Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/socket.io
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 945c84be47d2923a9132786c9fd11dd90fa2c6db
Choose a base ref
...
head repository: socketio/socket.io
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3b7ced7af7e0a2a66392577f94af1ee5ed190ab1
Choose a head ref
  • 4 commits
  • 11 files changed
  • 1 contributor

Commits on Nov 2, 2022

  1. docs: add missing versions in the changelog

    @darrachequesne
    darrachequesne committed Nov 2, 2022
    Copy the full SHA
    f4b6984 View commit details

Commits on Nov 22, 2022

  1. chore: bump socket.io-parser to version 4.2.1 

    In order to fix CVE-2022-2421.

See also: GHSA-qm95-pgcg-qqfq
    @darrachequesne
    darrachequesne committed Nov 22, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    57e5f25 View commit details

  2. chore: bump engine.io to version 6.2.1 

    In order to fix CVE-2022-41940.

See also: GHSA-r7qp-cfhv-p84w
    @darrachequesne
    darrachequesne committed Nov 22, 2022
    Copy the full SHA
    c00bb95 View commit details

  3. chore(release): 4.5.4 

    Diff: 4.5.3...4.5.4
    @darrachequesne
    darrachequesne committed Nov 22, 2022
    Copy the full SHA
    3b7ced7 View commit details
197 changes: 171 additions & 26 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,71 @@
# History

- [4.5.3](#453-2022-10-15) (2022-10-15)
- [4.5.2](#452-2022-09-02) (2022-09-02)
- [4.5.1](#451-2022-05-17) (2022-05-17)
- [4.5.0](#450-2022-04-23) (2022-04-23)
- [4.4.1](#441-2022-01-06) (2022-01-06)
- [4.4.0](#440-2021-11-18) (2021-11-18)
- [4.3.2](#432-2021-11-08) (2021-11-08)
- [4.3.1](#431-2021-10-16) (2021-10-16)
- [4.3.0](#430-2021-10-14) (2021-10-14)
- [4.2.0](#420-2021-08-30) (2021-08-30)
- [4.1.3](#413-2021-07-10) (2021-07-10)
- [4.1.2](#412-2021-05-17) (2021-05-17)
- [4.1.1](#411-2021-05-11) (2021-05-11)
- [4.1.0](#410-2021-05-11) (2021-05-11)
- [4.0.2](#402-2021-05-06) (2021-05-06)
- [4.0.1](#401-2021-03-31) (2021-03-31)
- [4.0.0](#400-2021-03-10) (2021-03-10)
- [3.1.2](#312-2021-02-26) (2021-02-26)
- [3.1.1](#311-2021-02-03) (2021-02-03)
- [3.1.0](#310-2021-01-15) (2021-01-15)
- [3.0.5](#305-2021-01-05) (2021-01-05)
- [3.0.4](#304-2020-12-07) (2020-12-07)
- [3.0.3](#303-2020-11-19) (2020-11-19)
- [3.0.2](#302-2020-11-17) (2020-11-17)
- [3.0.1](#301-2020-11-09) (2020-11-09)
- [3.0.0](#300-2020-11-05) (2020-11-05)
## 2022

- [4.5.4](#454-2022-11-22) (Nov 2022)
- [4.5.3](#453-2022-10-15) (Oct 2022)
- [4.5.2](#452-2022-09-02) (Sep 2022)
- [2.5.0](#250-2022-06-26) (Jun 2022) (from the [2.x](https://github.com/socketio/socket.io/tree/2.x) branch)
- [4.5.1](#451-2022-05-17) (May 2022)
- [4.5.0](#450-2022-04-23) (Apr 2022)
- [4.4.1](#441-2022-01-06) (Jan 2022)

## 2021

- [4.4.0](#440-2021-11-18) (Nov 2021)
- [4.3.2](#432-2021-11-08) (Nov 2021)
- [4.3.1](#431-2021-10-16) (Oct 2021)
- [4.3.0](#430-2021-10-14) (Oct 2021)
- [4.2.0](#420-2021-08-30) (Aug 2021)
- [4.1.3](#413-2021-07-10) (Jul 2021)
- [4.1.2](#412-2021-05-17) (May 2021)
- [4.1.1](#411-2021-05-11) (May 2021)
- [4.1.0](#410-2021-05-11) (May 2021)
- [4.0.2](#402-2021-05-06) (May 2021)
- [4.0.1](#401-2021-03-31) (Mar 2021)
- [**4.0.0**](#400-2021-03-10) (Mar 2021)
- [3.1.2](#312-2021-02-26) (Feb 2021)
- [3.1.1](#311-2021-02-03) (Feb 2021)
- [3.1.0](#310-2021-01-15) (Jan 2021)
- [2.4.1](#241-2021-01-07) (Jan 2021) (from the [2.x](https://github.com/socketio/socket.io/tree/2.x) branch)
- [3.0.5](#305-2021-01-05) (Jan 2021)
- [2.4.0](#240-2021-01-04) (Jan 2021) (from the [2.x](https://github.com/socketio/socket.io/tree/2.x) branch)

## 2020

- [3.0.4](#304-2020-12-07) (Dec 2020)
- [3.0.3](#303-2020-11-19) (Nov 2020)
- [3.0.2](#302-2020-11-17) (Nov 2020)
- [3.0.1](#301-2020-11-09) (Nov 2020)
- [**3.0.0**](#300-2020-11-05) (Nov 2020)

## 2019

- [2.3.0](#230-2019-09-20) (Sep 2019)

## 2018

- [2.2.0](#220-2018-11-29) (Nov 2018)
- [2.1.1](#211-2018-05-17) (May 2018)
- [2.1.0](#210-2018-03-29) (Mar 2018)


# Release notes

## [4.5.4](https://github.com/socketio/socket.io/compare/4.5.3...4.5.4) (2022-11-22)

This release contains a bump of:

- `engine.io` in order to fix [CVE-2022-41940](https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w)
- `socket.io-parser` in order to fix [CVE-2022-2421](https://github.com/advisories/GHSA-qm95-pgcg-qqfq).

### Dependencies

- [`engine.io@~6.2.1`](https://github.com/socketio/engine.io-client/tree/6.2.1) ([diff](https://github.com/socketio/engine.io/compare/6.2.0...6.2.1))
- [`ws@~8.2.3`](https://github.com/websockets/ws/releases/tag/8.2.3)



## [4.5.3](https://github.com/socketio/socket.io/compare/4.5.2...4.5.3) (2022-10-15)


@@ -49,6 +86,18 @@



# [2.5.0](https://github.com/socketio/socket.io/compare/2.4.1...2.5.0) (2022-06-26)


### Bug Fixes

* fix race condition in dynamic namespaces ([05e1278](https://github.com/socketio/socket.io/commit/05e1278cfa99f3ecf3f8f0531ffe57d850e9a05b))
* ignore packet received after disconnection ([22d4bdf](https://github.com/socketio/socket.io/commit/22d4bdf00d1a03885dc0171125faddfaef730066))
* only set 'connected' to true after middleware execution ([226cc16](https://github.com/socketio/socket.io/commit/226cc16165f9fe60f16ff4d295fb91c8971cde35))
* prevent the socket from joining a room after disconnection ([f223178](https://github.com/socketio/socket.io/commit/f223178eb655a7713303b21a78f9ef9e161d6458))



## [4.5.1](https://github.com/socketio/socket.io/compare/4.5.0...4.5.1) (2022-05-17)


@@ -285,6 +334,16 @@ we only add a field in the JSON-encoded handshake data:
* allow integers as event names ([1c220dd](https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9))



## [2.4.1](https://github.com/socketio/socket.io/compare/2.4.0...2.4.1) (2021-01-07)


### Reverts

* fix(security): do not allow all origins by default ([a169050](https://github.com/socketio/socket.io/commit/a1690509470e9dd5559cec4e60908ca6c23e9ba0))



## [3.0.5](https://github.com/socketio/socket.io/compare/3.0.4...3.0.5) (2021-01-05)


@@ -298,6 +357,17 @@ we only add a field in the JSON-encoded handshake data:
* restore the socket middleware functionality ([bf54327](https://github.com/socketio/socket.io/commit/bf5432742158e4d5ba2722cff4a614967dffa5b9))



# [2.4.0](https://github.com/socketio/socket.io/compare/2.3.0...2.4.0) (2021-01-04)


### Bug Fixes

* **security:** do not allow all origins by default ([f78a575](https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7))
* properly overwrite the query sent in the handshake ([d33a619](https://github.com/socketio/socket.io/commit/d33a619905a4905c153d4fec337c74da5b533a9e))



## [3.0.4](https://github.com/socketio/socket.io/compare/3.0.3...3.0.4) (2020-12-07)


@@ -583,3 +653,78 @@ io.of("/admin").use((socket, next) => {

This method was kept for backward-compatibility with pre-1.0 versions.



# [2.3.0](https://github.com/socketio/socket.io/compare/2.2.0...2.3.0) (2019-09-20)

This release mainly contains a bump of the `engine.io` and `ws` packages, but no additional features.



# [2.2.0](https://github.com/socketio/socket.io/compare/2.1.1...2.2.0) (2018-11-29)

### Features

- add cache-control header when serving the client source ([#2907](https://github.com/socketio/socket.io/pull/2907)) ([b00ae50](https://github.com/socketio/socket.io/commit/b00ae50be65d1bc88fa95145f1c486a6886a6b76))

### Bug fixes

- throw an error when trying to access the clients of a dynamic namespace ([#3355](https://github.com/socketio/socket.io/pull/3355)) ([a7fbd1a](https://github.com/socketio/socket.io/commit/a7fbd1ac4a47cafd832fc62e371754df924c5903))



# [2.1.1](https://github.com/socketio/socket.io/compare/2.1.0...2.1.1) (2018-05-17)

### Features

- add local flag to the socket object ([#3129](https://github.com/socketio/socket.io/pull/3219)) ([1decae3](https://github.com/socketio/socket.io/commit/1decae341c80c0417b32d3124ca30c005240b48a))

```js
socket.local.to('room101').emit(/* */);
```


# [2.1.0](https://github.com/socketio/socket.io/compare/2.1.1...2.2.0) (2018-03-29)

### Features

- add a 'binary' flag ([#3185](https://github.com/socketio/socket.io/pull/3185)) ([f48a06c](https://github.com/socketio/socket.io/commit/f48a06c040280b44f90fd225c888910544fd63b5))

```js
// by default, the object is recursively scanned to check whether it contains some binary data
// in the following example, the check is skipped in order to improve performance
socket.binary(false).emit('plain-object', object);

// it also works at the namespace level
io.binary(false).emit('plain-object', object);
```

- add support for dynamic namespaces ([#3195](https://github.com/socketio/socket.io/pull/3195)) ([c0c79f0](https://github.com/socketio/socket.io/commit/c0c79f019e7138194e438339f8192705957c8ec3))

```js
io.of(/^\/dynamic-\d+$/).on('connect', (socket) => {
// socket.nsp.name = '/dynamic-101'
});

// client-side
const client = require('socket.io-client')('/dynamic-101');
```

### Bug fixes

- properly emit 'connect' when using a custom namespace ([#3197](https://github.com/socketio/socket.io/pull/3197)) ([f4fc517](https://github.com/socketio/socket.io/commit/f4fc517e0fe25866c95b584291487b8cbdff889d))
- include the protocol in the origins check ([#3198](https://github.com/socketio/socket.io/pull/3198)) ([1f1d64b](https://github.com/socketio/socket.io/commit/1f1d64bab61a273712a199591a3f76210d8c0959))

### Important note :warning: from Engine.IO [3.2.0 release](https://github.com/socketio/engine.io/releases/tag/3.2.0)

There are two non-breaking changes that are somehow quite important:

- `ws` was reverted as the default wsEngine (https://github.com/socketio/engine.io/pull/550), as there was several blocking issues with `uws`. You can still use `uws` by running `npm install uws --save` in your project and using the `wsEngine` option:
```js
var engine = require('engine.io');
var server = engine.listen(3000, {
wsEngine: 'uws'
});
```

- `pingTimeout` now defaults to 5 seconds (instead of 60 seconds): https://github.com/socketio/engine.io/pull/551
Loading