Skip to content

Bump the npm_and_yarn group across 1 directory with 4 updates#3

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-229ab7fb10
Closed

Bump the npm_and_yarn group across 1 directory with 4 updates#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-229ab7fb10

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 7, 2026

Bumps the npm_and_yarn group with 4 updates in the / directory: follow-redirects, socket.io-parser, socket.io and ws.

Updates follow-redirects from 1.15.2 to 1.15.11

Commits
  • 21ef28a Release version 1.15.11 of the npm package.
  • 7c88135 Roll back tree shaking.
  • 6e389ba Release version 1.15.10 of the npm package.
  • 5bc496e Shake me up before you go-go.
  • 694d6b4 Bump minimist from 1.2.5 to 1.2.8
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • Additional commits viewable in compare view

Updates socket.io-parser from 4.2.1 to 4.2.6

Release notes

Sourced from socket.io-parser's releases.

socket.io-parser@4.2.6

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

Bug Fixes

  • add a limit to the number of binary attachments (b25738c)

socket.io-parser@4.2.5

This release contains a bump of debug from ~4.3.1 to ~4.4.1.

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-parser since your current version.


Updates socket.io from 4.5.4 to 4.8.3

Release notes

Sourced from socket.io's releases.

socket.io@4.8.3

Bug Fixes

  • do not throw when calling io.close() on a stopped server (9581f9b)

Dependencies

socket.io-client@4.8.3

There were some minor bug fixes on the server side, which mandate a client bump.

Dependencies

socket.io@4.8.2

The url.parse() function is now deprecated and has been replaced by new URL() (see 8af7019).

Bug Fixes

  • call adapter.init() when creating each namespace (f3e1f5e)
  • improve io.close() function (#5344) (bb0b480)

Dependencies

socket.io-client@4.8.2

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (bis) (cdae019)
  • drain queue before emitting "connect" (#5259) (d19928e)

Dependencies

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

... (truncated)

Commits
  • 9978574 chore(release): socket.io@4.8.3
  • e9e5bed chore(release): socket.io-client@4.8.3
  • 9581f9b fix(sio): do not throw when calling io.close() on a stopped server
  • 579d43f refactor: remove unused files
  • ee9aac3 chore(release): socket.io-parser@4.2.5
  • 968277c chore(release): socket.io-adapter@2.5.6
  • 2bf16bd chore(release): engine.io-client@6.6.4
  • ad61607 docs(eio): fix link in the release notes
  • dd71792 chore(release): socket.io@4.8.2
  • bb0b480 fix(sio): improve io.close() function (#5344)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io since your current version.


Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 4 updates
df330ac 
Bumps the npm_and_yarn group with 4 updates in the / directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [socket.io-parser](https://github.com/socketio/socket.io), [socket.io](https://github.com/socketio/socket.io) and [ws](https://github.com/websockets/ws).


Updates `follow-redirects` from 1.15.2 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.11)

Updates `socket.io-parser` from 4.2.1 to 4.2.6
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@4.2.6)

Updates `socket.io` from 4.5.4 to 4.8.3
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/4.5.4...socket.io@4.8.3)

Updates `ws` from 7.5.9 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...7.5.10)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io-parser
  dependency-version: 4.2.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io
  dependency-version: 4.8.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 7, 2026
@dependabot dependabot bot mentioned this pull request Apr 7, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Apr 8, 2026

Superseded by #4.

@dependabot dependabot bot closed this Apr 8, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-229ab7fb10 branch April 8, 2026 18:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants