Update most dependencies

[Download]

The kind of change this PR does introduce

• a bug fix
• a new feature
• an update to the documentation
• a code change that improves performance
• other

Current behavior

Dependencies are outdated, see #3709

New behavior

All dependencies are updated, except for Mocha and Prettier.

Other information (e.g. related issues)

In order for me to work on this project I first had to fix
Cannot run tests on Windows #3707.
I sent a pull request for that:
Make tests work on Windows #3708
This PR depends on that PR, so I suggest merging that one first. It's a very small change.
UPDATE: That PR was merged 👍

Then, once that is merged, I suggest merging this PR, which is also a small change.

After that, we can try updating Mocha and Prettier in separate PRs. I left them out because updating them caused some issues:

• Tests fail with latest version of Mocha #3710
• Updating Prettier causes many files to become invalid #3712

[AviVahl]

the debug upgrade also fixes a deprecation warning upon a fresh installation of socket.io.

[Download]

Hi guys, can you let me know what is stopping this PR from getting merged? If there is an issue I will be happy to try and address your concerns.

@darrachequesne Pinging you because you seem the most active committer...

[theoludwig]

Great work @Download! It seems like their are conflicts unfortunately.

[Download]

@divlo Yeah. There weren't any when I submitted this PR, but of course if it is not merged then eventually conflicts will happen...
package-lock.json is not an interesting conflict, it will be regenerated every time anyway. The conflict in package.json I think should be easy to fix. However I'm not doing it as I have no control over when it will be merged and I feel it may become a never-ending story with me resolving conflicts only to see new conflicts appear as the PR does not get merged...

[darrachequesne]

Merged as 230cd19. Thanks!

The tests indeed fails when upgrading mocha, because the client/server objects are not properly closed in some tests... I'll see what I can do.

Note: for prod dependencies, I prefer using ~ style, because we have had several breaking changes in 3rd party dependencies in the past.

[AviVahl]

How about enabling Dependabot or Renovate to make sure socket.io receives further updates?

[darrachequesne]

How about enabling Dependabot or Renovate to make sure socket.io receives further updates?

That makes sense, let's do this!

[AviVahl]

Awesome. Well, since Dependabot is built into GitHub theses days, all that needs to be done is to add a configuration file in .github/dependabot.yml (for example).

Ref: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates

I could open a PR, but I'm not sure which configuration you guys prefer.

Same thing could be done for the other repositories in this organization (engine.io, etc).