Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: follow-redirects, socket.io-parser, socket.io and ws.

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates socket.io-parser from 4.2.1 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

Links

• Diff: socketio/socket.io-parser@4.2.3...4.2.4

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (3b78117)

Links

• Diff: socketio/socket.io-parser@4.2.2...4.2.3

4.2.2

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

Links

• Diff: socketio/socket.io-parser@4.2.1...4.2.2

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

• check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

• check the format of the event name (3b78117)

4.2.2 (2023-01-19)

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

3.3.3 (2022-11-09)

Bug Fixes

• check the format of the index of each attachment (fb21e42)

3.4.2 (2022-11-09)

... (truncated)

Commits

• 164ba2a chore(release): 4.2.4
• b0e6400 fix: properly detect plain objects
• d9db473 fix: ensure reserved events cannot be used as event names
• 6a5a004 docs(changelog): include changelog for release 3.4.3
• b6c824f chore(release): 4.2.3
• dcc70d9 refactor: export typescript declarations for the commonjs build
• 3b78117 fix: check the format of the event name
• 0841bd5 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121)
• 28dd668 chore(release): 4.2.2
• 22c42e3 fix: calling destroy() should clear all internal state
• Additional commits viewable in compare view

Updates socket.io from 4.5.4 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

• engine.io@~6.6.0 (no change)
• ws@~8.17.1 (no change)

socket.io-client@4.8.1

Bug Fixes

• bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

• engine.io-client@~6.6.1 (no change)
• ws@~8.17.1 (no change)

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport	Description
Fetch	HTTP long-polling based on the built-in fetch() method.
NodeXHR	HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR	HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket	WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket	WebSocket transport based on the built-in WebSocket object.
WebTransport	WebTransport transport based on the built-in WebTransport object.

Usage:

Transport	browser	Node.js	Deno	Bun

... (truncated)

Commits

• 91e1c8b chore(release): socket.io@4.8.1
• 8d5528a chore(release): socket.io-client@4.8.1
• 71387e5 refactor(sio-client): reexport transports from the engine
• aead835 refactor(sio): make Namespace._fns private (#5196)
• 029e010 chore(release): engine.io-client@6.6.2
• 4ca6ddb docs(nuxt): update example with latest version
• ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
• 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
• d4b3dde ci: use Node.js 22
• 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #3.