Before this, the connection was closed abrutly with an HTTP 502
response.

See also: f8100f9

Related: socketio/socket.io#4293

See also: https://.com/nodejs/Release

So that clients in HTTP long-polling can decide how many packets they
have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new
major revision of the protocol (we stay in v4), as we only add a field
in the JSON-encoded handshake data:

```
0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}
```

Related: socketio/socket.io-client#1531

Diff: 6.1.3...6.2.0

Diff: 3.5.0...3.6.0

`.substr()` is deprecated so we replace it with `.slice()` which works
similarily but isn't deprecated.

See also: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/substr

Signed-off-by: Lam Wei Li <[email protected]>

A few notes:

- the certificates were recreated because Node.js 18 includes OpenSSL
v3, which has deprecated support for some legacy ciphers (like RC2)

- eiows currently fails to build on Node.js 18, so the tests are
temporarily skipped

See also: https://.com/nodejs/Release

Bumps [nanoid](https://.com/ai/nanoid) from 3.1.25 to 3.3.1.
- [Release notes](https://.com/ai/nanoid/releases)
- [Changelog](https://.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.25...3.3.1)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply..com>

Bumps [minimatch](https://.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://.com/isaacs/minimatch/releases)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply..com>

…s/latency (#661)

Bumps [xmlhttprequest-ssl](https://.com/mjwwit/node-XMLHttpRequest) to 1.6.3 and updates ancestor dependency [engine.io-client](https://.com/socketio/engine.io-client). These dependencies need to be updated together.


Updates `xmlhttprequest-ssl` from 1.5.5 to 1.6.3
- [Release notes](https://.com/mjwwit/node-XMLHttpRequest/releases)
- [Commits](mjwwit/node-XMLHttpRequest@1.5.5...1.6.3)

Updates `engine.io-client` from 4.0.0 to 4.1.4
- [Release notes](https://.com/socketio/engine.io-client/releases)
- [Changelog](https://.com/socketio/engine.io-client/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io-client@4.0.0...4.1.4)

---
updated-dependencies:
- dependency-name: xmlhttprequest-ssl
  dependency-type: indirect
- dependency-name: engine.io-client
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply..com>

Before this change, receiving an HTTP2 upgrade would make the server
crash:

> Error: read ECONNRESET
>    at TCP.onStreamRead (node:internal/stream_base_commons:217:20) {
>  errno: -104,
>  code: 'ECONNRESET',
>  syscall: 'read'
> }

This can be reproduced with Node.js v14.15.3, v16.18.1 and v18.12.1.

Diff: 6.2.0...6.2.1