Skip to content

Bump ws from 7.5.3 to 7.5.10#2470

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-8ea0fbf5ff
Closed

Bump ws from 7.5.3 to 7.5.10#2470
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-8ea0fbf5ff

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Copy link
Copy Markdown
Contributor

Bumps ws from 7.5.3 to 7.5.10.

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).
Commits
  • d962d70 [dist] 7.5.10
  • 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
  • 8ecd890 [dist] 7.5.6
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 19, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-8ea0fbf5ff branch 4 times, most recently from dface5c to 5095205 Compare May 20, 2026 04:05
@dependabot dependabot Bot changed the title Bump ws Bump ws from 7.5.3 to 7.5.10 May 20, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-8ea0fbf5ff branch 2 times, most recently from f4588ff to c203ef0 Compare May 20, 2026 06:33
Bumps [ws](https://github.com/websockets/ws) from 7.5.3 to 7.5.10.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.3...7.5.10)

---
updated-dependencies:
- dependency-name: ws
  dependency-version: 7.5.10
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.20.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-8ea0fbf5ff branch from c203ef0 to 0960347 Compare May 20, 2026 06:36
@dependabot @github

dependabot Bot commented on behalf of github May 20, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 20, 2026
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/multi-8ea0fbf5ff branch May 20, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants