[Snyk] Security upgrade engine.io from 4.0.0 to 6.2.1

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/latency/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: engine.io

The new version differs by 86 commits.

• 24b847b chore(release): 6.2.1
• 425e833 fix: catch errors when destroying invalid upgrades (Fix unhandled error on HTTP2 upgrade socketio/engine.io#658)
• 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latency (chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latency socketio/engine.io#661)
• d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (chore(deps): bump minimatch from 3.0.4 to 3.1.2 socketio/engine.io#660)
• 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (chore(deps): bump nanoid from 3.1.25 to 3.3.1 socketio/engine.io#659)
• 535a01d ci: add Node.js 18 in the test matrix
• 1b71a6f docs: remove "Vanilla JS" highlight from README (Removed "Vanilla JS" highlight from README socketio/engine.io#656)
• 917d1d2 refactor: replace deprecated `String.prototype.substr()` (refactor: replace deprecated String.prototype.substr() socketio/engine.io#646)
• 020801a chore: add changelog for version 3.6.0
• ed1d6f9 test: make test script work on Windows (script windows sintaxe fix & update lock version socketio/engine.io#643)
• d7e3ab7 chore(release): 6.2.0
• 088dcb4 feat: add the "maxPayload" field in the handshake details
• 657f04e chore: add Node.js 16 in the test matrix
• e24b27b refactor: return an HTTP 413 response for too large payloads
• ce3fe9d chore(release): 6.1.3
• 1bc5b1a chore: bump engine.io-parser to version 5.0.3
• 5df4f18 perf(uws): remove nested inner functions
• 3367440 fix(uws): properly handle chunked content (fix uws polling socketio/engine.io#642)
• a463d26 fix(typings): allow CorsOptionsDelegate as cors options (Allow CorsOptionsDelegate as cors options socketio/engine.io#641)
• 90fb0a9 chore(release): 6.1.2
• e122e4b refactor: add additional types
• 3f1e312 chore: bump package-lock.json file version
• 45112a3 fix(uws): fix HTTP long-polling with CORS
• 49bb7cf fix(uws): expose additional uWebSockets.js options (uServer: accept compression option socketio/engine.io#634)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[secure-code-warrior-for-github]

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior