Skip to content

chore(deps): Bump ws from 8.18.3 to 8.20.1 in /cli#35

Merged
olivierbagot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/cli/ws-8.20.1
May 22, 2026
Merged

chore(deps): Bump ws from 8.18.3 to 8.20.1 in /cli#35
olivierbagot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/cli/ws-8.20.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps ws from 8.18.3 to 8.20.1.

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

  • Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

  • Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

  • Added the closeTimeout option (#2308).

Bug fixes

  • Handled a forthcoming breaking change in Node.js core (19984854).
Commits
  • 5d9b316 [dist] 8.20.1
  • c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
  • ce2a3d6 [ci] Test on node 26
  • 58e45b8 [ci] Do not test on node 25
  • 5f26c24 [ci] Run the lint step on node 24
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • 3ee5349 [api] Convert the isServer and maxPayload parameters to options
  • 91707b4 [doc] Add missing space
  • 8b55319 [pkg] Update eslint to version 10.0.1
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 22, 2026
@olivierbagot
Copy link
Copy Markdown
Member

olivierbagot commented May 22, 2026

@dependabot rebase

@dependabot
chore(deps): Bump ws from 8.18.3 to 8.20.1 in /cli
757959a 
Bumps [ws](https://github.com/websockets/ws) from 8.18.3 to 8.20.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.3...8.20.1)

---
updated-dependencies:
- dependency-name: ws
  dependency-version: 8.20.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cli/ws-8.20.1 branch from 84313fd to 757959a Compare May 22, 2026 15:20
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

Code Coverage

Package Line Rate Branch Rate Complexity Health
src 92% 67% 0
src.components.badges 100% 100% 0
src.components.dashboard.cards 100% 98% 0
src.components.dashboard.layout 100% 100% 0
src.components.layout 100% 56% 0
src.components.sessions 100% 92% 0
src.components.shared 90% 91% 0
src.components.stations.detail 99% 90% 0
src.components.stations.filter 90% 87% 0
src.components.stations.list 97% 75% 0
src.components.stations.map 93% 90% 0
src.components.stations.shared 100% 96% 0
src.composables 99% 95% 0
src.composables.errors 100% 100% 0
src.directives 97% 92% 0
src.i18n 28% 100% 0
src.pages 96% 80% 0
src.router 92% 100% 0
src.services 100% 100% 0
src.store 96% 94% 0
src.store.badges 91% 91% 0
src.store.evse 87% 96% 0
src.store.sessions 90% 96% 0
src.store.utils 100% 100% 0
src.utils.odata 92% 94% 0
Summary 94% (4908 / 5221) 90% (1101 / 1218) 0

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

Code Coverage

Package Line Rate Branch Rate Complexity Health
srv 96% 98% 0
srv.utils 98% 96% 0
Summary 97% (289 / 297) 97% (148 / 153) 0

@olivierbagot olivierbagot merged commit 49efe93 into main May 22, 2026
10 checks passed
@olivierbagot olivierbagot deleted the dependabot/npm_and_yarn/cli/ws-8.20.1 branch May 22, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olivierbagot olivierbagot olivierbagot approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olivierbagot