From f99a0682ff72ee90888e95fa6004018845780f2f Mon Sep 17 00:00:00 2001 From: Avi Vahl Date: Tue, 26 May 2026 13:33:42 +0300 Subject: [PATCH] chore(deps): ws@8.21.0 (fixes DoS vulnerability) https://github.com/websockets/ws/releases/tag/8.21.0 --- .../v3-test-suite/package-lock.json | 14 +++++++------- .../v3-test-suite/package.json | 2 +- .../v4-test-suite/package-lock.json | 14 +++++++------- .../v4-test-suite/package.json | 2 +- .../v5-test-suite/package-lock.json | 14 +++++++------- .../v5-test-suite/package.json | 2 +- examples/basic-websocket-client/package.json | 2 +- package-lock.json | 18 +++++++++--------- package.json | 2 +- packages/engine.io-client/package.json | 2 +- packages/engine.io/package.json | 2 +- packages/socket.io-adapter/package.json | 2 +- 12 files changed, 38 insertions(+), 38 deletions(-) diff --git a/docs/engine.io-protocol/v3-test-suite/package-lock.json b/docs/engine.io-protocol/v3-test-suite/package-lock.json index 9d37c86b7..00ae12fe3 100644 --- a/docs/engine.io-protocol/v3-test-suite/package-lock.json +++ b/docs/engine.io-protocol/v3-test-suite/package-lock.json @@ -13,7 +13,7 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } }, "node_modules/@ungap/promise-all-settled": { @@ -1067,9 +1067,9 @@ "dev": true }, "node_modules/ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "license": "MIT", "engines": { @@ -1882,9 +1882,9 @@ "dev": true }, "ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "requires": {} }, diff --git a/docs/engine.io-protocol/v3-test-suite/package.json b/docs/engine.io-protocol/v3-test-suite/package.json index a10bd0303..593c260f8 100644 --- a/docs/engine.io-protocol/v3-test-suite/package.json +++ b/docs/engine.io-protocol/v3-test-suite/package.json @@ -13,6 +13,6 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } } diff --git a/docs/engine.io-protocol/v4-test-suite/package-lock.json b/docs/engine.io-protocol/v4-test-suite/package-lock.json index 9d37c86b7..00ae12fe3 100644 --- a/docs/engine.io-protocol/v4-test-suite/package-lock.json +++ b/docs/engine.io-protocol/v4-test-suite/package-lock.json @@ -13,7 +13,7 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } }, "node_modules/@ungap/promise-all-settled": { @@ -1067,9 +1067,9 @@ "dev": true }, "node_modules/ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "license": "MIT", "engines": { @@ -1882,9 +1882,9 @@ "dev": true }, "ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "requires": {} }, diff --git a/docs/engine.io-protocol/v4-test-suite/package.json b/docs/engine.io-protocol/v4-test-suite/package.json index a10bd0303..593c260f8 100644 --- a/docs/engine.io-protocol/v4-test-suite/package.json +++ b/docs/engine.io-protocol/v4-test-suite/package.json @@ -13,6 +13,6 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } } diff --git a/docs/socket.io-protocol/v5-test-suite/package-lock.json b/docs/socket.io-protocol/v5-test-suite/package-lock.json index 100d4c01a..68c89f588 100644 --- a/docs/socket.io-protocol/v5-test-suite/package-lock.json +++ b/docs/socket.io-protocol/v5-test-suite/package-lock.json @@ -13,7 +13,7 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } }, "node_modules/@ungap/promise-all-settled": { @@ -1067,9 +1067,9 @@ "dev": true }, "node_modules/ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "license": "MIT", "engines": { @@ -1882,9 +1882,9 @@ "dev": true }, "ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "dev": true, "requires": {} }, diff --git a/docs/socket.io-protocol/v5-test-suite/package.json b/docs/socket.io-protocol/v5-test-suite/package.json index 6f1280b5c..675022003 100644 --- a/docs/socket.io-protocol/v5-test-suite/package.json +++ b/docs/socket.io-protocol/v5-test-suite/package.json @@ -13,6 +13,6 @@ "mocha": "^9.2.1", "node-fetch": "^3.2.0", "prettier": "^2.5.1", - "ws": "^8.20.1" + "ws": "^8.21.0" } } diff --git a/examples/basic-websocket-client/package.json b/examples/basic-websocket-client/package.json index adf576a23..e19062156 100644 --- a/examples/basic-websocket-client/package.json +++ b/examples/basic-websocket-client/package.json @@ -7,7 +7,7 @@ "prettier": "^2.8.4", "rollup": "^3.20.2", "socket.io": "^4.6.1", - "ws": "^8.20.1" + "ws": "^8.21.0" }, "scripts": { "bundle": "rollup -c", diff --git a/package-lock.json b/package-lock.json index 809d71c6e..df4018377 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15602,9 +15602,9 @@ } }, "node_modules/ws": { - "version": "8.20.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz", - "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==", + "version": "8.21.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz", + "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==", "license": "MIT", "engines": { "node": ">=10.0.0" @@ -15838,7 +15838,7 @@ } }, "packages/engine.io": { - "version": "6.6.7", + "version": "6.6.8", "license": "MIT", "dependencies": { "@types/cors": "^2.8.12", @@ -15850,20 +15850,20 @@ "cors": "~2.8.5", "debug": "~4.4.1", "engine.io-parser": "~5.2.1", - "ws": "~8.20.1" + "ws": "~8.21.0" }, "engines": { "node": ">=10.2.0" } }, "packages/engine.io-client": { - "version": "6.6.4", + "version": "6.6.5", "license": "MIT", "dependencies": { "@socket.io/component-emitter": "~3.1.0", "debug": "~4.4.1", "engine.io-parser": "~5.2.1", - "ws": "~8.20.1", + "ws": "~8.21.0", "xmlhttprequest-ssl": "~2.1.1" } }, @@ -15899,11 +15899,11 @@ } }, "packages/socket.io-adapter": { - "version": "2.5.6", + "version": "2.5.7", "license": "MIT", "dependencies": { "debug": "~4.4.1", - "ws": "~8.20.1" + "ws": "~8.21.0" } }, "packages/socket.io-client": { diff --git a/package.json b/package.json index 374529c86..48e89413f 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "overrides": { "@types/estree": "0.0.52", "@types/lodash": "4.14.189", - "ws": "8.20.1" + "ws": "8.21.0" }, "devDependencies": { "@babel/core": "^7.24.7", diff --git a/packages/engine.io-client/package.json b/packages/engine.io-client/package.json index b7252d318..89a31135a 100644 --- a/packages/engine.io-client/package.json +++ b/packages/engine.io-client/package.json @@ -55,7 +55,7 @@ "@socket.io/component-emitter": "~3.1.0", "debug": "~4.4.1", "engine.io-parser": "~5.2.1", - "ws": "~8.20.1", + "ws": "~8.21.0", "xmlhttprequest-ssl": "~2.1.1" }, "scripts": { diff --git a/packages/engine.io/package.json b/packages/engine.io/package.json index ff0c3bac7..4c5d4e1e1 100644 --- a/packages/engine.io/package.json +++ b/packages/engine.io/package.json @@ -40,7 +40,7 @@ "cors": "~2.8.5", "debug": "~4.4.1", "engine.io-parser": "~5.2.1", - "ws": "~8.20.1" + "ws": "~8.21.0" }, "scripts": { "compile": "rimraf ./build && tsc", diff --git a/packages/socket.io-adapter/package.json b/packages/socket.io-adapter/package.json index 4802f2711..a97208077 100644 --- a/packages/socket.io-adapter/package.json +++ b/packages/socket.io-adapter/package.json @@ -18,7 +18,7 @@ "description": "default socket.io in-memory adapter", "dependencies": { "debug": "~4.4.1", - "ws": "~8.20.1" + "ws": "~8.21.0" }, "scripts": { "compile": "rimraf ./dist && tsc",