Bump mqtt from 2.18.8 to 4.2.8

Open dependabot-preview[bot] opened this issue 4 years ago • 0 comments

Bumps mqtt from 2.18.8 to 4.2.8.

Release notes

v4.2.6 (patch release)

This release is a patch update to rollback buggy changes from an earlier release.

📚 PR: fix(websockets): revert URL WHATWG changes (#1217)

v4.2.5 (patch release)

This release is a patch update.

📚 PR: docs: replace moscajs with aedes (#1198) fix(auth opts): Default to null for false-y values (#1197)

v4.2.2 (patch release)

📚 PR:

#1154: fixes #1140, detecting if webpack is used (browser) #1162: fixes #1152, reconnect bug #1165: fixes #1160, add documentation for react #1171: minor docs consistency improvements

v4.2.1

This release is a patch update to address a bug created in release v4.2.0, breaking MQTT over Websocket in the browser. This patch fixes that.

📚 PR:

fix(websocket): browser in ws (#1145)

v4.2.0

📚 PR:

feat(websockets): websocket-streams to ws (#1108) fix(browser support): do not use process.nextTick without check that it exists (#1136) fix(browser support): correct browser detection for webpack (#1135) fix(mqtt stores): improve error handling and tests (#1133)
feat(mqtt5): add properties object to publish options (#1103) fix(typescript): fix payloadFormatIndicator to boolean type (#1115) fix: path for bin files (#1107)

v4.1.0

📚 PR:

ci: add debug logs to tests (#1091)

chore: move cli to bin directory (#1096)

chore: remove bloat from package (#1097)

types: add on('connect') (#963)

The protocols parameter of wx.connectSocket should be Array. (#969)

[FIXED] Unsubscribe while topics are in array. (#958)

Add missing "debug" dependency (#1104)

v4.0.1

... (truncated)

Changelog

Sourced from mqtt's changelog.

4.2.8

PR

Fix ws vulnerability and typescript bug (#1292)

4.2.7

PR

#1287 - Fix production vulnerabilities (#1289)

#1215 - Add missing 'duplexify' dependency (#1266)

Improve type definition for 'wsOptions' (#1256)

Improve Typescript Declaratiosn for userProperties (#1249)

#1235 - Call the end on the WebSocket stream when WebSocket close event is emitted. (#1239)

#1201 - Uncaught TypeError: net.createConnection is not a function. (#1236)

Improve Documentation for Browserify (#1224)

v4.2.6 and Below

The release history has beend documented in the GitHub releases and tags historically.

Commits

9be3e3d 4.2.8
4c15f31 Merge pull request #1292 from mqttjs/fix-ws-vulnerability
9979443 fix: websocket and typescript
cc82753 Merge pull request #1291 from mqttjs/release_6_21_2021
e6fc579 release: 4.2.7
6d817af Merge pull request #1209 from nosovk/patch-3
185307e Merge pull request #1224 from cameronelliott/master
c8cebbf Merge pull request #1256 from nmggithub/master
f3401a7 Update client-options.d.ts
6308dea Merge branch 'master' into master
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by yodama, a new releaser for mqtt since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Automerge options (never/patch/minor, and dev/runtime dependencies)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Jun 22 '21 05:06 dependabot-preview[bot]