Skip to content

Bump websocket-driver from 0.7.4 to 0.7.5#6074

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/websocket-driver-0.7.5
Open

Bump websocket-driver from 0.7.4 to 0.7.5#6074
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/websocket-driver-0.7.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps websocket-driver from 0.7.4 to 0.7.5.

Changelog

Sourced from websocket-driver's changelog.

0.7.5 / 2026-06-04

  • Close a draft-75/76 connection if a length header grows to exceed the configured max length
  • Fail the connection if a message is larger than the configured max length after extension processing
Commits
  • 5d6a9aa Bump version to 0.7.5
  • c55679a Fail the connection if a message is larger than the configured max length aft...
  • 5b197ca Close a draft-75/76 connection if a length header grows to exceed the configu...
  • fc93a48 Test on Node v22, v24, and v26
  • 2e82d34 Test on recent versions of Node
  • e4962db Switch from Travis CI to GitHub Actions
  • 3f2f9b7 Travis update: cache npm modules, remove sudo, run on Node 15
  • See full diff in compare view


Note

Low Risk
Dependency-only patch with no app code changes; behavior change is limited to failing oversized WebSocket frames per library limits.

Overview
Updates the lockfile so transitive dependency websocket-driver moves from 0.7.4 to 0.7.5 (via faye-websocket). There are no application source changes.

0.7.5 tightens WebSocket handling around configured size limits: it closes draft-75/76 connections when a length header would exceed the max, and fails the connection when a message is larger than the max after extension processing.

Reviewed by Cursor Bugbot for commit 2b74188. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/websocket-driver-0.7.5 branch from a77f9ca to 725fa34 Compare July 15, 2026 22:35
Bumps [websocket-driver](https://github.com/faye/websocket-driver-node) from 0.7.4 to 0.7.5.
- [Changelog](https://github.com/faye/websocket-driver-node/blob/main/CHANGELOG.md)
- [Commits](faye/websocket-driver-node@0.7.4...0.7.5)

---
updated-dependencies:
- dependency-name: websocket-driver
  dependency-version: 0.7.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/websocket-driver-0.7.5 branch from 725fa34 to 2b74188 Compare July 16, 2026 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants