Auto merge of #4437 - rust-lang:dependabot/npm_and_yarn/engine.io-6.1.1, r=Turbo87

Bump engine.io from 6.1.0 to 6.1.1

Bumps [engine.io](https://github.com/socketio/engine.io) from 6.1.0 to 6.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/socketio/engine.io/releases">engine.io's releases</a>.</em></p>
<blockquote>
<h2>6.1.1</h2>
<p>:warning: This release contains an important security fix :warning:</p>
<p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p>
<blockquote>
<p>RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear
at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14)
at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22)
at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10)
at writeOrBuffer (internal/streams/writable.js:358:12)</p>
</blockquote>
<p>This bug was introduced by <a href="https://github.com/socketio/engine.io/commit/f3c291fa613a9d50c924d74293035737fdace4f2">this commit</a>, included in <code>engine.io@4.0.0</code>, so previous releases are not impacted.</p>
<p>Thanks to Marcus Wejderot from Mevisio for the responsible disclosure.</p>
<h3>Bug Fixes</h3>
<ul>
<li>properly handle invalid data sent by a malicious websocket client (<a href="https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c">c0e194d</a>)</li>
</ul>
<h4>Links</h4>
<ul>
<li>Diff: <a href="https://github.com/socketio/engine.io/compare/6.1.0...6.1.1">https://github.com/socketio/engine.io/compare/6.1.0...6.1.1</a></li>
<li>Client release: -</li>
<li>ws version: <a href="https://github.com/websockets/ws/releases/tag/8.2.3">~8.2.3</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/socketio/engine.io/blob/master/CHANGELOG.md">engine.io's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/socketio/engine.io/compare/6.1.0...6.1.1">6.1.1</a> (2022-01-11)</h2>
<p>:warning: This release contains an important security fix :warning:</p>
<p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p>
<blockquote>
<p>RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear
at Receiver.getInfo (/.../node_modules/ws/lib/receiver.js:176:14)
at Receiver.startLoop (/.../node_modules/ws/lib/receiver.js:136:22)
at Receiver._write (/.../node_modules/ws/lib/receiver.js:83:10)
at writeOrBuffer (internal/streams/writable.js:358:12)</p>
</blockquote>
<p>This bug was introduced by <a href="https://github.com/socketio/engine.io/commit/f3c291fa613a9d50c924d74293035737fdace4f2">this commit</a>, included in <code>engine.io@4.0.0</code>, so previous releases are not impacted.</p>
<p>Thanks to Marcus Wejderot from Mevisio for the responsible disclosure.</p>
<h3>Bug Fixes</h3>
<ul>
<li>properly handle invalid data sent by a malicious websocket client (<a href="https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c">c0e194d</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/socketio/engine.io/commit/f3b761dc560e6cd045ef42939dc28d7138f245e9"><code>f3b761d</code></a> chore(release): 6.1.1</li>
<li><a href="https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"><code>c0e194d</code></a> fix: properly handle invalid data sent by a malicious websocket client</li>
<li><a href="https://github.com/socketio/engine.io/commit/b04967b52eb1574cfaa6e24bdf164096322be96a"><code>b04967b</code></a> refactor: import Node's setTimeout &amp; clearTimeout to prevent ambiguity (<a href="https://github-redirect.dependabot.com/socketio/engine.io/issues/632">#632</a>)</li>
<li>See full diff in <a href="https://github.com/socketio/engine.io/compare/6.1.0...6.1.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=engine.io&package-manager=npm_and_yarn&previous-version=6.1.0&new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` use these labels` will set the current labels as the default for future PRs for this repo and language
- ``@dependabot` use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- ``@dependabot` use these assignees` will set the current assignees as the default for future PRs for this repo and language
- ``@dependabot` use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rust-lang/crates.io/network/alerts).

</details>

Author: bors

yarn.lock

@@ -7168,9 +7168,9 @@ engine.io-parser@~5.0.0:
     base64-arraybuffer "~1.0.1"
 
 engine.io@~6.1.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-6.1.0.tgz#459eab0c3724899d7b63a20c3a6835cf92857939"
-  integrity sha512-ErhZOVu2xweCjEfYcTdkCnEYUiZgkAcBBAhW4jbIvNG8SLU3orAqoJCiytZjYF7eTpVmmCrLDjLIEaPlUAs1uw==
+  version "6.1.1"
+  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-6.1.1.tgz#2e87680feedabe380e506594f5bfd34cde955d87"
+  integrity sha512-AyMc20q8JUUdvKd46+thc9o7yCZ6iC6MoBCChG5Z1XmFMpp+2+y/oKvwpZTUJB0KCjxScw1dV9c2h5pjiYBLuQ==
   dependencies:
     "@types/cookie" "^0.4.1"
     "@types/cors" "^2.8.12"