Skip to content

Update dependency ws to v5 (main) #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency ws to v5 (main) #158

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
ws dependencies major ^3.3.3 -> ^5.0.0

By merging this PR, the issue #118 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
High High 7.5 CVE-2024-37890

Release Notes

websockets/ws (ws)

v5.2.4

Compare Source

Bug fixes

v5.2.3

Compare Source

Bug fixes

v5.2.2

Compare Source

Bug fixes

v5.2.1

Compare Source

Bug fixes

  • Fixed a bug that could prevent buffered data from being processed under
    certain circumstances (6046a28).

v5.2.0

Compare Source

Features

  • Added ability to specify custom headers when rejecting the handshake (#​1379).

v5.1.1

Compare Source

Bug fixes

v5.1.0

Compare Source

Features

  • The address argument of the WebSocket constructor can now be a URL
    instance (#​1329).
  • The options argument of the WebSocket constructor now accepts any TLS
    option that is also accepted by https.request() (#​1332).

v5.0.0

Compare Source

Breaking changes

  • Dropped support for Node.js < 4.5.0 (#​1313).
  • The connection is no longer closed if the server does not agree to any of
    the client's requested subprotocols (#​1312).
  • net.Socket errors are no longer re-emitted (a4050db).

Features

  • Read backpressure is now properly handled when permessage-deflate is enabled
    (#​1302).

v4.1.0

Compare Source

Features

  • Added WebSocketServer.prototype.address() (#​1294).
  • Added zlib{Deflate,Inflate}Options options (#​1306).

v4.0.0

Compare Source

Breaking changes

  • The close status code is now set to 1005 if the received close frame contains
    no status code (a31b1f6).
  • Error messages and types have been updated (695c5ea).
  • The onerror event handler now receives an ErrorEvent instead of JavaScript
    error (63e275e).
  • The third argument of WebSocket.prototype.ping() and
    WebSocket.prototype.pong() is no longer a boolean but an optional callback
    (30c9f71).
  • The non-standard protocolVersion and bytesReceived attributes have been
    removed (30c9f71...ee9b5f3).
  • The extensions attribute is no longer an object but a string representing
    the extensions selected by the server (fdec524).
  • The 'headers' event on the client has been renamed to 'upgrade'. Listeners
    of this event now receive only the response argument (1c783c2).
  • The WebSocket.prototype.pause() and WebSocket.prototype.resume() methods
    have been removed to prevent the user from interfering with the state of the
    underlying net.Socket stream (a206e98).
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Aug 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants