Skip to content

chore(deps): update dependency ws to v8.20.1 (main)#6223

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/ws-8.x-lockfile
Open

chore(deps): update dependency ws to v8.20.1 (main)#6223
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/ws-8.x-lockfile

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented May 16, 2026

This PR contains the following updates:

Package Change Age Confidence
ws 8.20.08.20.1 age confidence

Release Notes

websockets/ws (ws)

v8.20.1

Compare Source

Bug fixes

  • Fixed an uninitialized memory disclosure issue in websocket.close()
    (c0327ec).

Providing a TypedArray (e.g. Float32Array) as the reason argument for
websocket.close(), rather than the supported string or Buffer types, caused
uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';

const wss = new WebSocketServer(
  { port: 0, skipUTF8Validation: true },
  function () {
    const { port } = wss.address();
    const ws = new WebSocket(`ws://localhost:${port}`, {
      skipUTF8Validation: true
    });

    ws.on('close', function (code, reason) {
      deepStrictEqual(reason, Buffer.alloc(80));
    });
  }
);

wss.on('connection', function (ws) {
  ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 16, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign mareklibra for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/ws-8.x-lockfile branch from f80a22d to 402f154 Compare May 16, 2026 09:05
@red-hat-konflux
chore(deps): update dependency ws to v8.20.1
cd85a93 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/ws-8.x-lockfile branch from 402f154 to cd85a93 Compare May 16, 2026 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dco-signoff: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants