This repository has been archived by the owner on Sep 27, 2021. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade ws from 7.4.0 to 8.2.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
The recommended version fixes:
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: ws
Bug fixes
from being closed cleanly (869c989).
Features
WebSocket.WebSocket
as an alias forWebSocket
andWebSocket.WebSocketServer
as an alias forWebSocket.Server
to fix nameconsistency and improve interoperability with the ES module wrapper (#1935).
Features
Bug fixes
Breaking changes
The
WebSocket
constructor now throws aSyntaxError
if any of thesubprotocol names are invalid or duplicated (0aecf0c).
The server now aborts the opening handshake if an invalid
Sec-WebSocket-Protocol
header field value is received (1877dde).The
protocols
argument ofhandleProtocols
hook is no longer anArray
buta
Set
(1877dde).The opening handshake is now aborted if the
Sec-WebSocket-Extensions
headerfield value is empty or it begins or ends with a white space (e814110).
Dropped support for Node.js < 10.0.0 (552b506).
The
WebSocket
constructor now throws aSyntaxError
if the connection URLcontains a fragment identifier or if the URL's protocol is not one of
'ws:'
,'wss:'
, or'ws+unix:'
(ebea038).Text messages and close reasons are no longer decoded to strings. They are
passed as
Buffer
s to the listeners of their respective events. The listenersof the
'message'
event now take a boolean argument specifying whether or notthe message is binary (e173423).
Existing code can be migrated by decoding the buffer explicitly.
const message = isBinary ? data : data.toString();
// Continue as before.
});
websocket.on('close', function close(code, data) {
const reason = data.toString();
// Continue as before.
});
The package now uses an ES module wrapper (78adf5f).
WebSocketServer.prototype.close()
no longer closes existing connections(df7de57).
Existing code can be migrated by closing the connections manually.
The callback of
WebSocketServer.prototype.close()
is now called with anerror if the server is already closed (abde9cf).
WebSocket.prototype.addEventListener()
is now a noop if thetype
argumentis not one of
'close'
,'error'
,'message'
, or'open'
(9558ed1).WebSocket.prototype.removeEventListener()
now only removes listeners addedwith
WebSocket.prototype.addEventListener()
and only one at time (ea95d9c).The value of the
onclose
,onerror
,onmessage
, andonopen
properties isnow
null
if the respective event handler is not set (6756cf5).The
OpenEvent
class has been removed (21e6500).Bug fixes
event listeners added with
WebSocket.prototype.addEventListener()
(0b21c03).
Bug fixes
Bug fixes
Bug fixes
WebSocketServer
constructor now throws an error if more than one of thenoServer
,server
, andport
options are specefied (66e58d2).'close'
event was emitted by aWebSocketServer
beforethe internal HTTP/S server was actually closed (5a58730).
WebSocketServer.prototype.close()
was called (772236a).Bug fixes
Sec-WebSocket-Extensions
header but no extension was requested or if theserver indicates an extension not requested by the client (aca94c8).
Bug fixes
error occurred simultaneously on both peers (b434b9f).
Commit messages
Package name: ws
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs