Skip to content

Bump websocket-driver from 0.7.4 to 0.7.5#6074

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/websocket-driver-0.7.5
Open

Bump websocket-driver from 0.7.4 to 0.7.5#6074
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/websocket-driver-0.7.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps websocket-driver from 0.7.4 to 0.7.5.

Changelog

Sourced from websocket-driver's changelog.

0.7.5 / 2026-06-04

  • Close a draft-75/76 connection if a length header grows to exceed the configured max length
  • Fail the connection if a message is larger than the configured max length after extension processing
Commits
  • 5d6a9aa Bump version to 0.7.5
  • c55679a Fail the connection if a message is larger than the configured max length aft...
  • 5b197ca Close a draft-75/76 connection if a length header grows to exceed the configu...
  • fc93a48 Test on Node v22, v24, and v26
  • 2e82d34 Test on recent versions of Node
  • e4962db Switch from Travis CI to GitHub Actions
  • 3f2f9b7 Travis update: cache npm modules, remove sudo, run on Node 15
  • See full diff in compare view


Note

Low Risk
Patch dependency update with no direct code changes; behavior change is limited to failing oversized WebSocket frames, which is generally desirable hardening with low regression risk for normal traffic.

Overview
Updates the lockfile so websocket-driver resolves to 0.7.5 (from 0.7.4), including registry resolved and integrity metadata. No application source changes.

That release tightens WebSocket handling: connections are closed or failed when draft-75/76 length headers or post-extension messages exceed the configured max length—relevant where faye-websocket pulls this package in transitively.

Reviewed by Cursor Bugbot for commit f298229. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/websocket-driver-0.7.5 branch 4 times, most recently from acaaa87 to 287aa47 Compare July 17, 2026 20:06
Bumps [websocket-driver](https://github.com/faye/websocket-driver-node) from 0.7.4 to 0.7.5.
- [Changelog](https://github.com/faye/websocket-driver-node/blob/main/CHANGELOG.md)
- [Commits](faye/websocket-driver-node@0.7.4...0.7.5)

---
updated-dependencies:
- dependency-name: websocket-driver
  dependency-version: 0.7.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/websocket-driver-0.7.5 branch from 287aa47 to f298229 Compare July 17, 2026 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants