pusher-js 8.4.0 → 8.4.3

package/integration_tests_server/package.json

@@ -9,7 +9,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "express": "^4.18.2",
+    "express": "^4.22.1",
     "pusher": "^5.1.1-beta"
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pusher-js",
-  "version": "8.4.0",
+  "version": "8.4.3",
   "description": "Pusher Channels JavaScript library for browsers, React Native, NodeJS and web workers",
   "main": "dist/node/pusher.js",
   "browser": "dist/web/pusher.js",
@@ -66,5 +66,21 @@
   },
   "dependencies": {
     "tweetnacl": "^1.0.3"
+  },
+  "overrides": {
+    "body-parser": "^1.20.3",
+    "browserstack-local": "^1.5.12",
+    "cipher-base": "^1.0.6",
+    "compression": "^1.8.1",
+    "express": "^4.22.1",
+    "js-yaml": "^3.14.2",
+    "lodash": "^4.17.23",
+    "minimatch": "^3.1.5",
+    "node-forge": "^1.3.2",
+    "on-headers": "^1.1.0",
+    "pbkdf2": "^3.1.5",
+    "qs": "^6.14.0",
+    "sha.js": "^2.4.12",
+    "tmp": "^0.2.4"
   }
 }

package/spec/config/karma/config.ci.js

@@ -1,25 +1,25 @@
 var config = {
-  browserStack: {
-    startTunnel: true,
-    timeout: 1800,
-  },
-  browsers: ['ChromeHeadless', 'FirefoxHeadless'],
+  browsers: ['ChromeHeadlessNoHttpsUpgrade', 'FirefoxHeadlessNoHttpsUpgrade'],
   customLaunchers: {
-    bs_safari_12: {
-      base: 'BrowserStack',
-      os_version: "Mojave",
-      browser: "Safari",
-      browser_version: "12",
-      os: "OS X"
+    // When forceTLS=true XHR tests run first, browsers store an HSTS entry for
+    // sockjs-*.pusher.com (Pusher servers send Strict-Transport-Security headers).
+    // Subsequent forceTLS=false XHR tests request HTTP URLs which are then
+    // silently upgraded to HTTPS via HSTS. The resulting CORS preflight for the
+    // upgraded URL fails, blocking the connection. Disabling web security (Chrome)
+    // or HTTPS-only mode (Firefox) bypasses this so the HSTS-upgraded HTTPS
+    // response is returned to the Pusher client and the connection can establish.
+    ChromeHeadlessNoHttpsUpgrade: {
+      base: 'ChromeHeadless',
+      flags: ['--disable-web-security']
+    },
+    FirefoxHeadlessNoHttpsUpgrade: {
+      base: 'FirefoxHeadless',
+      prefs: {
+        'dom.security.https_only_mode': false,
+        'network.stricttransportsecurity.preloadlist': false
+      }
     }
   }
 };
-if (process.env.CI === 'full' && browserStackCredsAvailable()) {
-  config.browsers.push('bs_safari_12');
-}
-
-function browserStackCredsAvailable() {
-  return process.env.BROWSER_STACK_USERNAME && process.env.BROWSER_STACK_ACCESS_KEY
-}
 
 module.exports = config;

package/src/runtimes/web/dom/sockjs/COPYING

@@ -1,11 +0,0 @@
-Parts of the code are derived from various open source projects.
-
-For code derived from Socket.IO by Guillermo Rauch see
-https://github.com/LearnBoost/socket.io/tree/0.6.17#readme.
-
-Snippets derived from JSON-js by Douglas Crockford are public domain.
-
-Snippets derived from jQuery-JSONP by Julian Aubourg, generic MIT
-license.
-
-All other code is released on MIT license, see LICENSE-MIT-SockJS.

package/src/runtimes/web/dom/sockjs/Changelog

@@ -1,147 +0,0 @@
-0.3.4
-=====
-
- * Mentioned njoyce's fork of sockjs-gevent.
- * #90 - Don't catch onbeforeunload event - it breaks javascript://
-   links in IE.
- * IE mangles 204 response code for 1223 on ajax, see:
-   http://bugs.jquery.com/ticket/1450
- * Make `new` optional for SockJS constructor (via substack).
- * It is impossible to cancel JSONP polling request - compensate for that.
- * Refactored EventEmitter prototype (used only internally)
-
-
-0.3.2
-=====
-
- * #77 - Getting /info on modern browsers when html is served from
-         file:// urls was broken.
-
-0.3.1
-=====
-
- * #61 - Meteor guys found that we unintentionally catch "onopen" errors.
- * #63 - Meteorjs guys found that xhr-streaming on Safari sometimes
-   left busy cursor running.
- * Increased allowed time for websocket transport (from 1 rtt to 2),
-   this should make ws transport more reliable over SSL, at the cost
-   of slightly longer connection time for users with blocked ws.
- * #57 - previous fix didn't really work, sockjs-client still left
-   a mess in browsers history when using iframe transports. This
-   is fixed now.
- * #60 - Opera 12 (next) claims to do AJAX2 / CORS, but can't
-   do xhr-streaming.
- * #58 - onunload test sometimes failed on Safari on windows
- * Updated readme WRT websocket protocols
- * Updated readme WRT deployments on heroku
- * Add minimalistic license block to every source file.
-
-
-0.3.0
-=====
-
- * Temporarily disabled iframe tests - they are failing unpredictably.
- * #57 - pointing an iframe to "about:blank" during cleanup caused
-   Opera to messup history.
- * #55 - Improved iframe abstraction (reduced a possible mem leak)
- * Refactored AJAX abstractions, for better CORS handing - again.
- * Add additional parent origin security check to an iframe.
- * Urls with hashes or query strings can't be passed to SockJS.
- * #18 - Mention workaround for Firefox ESC key issue
- * #53 - AMD compliance
- * sockjs/sockjs-protocol#28 - always use square brackets for
-   websocket frames
- * #51 - initial support for IE10 - try XHR before XDR
- * #28 - handle onunload / onbeforeunload in a more robust fashion
- * #49 - support SockJS-client being used from files served from
-   file:// urls.
-
-
-0.2.1
-=====
-
- * "smoke-latency.html" test was unnecesairly sending too much data.
- * Bumped core dependencies (coffee-script and uglify-js)
- * Minor updates to the README, few cosmetic changes in the code.
-
-
-0.2.0
-=====
-
- * The API had changed - use `protocols_whitelist` option instead of
-   passing  an array of protocols as a second argument to SockJS constructor.
- * Dropped 'chunking-test' functionality and replace it with 'info'.
- * Rewritten protocol-choosing alogirthm, see "utils.detectProtocols" method.
- * Use dynamic protocol timeouts based on RTT, not hardcoded 5 seconds
- * #34 - Don't ever reuse `session_id`, especially when trying
-   fallback protocols.
- * The test server got moved from SockJS-client to SockJS-node.
- * Don't test unicode surrogates - it can't work in some environments.
- * XHR/XDR helpers were rewritten, ajax transports were simplified.
- * Added a domain check in the iframe to improve security.
- * SockJS will now trigger 1002 error if there is a problem during handshake
-   instead of 2000 error.
- * Smoke-throughput test is renamed to smoke-latency.
-
-0.1.2
-=====
-
- * #29 - Allow all unicode characters to be send over SockJS.
- * #15 - SockJS should now work fine even if the connection is started
-   in HEAD, before BODY is loaded.
- * #28 - In rare circumstances WebSocket connection can be left intact
-   after the page is unloaded in FireFox.
- * Updated scripts to work with Node 0.6.
- * Initial work to do better QUnit testing.
- * Updated the minifying script (always escape unicode chars, remove
-   trailing comment).
- * Use string instead of array of chars (utils.js:random_number_string).
-
-
-0.1.1
-=====
-
- * #21 Get JsonP transport working on IE9 (Vladimir Dronnikov).
- * #26 Emit heartbeat event.
- * #27 Include license inline.
-
-
-0.1.0
-=====
-
- * SockJS-client can only send UTF-8 encodable strings.  Previously we
-   took advantage of rich data structures and automatically
-   json-encoded them, but this got removed.  Now, all data passed to
-   `send` will be converted to string. This is also how native
- * `status` property on `EventClose` is renamed to `code`
-   as per Websocket API
-   WebSockets behave.
- * The test server was updated to new `sockjs-node` API
- * Fixed problem with Jsonp-polling transport on IE9
- * Repository was moved - updated links.
-
-
-0.0.4
-=====
-
- * All transports were refactored, some transports were introduced:
-   htmlfile and separate xhr-streaming.
- * Added logic to detect support for http chunking, and thus a
-   possibility to rule out streaming transports before running them.
- * Added 'cookie' option, useful for cookie-based load balancing
-   (currently, it make a difference only for IE).
- * Added hack to prevent EventSource from crashing Safari and Chrome.
- * Loads and loads of other small and medium changes.
-
-
-0.0.2
-=====
-
- * Initial support for JSESSIONID based load balancing. Currently
-   doesn't play nicely with IE XDomainRequest transport.
-
-
-0.0.1
-=====
-
- * Initial release.

package/src/runtimes/web/dom/sockjs/LICENSE-MIT-SockJS

@@ -1,19 +0,0 @@
-Copyright (c) 2011-2012 VMware, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

package/src/runtimes/web/dom/sockjs/Makefile

@@ -1,109 +0,0 @@
-.PHONY: all build tests test serve clean
-
-COFFEE:=./node_modules/.bin/coffee
-
-all: sockjs.js
-
-build: sockjs.js sockjs.min.js
-
-sockjs.js: lib/*js version
-	@$(COFFEE) -v > /dev/null
-	$(COFFEE) bin/render.coffee --set-version $(VER) lib/all.js > $@
-
-sockjs.min.js: lib/*js version
-	@$(COFFEE) -v > /dev/null
-	$(COFFEE) bin/render.coffee --set-version $(VER) --minify lib/all.js > $@
-
-sockjs.pretty.js: lib/*js version
-	@$(COFFEE) -v > /dev/null
-	$(COFFEE) bin/render.coffee --set-version $(VER) --minify --pretty lib/all.js > $@
-
-tests/html/lib/sockjs.js: sockjs.js
-	cp $< $@
-
-tests/html/lib/%.js: tests/html/src/%.coffee
-	@$(COFFEE) -v > /dev/null
-	$(COFFEE) -o tests/html/lib/ -c --bare $<
-
-build_tests: tests/html/lib/sockjs.js tests/html/lib/tests.js \
-		tests/html/lib/unittests.js tests/html/lib/domtests.js \
-		tests/html/lib/endtoendtests.js \
-		tests/html/lib/utils.js \
-		tests/html/lib/heartbeattests.js
-
-test: tests
-tests: build_tests
-	node tests/server.js
-
-
-serve:
-	@if [ -e .pidfile.pid ]; then			\
-		kill `cat .pidfile.pid`;		\
-		rm .pidfile.pid;			\
-	fi
-
-	@while [ 1 ]; do					\
-		make build_tests;				\
-		echo " [*] Running http server";		\
-		make test &					\
-		SRVPID=$$!;					\
-		echo $$SRVPID > .pidfile.pid;			\
-		echo " [*] Server pid: $$SRVPID";		\
-		inotifywait -r -q -e modify . ../sockjs-node;	\
-		kill `cat .pidfile.pid`;			\
-		rm -f .pidfile.pid;				\
-		sleep 0.1;					\
-	done
-
-clean:
-	rm -f sockjs*.js tests/html/lib/*.js
-
-# To release:
-#   0) 'make prepare-release'
-#   1) commit everything you need
-#   2) amend 'version' file (don't commit)
-#   3) run 'make tag', and git push/git push --tag as suggested
-#   4) run 'make upload', and suggested commands
-
-RVER:=$(shell cat version)
-VER:=$(shell ./VERSION-GEN)
-# The first two dots: 1.2.3 -> 1.2
-MAJVER:=$(shell echo $(VER)|sed 's|^\([^.]\+[.][^.]\+\).*$$|\1|' )
-
-.PHONY: prepare-release tag upload
-prepare-release:
-	make clean
-	[ -e ../sockjs-client-gh-pages ] || 				\
-		git clone `git remote -v|tr "[:space:]" "\t"|cut -f 2`	\
-			--branch gh-pages ../sockjs-client-gh-pages
-	(cd ../sockjs-client-gh-pages; git pull;)
-
-#-git tag -d v$(RVER)
-tag:
-	git commit $(TAG_OPTS) version Changelog -m "Release $(RVER)" --allow-empty
-	git tag -s v$(RVER) -m "Release $(RVER)"
-	@echo ' [*] Now run'
-	@echo 'git push; git push --tag'
-
-ARTIFACTS=\
-	sockjs-$(VER).js \
-	sockjs-$(VER).min.js \
-	sockjs-$(MAJVER).js \
-	sockjs-$(MAJVER).min.js
-
-upload: build
-	echo "VER=$(VER) MAJVER=$(MAJVER)"
-	cp sockjs.js     ../sockjs-client-gh-pages/sockjs-$(VER).js
-	cp sockjs.min.js ../sockjs-client-gh-pages/sockjs-$(VER).min.js
-	cp sockjs.js     ../sockjs-client-gh-pages/sockjs-$(MAJVER).js
-	cp sockjs.min.js ../sockjs-client-gh-pages/sockjs-$(MAJVER).min.js
-	(cd ../sockjs-client-gh-pages;	\
-		git add $(ARTIFACTS); \
-		git commit -m "Release $(VER)"; \
-		node generate_index.js > index.html; \
-		git add index.html; \
-		git commit --amend -m "Release $(VER)";)
-	@echo ' [*] Now run: '
-	@echo '(cd ../sockjs-client-gh-pages; git push; )'
-	@echo '(cd ../sockjs-client-gh-pages; 	\
-		s3cmd put --acl-public index.html $(ARTIFACTS) s3://sockjs; );'