Skip to content

⬆️ upgrade ws to v8.21.0#170

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/ws-8.x-lockfile
Open

⬆️ upgrade ws to v8.21.0#170
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/ws-8.x-lockfile

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jan 6, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
ws 8.18.38.21.0 age confidence

Release Notes

websockets/ws (ws)

v8.21.0

Compare Source

v8.20.1

Compare Source

Bug fixes

  • Fixed an uninitialized memory disclosure issue in websocket.close()
    (c0327ec).

Providing a TypedArray (e.g. Float32Array) as the reason argument for
websocket.close(), rather than the supported string or Buffer types, caused
uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';

const wss = new WebSocketServer(
  { port: 0, skipUTF8Validation: true },
  function () {
    const { port } = wss.address();
    const ws = new WebSocket(`ws://localhost:${port}`, {
      skipUTF8Validation: true
    });

    ws.on('close', function (code, reason) {
      deepStrictEqual(reason, Buffer.alloc(80));
    });
  }
);

wss.on('connection', function (ws) {
  ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

v8.20.0

Compare Source

Features

  • Added exports for the PerMessageDeflate class and utilities for the
    Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1).

v8.19.0

Compare Source

Features

  • Added the closeTimeout option (#​2308).

Bug fixes

  • Handled a forthcoming breaking change in Node.js core (1998485).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jan 6, 2026
@renovate renovate Bot requested a review from antoinekm as a code owner January 6, 2026 01:04
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jan 6, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jan 6, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate Bot changed the title ⬆️ upgrade ws to v8.19.0 ⬆️ upgrade ws to v8.20.0 Mar 21, 2026
@renovate renovate Bot force-pushed the renovate/ws-8.x-lockfile branch from dbb724d to 7cdf16c Compare March 21, 2026 17:44
@renovate renovate Bot changed the title ⬆️ upgrade ws to v8.20.0 ⬆️ upgrade ws to v8.20.1 May 12, 2026
@renovate renovate Bot force-pushed the renovate/ws-8.x-lockfile branch from 7cdf16c to 0006fdc Compare May 12, 2026 18:46
@renovate renovate Bot changed the title ⬆️ upgrade ws to v8.20.1 ⬆️ upgrade ws to v8.21.0 May 22, 2026
@renovate renovate Bot force-pushed the renovate/ws-8.x-lockfile branch from 0006fdc to b019ed7 Compare May 22, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@antoinekm antoinekm Awaiting requested review from antoinekm antoinekm is a code owner

Assignees

@antoinekm antoinekm

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@antoinekm