Skip to content

Bump ws, engine.io and engine.io-client#53

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-51ecda841d
Open

Bump ws, engine.io and engine.io-client#53
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-51ecda841d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps ws to 7.5.11 and updates ancestor dependencies ws, engine.io and engine.io-client. These dependencies need to be updated together.

Updates ws from 7.4.6 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

  • The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
  • Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).

... (truncated)

Commits
  • fd36cd8 [dist] 7.5.11
  • e14c458 [security] Limit retained message parts
  • d962d70 [dist] 7.5.10
  • 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • Additional commits viewable in compare view

Updates engine.io from 3.6.1 to 3.6.2

Commits

Updates engine.io-client from 3.5.3 to 3.5.6

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 23, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-51ecda841d branch from cc5393e to 9e41174 Compare July 1, 2026 09:51
Bumps [ws](https://github.com/websockets/ws) to 7.5.11 and updates ancestor dependencies [ws](https://github.com/websockets/ws), [engine.io](https://github.com/socketio/socket.io) and [engine.io-client](https://github.com/socketio/socket.io). These dependencies need to be updated together.


Updates `ws` from 7.4.6 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.4.6...7.5.11)

Updates `engine.io` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits)

Updates `engine.io-client` from 3.5.3 to 3.5.6
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-version: 3.6.2
  dependency-type: indirect
- dependency-name: engine.io-client
  dependency-version: 3.5.6
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-51ecda841d branch from 9e41174 to f223725 Compare July 6, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants