chore(deps): bump ws and socket.io-client in /frontend#3875
Conversation
Bumps [ws](https://github.com/websockets/ws) to 8.19.0 and updates ancestor dependency [socket.io-client](https://github.com/socketio/socket.io). These dependencies need to be updated together. Updates `ws` from 8.11.0 to 8.19.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.11.0...8.19.0) Updates `socket.io-client` from 4.6.1 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.6.1...socket.io-client@4.8.3) --- updated-dependencies: - dependency-name: ws dependency-version: 8.19.0 dependency-type: indirect - dependency-name: socket.io-client dependency-version: 4.8.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
3 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
…rn/frontend/multi-0babb84d3e
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 similar comment
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "peerDependencies": { | ||
| "bufferutil": "^4.0.1", | ||
| "utf-8-validate": "^5.0.2" | ||
| "utf-8-validate": ">=5.0.2" |
There was a problem hiding this comment.
Broadened utf-8-validate peer dependency range
Low Severity
The ws peer dependency constraint for utf-8-validate changes from ^5.0.2 to >=5.0.2, which permits future major versions. If a newer major utf-8-validate is installed in the dependency graph, ws may accept an incompatible native module at runtime.
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
joanagmaia
deleted the
dependabot/npm_and_yarn/frontend/multi-0babb84d3e
branch
1 participant
Bumps ws to 8.19.0 and updates ancestor dependency socket.io-client. These dependencies need to be updated together.
Updates
wsfrom 8.11.0 to 8.19.0Release notes
Sourced from ws's releases.
... (truncated)
Commits
61349ec[dist] 8.19.03f9ffc6[feature] Introduce thecloseTimeoutoption (#2308)1998485[fix] Ensure all remaining data is read as a single chunk726c373[doc] Sort options alphabeticallyb151f1e[ci] Update actions/checkout action to v6dabdd5b[ci] Update actions/setup-node action to v686eac5b[ci] Test on node 251891e14[ci] Update actions/setup-node action to v5aa28c77[ci] Update actions/checkout action to v5dabbdec[dist] 8.18.3Updates
socket.io-clientfrom 4.6.1 to 4.8.3Release notes
Sourced from socket.io-client's releases.
... (truncated)
Commits
e9e5bedchore(release): socket.io-client@4.8.39581f9bfix(sio): do not throw when calling io.close() on a stopped server579d43frefactor: remove unused filesee9aac3chore(release): socket.io-parser@4.2.5968277cchore(release): socket.io-adapter@2.5.62bf16bdchore(release): engine.io-client@6.6.4ad61607docs(eio): fix link in the release notesdd71792chore(release): socket.io@4.8.2bb0b480fix(sio): improveio.close()function (#5344)161be91test(sio): pin version of the client bundle in the testsMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-client since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Dependency-only bump in the frontend websocket client stack; primary risk is regressions in realtime connection/transport behavior rather than application logic changes.
Overview
Updates the frontend dependency
socket.io-clientfrom4.6.1to4.8.3inpackage.jsonand refreshespackage-lock.jsonaccordingly.The lockfile update pulls in newer transitive versions including
engine.io-client(6.4.0→6.6.4),ws(8.11.0→8.18.3),engine.io-parser(5.0.6→5.2.3), andxmlhttprequest-ssl(2.0.0→2.1.2), plus updated nesteddebug/msentries.Written by Cursor Bugbot for commit 76888a4. This will update automatically on new commits. Configure here.