aedes 0.51.0 → 0.51.2

package/.github/dependabot.yml

@@ -1,12 +1,13 @@
 version: 2
 updates:
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10

package/.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: ci
+name: CI
 
 on:
   push:
@@ -10,33 +10,33 @@ on:
       - 'docs/**'
       - '*.md'
 
+permissions:
+  contents: read
+
 jobs:
   dependency-review:
     name: Dependency Review
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
-        - name: Check out repo
-          uses: actions/checkout@v3
+        - name: Checkout repository
+          uses: actions/checkout@v4
           with:
             persist-credentials: false
 
         - name: Dependency review
-          uses: actions/dependency-review-action@v2
+          uses: actions/dependency-review-action@v4
 
   test:
     runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read
     strategy:
       matrix:
         node-version: [16, 18, 20]
         os: [ubuntu-latest, windows-latest, macOS-latest]
       fail-fast: false
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
@@ -45,6 +45,8 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
           check-latest: true
+          cache: npm
+          cache-dependency-path: package.json
 
       - name: Install
         run: |
@@ -68,8 +70,6 @@ jobs:
   coverage:
     needs: test
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Coveralls Finished
         uses: coverallsapp/github-action@master

package/.github/workflows/{sast.yml → codeql.yml}

@@ -1,4 +1,4 @@
-name: sast
+name: CodeQL
 
 on:
   push:
@@ -11,19 +11,25 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
       contents: read
       security-events: write
     strategy:
       fail-fast: true
       matrix:
-        language: [ 'javascript' ]
+        language: [ 'javascript-typescript' ]
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
-      - uses: github/codeql-action/init@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
-      - uses: github/codeql-action/analyze@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

package/.github/workflows/labeler.yml

@@ -1,10 +1,15 @@
-name: "Pull Request Labeler"
+name: Pull Request Labeler
+
 on: pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@main
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

package/README.md

@@ -1,12 +1,10 @@
-<!-- markdownlint-disable MD013 MD024 -->
+<!-- markdownlint-disable MD013 -->
 # Aedes
 
 ![ci](https://github.com/moscajs/aedes/workflows/ci/badge.svg)
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
 [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/moscajs/aedes/graphs/commit-activity)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/moscajs/aedes/pulls)\
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/alerts/)
-[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/moscajs/aedes.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/moscajs/aedes/context:javascript)
 [![Coverage Status](https://coveralls.io/repos/moscajs/aedes/badge.svg?branch=main&service=github)](https://coveralls.io/github/moscajs/aedes?branch=main)
 [![Known Vulnerabilities](https://snyk.io/test/github/moscajs/aedes/badge.svg)](https://snyk.io/test/github/moscajs/aedes)\
 ![node](https://img.shields.io/node/v/aedes)
@@ -283,7 +281,7 @@ Want to contribute? Check our list of
 
 ## Security notice
 
-Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](https://github.com/moscajs/aedes/blob/main/docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback.
+Messages sent to the broker are considered _valid_ once they pass the [`authorizePublish`](./docs/Aedes.md#handler-authorizepublish-client-packet-callback) callback.
 In other terms, if permissions for the given client are revoked after the call completes, the message is still considered valid.
 In case you are sending time-sensitive messages, make sure to use QoS 0 or connect with a clean session.
 

package/SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please email daniel.sorridi+aedes@gmail.com; matteo.collina+aedes@gmail.com
+Please report all vulnerabilities to [https://github.com/moscajs/aedes/security](https://github.com/moscajs/aedes/security).

package/lib/client.js

@@ -313,7 +313,14 @@ Client.prototype.close = function (done) {
           }, noop)
         }
       })
+    } else if (will) {
+      // delete the persisted will even on clean disconnect https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc385349232
+      that.broker.persistence.delWill({
+        id: that.id,
+        brokerId: that.broker.id
+      }, noop)
     }
+
     that.will = null // this function might be called twice
     that._will = null
 

package/lib/handlers/connect.js

@@ -74,7 +74,6 @@ function init (client, packet, done) {
   if (returnCode > 0) {
     const error = new Error(errorMessages[returnCode])
     error.errorCode = returnCode
-    console.error(error)
     doConnack(
       { client, returnCode, sessionPresent: false },
       done.bind(this, error))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aedes",
-  "version": "0.51.0",
+  "version": "0.51.2",
   "description": "Stream-based MQTT broker",
   "main": "aedes.js",
   "types": "aedes.d.ts",
@@ -16,7 +16,7 @@
     "test:typescript": "tsd",
     "unit": "tap -J test/*.js",
     "unit:report": "tap -J test/*.js --cov --coverage-report=html --coverage-report=cobertura | tee out.tap",
-    "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause\"",
+    "license-checker": "license-checker --production --onlyAllow=\"MIT;ISC;BSD-3-Clause;BSD-2-Clause;0BSD\"",
     "release": "read -p 'GITHUB_TOKEN: ' GITHUB_TOKEN && export GITHUB_TOKEN=$GITHUB_TOKEN && release-it --disable-metrics"
   },
   "release-it": {
@@ -89,6 +89,10 @@
     }
   ],
   "license": "MIT",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/aedes"
+  },
   "bugs": {
     "url": "https://github.com/moscajs/aedes/issues"
   },
@@ -97,24 +101,24 @@
     "node": ">=16"
   },
   "devDependencies": {
-    "@sinonjs/fake-timers": "^10.3.0",
-    "@types/node": "^20.4.5",
-    "@typescript-eslint/eslint-plugin": "^6.2.0",
-    "@typescript-eslint/parser": "^6.2.0",
+    "@sinonjs/fake-timers": "^11.2.2",
+    "@types/node": "^20.11.17",
+    "@typescript-eslint/eslint-plugin": "^7.0.1",
+    "@typescript-eslint/parser": "^7.0.1",
     "concat-stream": "^2.0.0",
     "duplexify": "^4.1.2",
     "license-checker": "^25.0.1",
-    "markdownlint-cli": "^0.35.0",
-    "mqtt": "^5.0.0",
+    "markdownlint-cli": "^0.41.0",
+    "mqtt": "^5.3.5",
     "mqtt-connection": "^4.1.0",
     "pre-commit": "^1.2.2",
     "proxyquire": "^2.1.3",
-    "release-it": "^16.1.3",
+    "release-it": "^17.0.5",
     "snazzy": "^9.0.0",
     "standard": "^17.1.0",
-    "tap": "^16.3.7",
-    "tsd": "^0.28.1",
-    "typescript": "^5.1.6",
+    "tap": "^16.3.10",
+    "tsd": "^0.31.0",
+    "typescript": "^5.3.3",
     "websocket-stream": "^5.5.2"
   },
   "dependencies": {
@@ -124,11 +128,11 @@
     "fastfall": "^1.5.1",
     "fastparallel": "^2.4.1",
     "fastseries": "^2.0.0",
-    "hyperid": "^3.1.1",
-    "mqemitter": "^5.0.0",
+    "hyperid": "^3.2.0",
+    "mqemitter": "^6.0.0",
     "mqtt-packet": "^9.0.0",
-    "retimer": "^3.0.0",
+    "retimer": "^4.0.0",
     "reusify": "^1.0.4",
-    "uuid": "^9.0.0"
+    "uuid": "^9.0.1"
   }
 }

package/test/will.js

@@ -420,6 +420,29 @@ test('does not deliver will when client sends a DISCONNECT', function (t) {
   })
 })
 
+test('deletes from persistence on DISCONNECT', function (t) {
+  t.plan(2)
+
+  const opts = {
+    clientId: 'abcde'
+  }
+  const broker = aedes()
+  t.teardown(broker.close.bind(broker))
+
+  const s = noError(willConnect(setup(broker), opts, function () {
+    s.inStream.end({
+      cmd: 'disconnect'
+    })
+  }), t)
+
+  s.broker.persistence.getWill({
+    id: opts.clientId
+  }, function (err, packet) {
+    t.error(err, 'no error')
+    t.notOk(packet)
+  })
+})
+
 test('does not store multiple will with same clientid', function (t) {
   t.plan(4)