All notable changes to this package will be documented in this file.
- Fixed an issue in the pre-allocation algorithm handling partial messages.
- Changed the way allocations are handled when receiving a line over multiple chunks. Instead of concatenating buffers together as they are received, instead an exponential doubling capacity algorithm will be used to allocate buffers to which multiple chunks may be copied. The algorithm will double until the excess capacity allocated reaches 1MiB. At that point subsequent re-allocations will allocate at maximum 1MiB of extra capacity.
- Removed the dependency on the
originalpackage. A transitive dependency of this package was flagged in CVE-2022-0686.
This release fixes a number of SSE spec compliance issues which do not affect usage in the LaunchDarkly SDKs, but could be relevant in other use cases.
- If an event's
id:field contains a null character, the whole field should be ignored. - The parser was incorrectly ignoring lines that did not contain a colon, instead of treating them as a field with an empty value. For instance,
dataon a line by itself should be equivalent todata:. - The parser should ignore any incomplete messages at the end of a stream if the stream disconnects.
- If the stream URL contained user/password basicauth fields, they were not being included in the request.
- Some unsupported options were accidentally being passed to
http.requestandhttps.request. This did not affect Node itself, but it could cause problems when using interceptors that inspect the options, as discussed here.
- Updated the dependency on the package
originalin order to pick up a newer version of the transitive dependencyurl-parse. Older versions ofurl-parsehad a known vulnerability. (Thanks, m-schrepel!)
- Added
readTimeoutMillisoption for automatically dropping and restarting a connection if too much time has elapsed without receiving any data.
- Incorporated a fix from the upstream repository that avoids unnecessary delays when parsing a long message that is received in multiple chunks.
- A Node.js
http.Agentcan be specified using theagentoption.
- New configuration options:
errorFilter(determines how errors should be handled),initialRetryDelayMillis(delay interval for connection retries),jitterRatio(enables delay jitter),maxBackoffMillis(enables exponential backoff),retryResetIntervalMillis(enables reset of backoff). - New event types:
end(the server has closed the connection),retrying(provides information about upcoming connection retries). - See
README.mdfor more about these features. This project adheres to Semantic Versioning.
- The new option
skipDefaultHeaders, if set to true, makes EventSource not add theAcceptandCache-Controlrequest headers that it would normally add. This may be necessary to avoid CORS problems in browsers if the stream URL is in another domain, since there are more restrictions on cross-origin requests that contain these headers. - There is a new property,
EventSource.supportedOptions, that indicates which custom options are available. See "Detecting supported features" inREADME.md.
First release from this fork. Changes from the previous release of the upstream code (1.0.7) are as follows:
- The optional
methodandbodyproperties of the constructor options allow you to specify a different HTTP method from the default ofGET, and to provide a request body if the specified method allows a body.
- The EventSource constructor is now a named export, not a default export. This is necessary in order to avoid a problem that can happen when using Babel with ES6 code: the logic for converting CJS imports to ES6 imports does not work correctly if the default import has properties (
CONNECTING,OPEN,CLOSED) but is also a function. Note that this is a breaking change if you were previously using the upstream code, but the only thing that needs to be changed is the import statement.