Bump mqtt from 3.0.0 to 4.2.8

[dependabot-preview[bot]]

Bumps mqtt from 3.0.0 to 4.2.8.

Release notes

Sourced from mqtt's releases.

v4.2.6 (patch release)

This release is a patch update to rollback buggy changes from an earlier release.

📚 PR: fix(websockets): revert URL WHATWG changes (#1217)

v4.2.5 (patch release)

This release is a patch update.

📚 PR: docs: replace moscajs with aedes (#1198) fix(auth opts): Default to null for false-y values (#1197)

v4.2.2 (patch release)

📚 PR:

#1154: fixes #1140, detecting if webpack is used (browser) #1162: fixes #1152, reconnect bug #1165: fixes #1160, add documentation for react #1171: minor docs consistency improvements

v4.2.1

This release is a patch update to address a bug created in release v4.2.0, breaking MQTT over Websocket in the browser. This patch fixes that.

📚 PR:

fix(websocket): browser in ws (#1145)

v4.2.0

📚 PR:

feat(websockets): websocket-streams to ws (#1108) fix(browser support): do not use process.nextTick without check that it exists (#1136) fix(browser support): correct browser detection for webpack (#1135) fix(mqtt stores): improve error handling and tests (#1133)
feat(mqtt5): add properties object to publish options (#1103) fix(typescript): fix payloadFormatIndicator to boolean type (#1115) fix: path for bin files (#1107)

v4.1.0

📚 PR:

• ci: add debug logs to tests (#1091)
• chore: move cli to bin directory (#1096)
• chore: remove bloat from package (#1097)
• types: add on('connect') (#963)
• The protocols parameter of wx.connectSocket should be Array. (#969)
• [FIXED] Unsubscribe while topics are in array. (#958)
• Add missing "debug" dependency (#1104)

v4.0.1

... (truncated)

Changelog

Sourced from mqtt's changelog.

4.2.8

PR

Fix ws vulnerability and typescript bug (#1292)

4.2.7

PR

#1287 - Fix production vulnerabilities (#1289)

#1215 - Add missing 'duplexify' dependency (#1266)

Improve type definition for 'wsOptions' (#1256)

Improve Typescript Declaratiosn for userProperties (#1249)

#1235 - Call the end on the WebSocket stream when WebSocket close event is emitted. (#1239)

#1201 - Uncaught TypeError: net.createConnection is not a function. (#1236)

Improve Documentation for Browserify (#1224)

v4.2.6 and Below

The release history has beend documented in the GitHub releases and tags historically.

Commits

• 5c78cc5 Merge pull request #1293 from mqttjs/release_6_21_2021_2
• 3b7b74f update changelog
• 9be3e3d 4.2.8
• 4c15f31 Merge pull request #1292 from mqttjs/fix-ws-vulnerability
• 9979443 fix: websocket and typescript
• cc82753 Merge pull request #1291 from mqttjs/release_6_21_2021
• e6fc579 release: 4.2.7
• 6d817af Merge pull request #1209 from nosovk/patch-3
• 185307e Merge pull request #1224 from cameronelliott/master
• c8cebbf Merge pull request #1256 from nmggithub/master
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by yodama, a new releaser for mqtt since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)