~3.1.0",
@@ -15572,7 +15567,7 @@
       }
     },
     "packages/socket.io": {
-      "version": "4.8.0",
+      "version": "4.8.1",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.4",
@@ -15596,7 +15591,7 @@
       }
     },
     "packages/socket.io-client": {
-      "version": "4.8.0",
+      "version": "4.8.1",
       "license": "MIT",
       "dependencies": {
         "@socket.io/component-emitter": "~3.1.0",

package.json

@@ -43,6 +43,7 @@
     "base64-arraybuffer": "^1.0.2",
     "benchmark": "^2.1.4",
     "blob": "^0.1.0",
+    "cookie": "~0.7.2",
     "eiows": "^7.1.0",
     "engine.io-client-v3": "npm:engine.io-client@^3.5.2",
     "expect.js": "^0.3.1",

packages/engine.io-client/CHANGELOG.md

@@ -2,6 +2,7 @@
 
 | Version                                                                                                     | Release date   | Bundle size (UMD min+gzip) |
 |-------------------------------------------------------------------------------------------------------------|----------------|----------------------------|
+| [6.6.3](#663-2025-01-23)                                                                                    | January 2025   | `8.7 KB`                   |
 | [6.6.2](#662-2024-10-23)                                                                                    | October 2024   | `8.7 KB`                   |
 | [6.6.1](#661-2024-09-21)                                                                                    | September 2024 | `8.7 KB`                   |
 | [6.6.0](#660-2024-06-21)                                                                                    | June 2024      | `8.6 KB`                   |
@@ -40,6 +41,20 @@
 
 # Release notes
 
+## [6.6.3](https://github.com/socketio/socket.io/compare/engine.io-client@6.6.2...engine.io-client@6.6.3) (2025-01-23)
+
+
+### Bug Fixes
+
+* correctly consume the `ws` package ([#5220](https://github.com/socketio/socket.io/issues/5220)) ([7fcddcb](https://github.com/socketio/socket.io/commit/7fcddcb3bbd236b46aa8fee6f4ce6c45afb7b03a))
+
+
+### Dependencies
+
+- [`ws@~8.17.1`](https://github.com/websockets/ws/releases/tag/8.17.1) (no change)
+
+
+
 ## [6.6.2](https://github.com/socketio/socket.io/compare/engine.io-client@6.6.1...engine.io-client@6.6.2) (2024-10-23)
 
 

packages/engine.io-client/dist/engine.io.js

@@ -1,6 +1,6 @@
 /*!
- * Engine.IO v6.6.2
- * (c) 2014-2024 Guillermo Rauch
+ * Engine.IO v6.6.3
+ * (c) 2014-2025 Guillermo Rauch
  * Released under the MIT License.
  */
 (function (global, factory) {

packages/engine.io-client/lib/transports/websocket.node.ts

@@ -1,4 +1,4 @@
-import { WebSocket } from "ws";
+import * as ws from "ws";
 import type { Packet, RawData } from "engine.io-parser";
 import { BaseWS } from "./websocket.js";
 
@@ -27,7 +27,7 @@ export class WS extends BaseWS {
         opts.headers.cookie.push(`${name}=${cookie.value}`);
       }
     }
-    return new WebSocket(uri, protocols, opts);
+    return new ws.WebSocket(uri, protocols, opts);
   }
 
   doWrite(packet: Packet, data: RawData) {

packages/engine.io-client/package.json

@@ -2,7 +2,7 @@
   "name": "engine.io-client",
   "description": "Client for the realtime Engine",
   "license": "MIT",
-  "version": "6.6.2",
+  "version": "6.6.3",
   "main": "./build/cjs/index.js",
   "module": "./build/esm/index.js",
   "exports": {

packages/engine.io/CHANGELOG.md

@@ -2,6 +2,8 @@
 
 | Version                                                                                              | Release date   |
 |------------------------------------------------------------------------------------------------------|----------------|
+| [6.6.4](#664-2025-01-28)                                                                             | January 2025   |
+| [6.6.3](#663-2025-01-23)                                                                             | January 2025   |
 | [6.6.2](#662-2024-10-09)                                                                             | October 2024   |
 | [6.6.1](#661-2024-09-21)                                                                             | September 2024 |
 | [6.6.0](#660-2024-06-21)                                                                             | June 2024      |
@@ -47,6 +49,30 @@
 
 # Release notes
 
+## [6.6.4](https://github.com/socketio/socket.io/compare/engine.io@6.6.3...engine.io@6.6.4) (2025-01-28)
+
+The bump of the `cookie` dependency was reverted, as it drops support for older Node.js versions (< 14).
+
+
+### Dependencies
+
+- [`ws@~8.17.1`](https://github.com/websockets/ws/releases/tag/8.17.1) (no change)
+
+
+
+## [6.6.3](https://github.com/socketio/socket.io/compare/engine.io@6.6.2...engine.io@6.6.3) (2025-01-23)
+
+This release contains a bump of the `cookie` dependency.
+
+Release notes: https://github.com/jshttp/cookie/releases/tag/v1.0.0
+
+
+### Dependencies
+
+- [`ws@~8.17.1`](https://github.com/websockets/ws/releases/tag/8.17.1) (no change)
+
+
+
 ## [6.6.2](https://github.com/socketio/socket.io/compare/engine.io@6.6.1...engine.io@6.6.2) (2024-10-09)
 
 This release contains a bump of the `cookie` dependency.

packages/engine.io/lib/contrib/types.cookie.ts

@@ -0,0 +1,117 @@
+// imported from https://github.com/DefinitelyTyped/DefinitelyTyped/blob/b83cf9ef8b044e69f05b2a00aa7c6cb767a9acd2/types/cookie/index.d.ts (now deleted)
+/**
+ * Basic HTTP cookie parser and serializer for HTTP servers.
+ */
+
+/**
+ * Additional serialization options
+ */
+export interface CookieSerializeOptions {
+  /**
+   * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
+   * domain is set, and most clients will consider the cookie to apply to only
+   * the current domain.
+   */
+  domain?: string | undefined;
+
+  /**
+   * Specifies a function that will be used to encode a cookie's value. Since
+   * value of a cookie has a limited character set (and must be a simple
+   * string), this function can be used to encode a value into a string suited
+   * for a cookie's value.
+   *
+   * The default function is the global `encodeURIComponent`, which will
+   * encode a JavaScript string into UTF-8 byte sequences and then URL-encode
+   * any that fall outside of the cookie range.
+   */
+  encode?(value: string): string;
+
+  /**
+   * Specifies the `Date` object to be the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.1|`Expires` `Set-Cookie` attribute}. By default,
+   * no expiration is set, and most clients will consider this a "non-persistent cookie" and will delete
+   * it on a condition like exiting a web browser application.
+   *
+   * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+   * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+   * possible not all clients by obey this, so if both are set, they should
+   * point to the same date and time.
+   */
+  expires?: Date | undefined;
+  /**
+   * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute}.
+   * When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
+   * default, the `HttpOnly` attribute is not set.
+   *
+   * *Note* be careful when setting this to true, as compliant clients will
+   * not allow client-side JavaScript to see the cookie in `document.cookie`.
+   */
+  httpOnly?: boolean | undefined;
+  /**
+   * Specifies the number (in seconds) to be the value for the `Max-Age`
+   * `Set-Cookie` attribute. The given number will be converted to an integer
+   * by rounding down. By default, no maximum age is set.
+   *
+   * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+   * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+   * possible not all clients by obey this, so if both are set, they should
+   * point to the same date and time.
+   */
+  maxAge?: number | undefined;
+  /**
+   * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+   * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+   * `Partitioned` attribute is not set.
+   *
+   * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+   * This also means many clients may ignore this attribute until they understand it.
+   *
+   * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+   */
+  partitioned?: boolean | undefined;
+  /**
+   * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute}.
+   * By default, the path is considered the "default path".
+   */
+  path?: string | undefined;
+  /**
+   * Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+   *
+   * - `'low'` will set the `Priority` attribute to `Low`.
+   * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+   * - `'high'` will set the `Priority` attribute to `High`.
+   *
+   * More information about the different priority levels can be found in
+   * [the specification][rfc-west-cookie-priority-00-4.1].
+   *
+   * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+   * This also means many clients may ignore this attribute until they understand it.
+   */
+  priority?: "low" | "medium" | "high" | undefined;
+  /**
+   * Specifies the boolean or string to be the value for the {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute}.
+   *
+   * - `true` will set the `SameSite` attribute to `Strict` for strict same
+   * site enforcement.
+   * - `false` will not set the `SameSite` attribute.
+   * - `'lax'` will set the `SameSite` attribute to Lax for lax same site
+   * enforcement.
+   * - `'strict'` will set the `SameSite` attribute to Strict for strict same
+   * site enforcement.
+   *  - `'none'` will set the SameSite attribute to None for an explicit
+   *  cross-site cookie.
+   *
+   * More information about the different enforcement levels can be found in {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification}.
+   *
+   * *note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
+   */
+  sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+  /**
+   * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute}. When truthy, the
+   * `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+   *
+   * *Note* be careful when setting this to `true`, as compliant clients will
+   * not send the cookie back to the server in the future if the browser does
+   * not have an HTTPS connection.
+   */
+  secure?: boolean | undefined;
+}

packages/engine.io/lib/server.ts

@@ -12,12 +12,12 @@ import type {
   Server as HttpServer,
   ServerResponse,
 } from "http";
-import type { CookieSerializeOptions } from "cookie";
 import type { CorsOptions, CorsOptionsDelegate } from "cors";
 import type { Duplex } from "stream";
 import { WebTransport } from "./transports/webtransport";
 import { createPacketDecoderStream } from "engine.io-parser";
 import type { EngineRequest } from "./transport";
+import type { CookieSerializeOptions } from "./contrib/types.cookie";
 
 const debug = debugModule("engine");
 

packages/engine.io/package.json

@@ -1,6 +1,6 @@
 {
   "name": "engine.io",
-  "version": "6.6.2",
+  "version": "6.6.4",
   "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server",
   "type": "commonjs",
   "main": "./build/engine.io.js",
@@ -31,7 +31,6 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@types/cookie": "^0.4.1",
     "@types/cors": "^2.8.12",
     "@types/node": ">=10.0.0",
     "accepts": "~1.3.4",