Update dependency ws to v8.21.0#32
Conversation
|
Warning Review limit reached
More reviews will be available in 49 minutes and 41 seconds. Learn how PR review limits work. To continue reviewing without waiting, enable usage-based billing in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe pull request updates the WebSocket ( ChangesDependency Updates
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
13d058a to
bced2bb
Compare
408f80a to
1c4aeef
Compare
1c4aeef to
9fc39a7
Compare

This PR contains the following updates:
8.18.3→8.21.0Release Notes
websockets/ws (ws)
v8.21.0Compare Source
Features
maxBufferedChunksandmaxFragmentsoptions (2b2abd4).Bug fixes
2b2abd4).A high volume of tiny fragments and data chunks could be sent by a peer, using
modest network traffic, to crash a
wsserver or client due to OOM.The vulnerability was responsibly disclosed and fixed by Nadav Magier.
In vulnerable versions, the issue can be mitigated by lowering the value of the
maxPayloadoption if possible.v8.20.1Compare Source
Bug fixes
websocket.close()(
c0327ec).Providing a
TypedArray(e.g.Float32Array) as thereasonargument forwebsocket.close(), rather than the supported string orBuffertypes, causeduninitialized memory to be disclosed to the remote peer.
The issue was privately reported by Nikita Skovoroda.
v8.20.0Compare Source
Features
PerMessageDeflateclass and utilities for theSec-WebSocket-ExtensionsandSec-WebSocket-Protocolheaders (d3503c1).v8.19.0Compare Source
Features
closeTimeoutoption (#2308).Bug fixes
1998485).Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.