Skip to content

chore(deps): bump ws, engine.io and socket.io-adapter#2263

Open
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/multi-95590b7e09
Open

chore(deps): bump ws, engine.io and socket.io-adapter#2263
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/npm_and_yarn/multi-95590b7e09

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps ws to 7.5.11 and updates ancestor dependencies ws, engine.io and socket.io-adapter. These dependencies need to be updated together.

Updates ws from 7.5.10 to 7.5.11

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates ws from 8.19.0 to 8.21.0

Release notes

Sourced from ws's releases.

7.5.11

Bug fixes

  • Backported 2b2abd45 to the 7.x release line (e14c4586).
Commits

Updates engine.io from 6.6.4 to 6.6.9

Release notes

Sourced from engine.io's releases.

engine.io@6.6.9

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

Dependencies

engine.io-client@6.6.5

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Dependencies

engine.io@6.6.8

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • clean up resources upon WebTransport handshake failure (f86b95f)

Dependencies

engine.io@6.6.7

Bug Fixes

  • close HTTP requests with invalid content type (fc11285)
  • handle invalid packets when upgrading to WebTransport (1fa1f46)
  • prevent WebTransport connections when a middleware is registered (d1f5aa9)

Dependencies

engine.io@6.6.6

... (truncated)

Commits
  • 9dbec81 chore(release): engine.io@6.6.9
  • 3ad4e1f docs: improve example with PM2
  • 0e5afee docs: add example with PM2
  • eab9623 docs(eio): correct maxHttpBufferSize default in JSDoc (#5508)
  • c17890c docs: add documentation about WebTransport
  • 20df6ae docs(examples): add client-side load balancing example
  • 16d1923 ci(publish): enable staged publishing
  • ad48a9b docs(examples): add example with HTTP/2
  • 190572d refactor(eio-client): remove XMLHttpRequest from the definition file
  • fad463c docs(examples): fix duplicate self messages (#5341)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for engine.io since your current version.


Updates socket.io-adapter from 2.5.5 to 2.5.8

Release notes

Sourced from socket.io-adapter's releases.

socket.io-adapter@2.5.8

The ws dependency was bumped to ~8.21.0 following CVE-2026-48779.

socket.io-adapter@2.5.7

The ws dependency was bumped to ~8.20.1 following CVE-2026-45736.

Note from the ws maintainers:

Although the calculated CVSS severity is medium, the actual severity is believed to be low, as the flaw is only exploitable through misuse that is unlikely in practice.

Bug Fixes

  • do not skip local broadcast when publishAndReturnOffset throws (#5457) (f630158)

socket.io-adapter@2.5.6

This release contains a bump of:

  • ws from ~8.17.1 to ~8.18.3
  • debug from ~4.3.1 to ~4.4.1
Commits
  • ac83bfa chore(release): socket.io-adapter@2.5.8
  • 22cc483 chore(release): engine.io-client@6.6.6
  • 9dbec81 chore(release): engine.io@6.6.9
  • 3ad4e1f docs: improve example with PM2
  • 0e5afee docs: add example with PM2
  • eab9623 docs(eio): correct maxHttpBufferSize default in JSDoc (#5508)
  • c17890c docs: add documentation about WebTransport
  • 20df6ae docs(examples): add client-side load balancing example
  • 16d1923 ci(publish): enable staged publishing
  • ad48a9b docs(examples): add example with HTTP/2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for socket.io-adapter since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-95590b7e09 branch from 39c91c3 to e6a74c2 Compare July 11, 2026 01:40
Bumps [ws](https://github.com/websockets/ws) to 7.5.11 and updates ancestor dependencies [ws](https://github.com/websockets/ws), [engine.io](https://github.com/socketio/socket.io) and [socket.io-adapter](https://github.com/socketio/socket.io). These dependencies need to be updated together.


Updates `ws` from 7.5.10 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `ws` from 8.19.0 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.11)

Updates `engine.io` from 6.6.4 to 6.6.9
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/engine.io@6.6.4...engine.io@6.6.9)

Updates `socket.io-adapter` from 2.5.5 to 2.5.8
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/socket.io-adapter@2.5.5...socket.io-adapter@2.5.8)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-version: 6.6.9
  dependency-type: indirect
- dependency-name: socket.io-adapter
  dependency-version: 2.5.8
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-95590b7e09 branch from e6a74c2 to 44b39ff Compare July 12, 2026 03:38
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants