Bump engine.io and engine.io-client

vweevers · vweevers · commit 5e7560b34d7b · 2021-11-27T16:42:07.000+01:00
Closes vulnerability alerts, though they appear to have been false positives in the context of `airtap`. The main motivation for bumping these dependencies is simply keeping up with changes. We're jumping several versions ahead but by using the transpiled ES5 bundle of `engine.io-client` (included in its npm package) it should not affect browser support of `airtap`. Verified with the test matrix of `airtap-sauce` (which includes IE9). Closes #276, closes #317, closes #312, closes #315.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,7 +10,5 @@ updates:
     schedule:
       interval: monthly
     ignore:
-      - dependency-name: engine.io
-      - dependency-name: engine.io-client
       - dependency-name: standard
       - dependency-name: tempy
diff --git a/client/index.js b/client/index.js
@@ -1,5 +1,7 @@
 var load = require('load-script')
-var engineClient = require('engine.io-client')
+
+// Use transpiled flavor for older browser support
+var engineClient = require('engine.io-client/dist/engine.io.js')
 
 // Without Developer Tools open, console is undefined in IE9.
 if (typeof global.console === 'undefined') {
diff --git a/package.json b/package.json
@@ -31,8 +31,8 @@
     "bruce-millis-option": "^1.0.0",
     "compression": "^1.7.1",
     "debug": "^4.1.0",
-    "engine.io": "^3.4.2",
-    "engine.io-client": "3.3.2",
+    "engine.io": "^6.1.0",
+    "engine.io-client": "^6.1.1",
     "express": "^4.17.0",
     "find-nearest-file": "^1.1.0",
     "globs-to-files": "^1.0.0",
diff --git a/test/unit/message-server.js b/test/unit/message-server.js
@@ -1,7 +1,7 @@
 'use strict'
 
 const test = require('tape')
-const engineClient = require('engine.io-client')
+const Socket = require('engine.io-client').Socket
 const EventEmitter = require('events')
 const MessageServer = require('../../lib/message-server')
 
@@ -37,7 +37,7 @@ test('message server closes open connections', function (t) {
 
     server.register(cid, mockContext)
 
-    const socket = engineClient(url, {
+    const socket = new Socket(url, {
       path: '/airtap/msg',
       extraHeaders: {
         'x-airtap-context-id': cid
@@ -73,7 +73,7 @@ test('message server closes if connections were already closed', function (t) {
 
     server.register(cid, mockContext)
 
-    const socket = engineClient(url, {
+    const socket = new Socket(url, {
       path: '/airtap/msg',
       extraHeaders: {
         'x-airtap-context-id': cid
@@ -104,7 +104,7 @@ test('message server closes connection without valid cid', function (t) {
   server.open(function (err) {
     t.ifError(err, 'no open error')
 
-    const socket = engineClient(`ws://localhost:${server.port}`, {
+    const socket = new Socket(`ws://localhost:${server.port}`, {
       path: '/airtap/msg'
     })
 
