From 7a19b1c8d4a7d8bbae96914c258fce799bba41d2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Oct 2021 06:16:23 -0700
Subject: [PATCH] Bump ws from 7.5.5 to 8.2.3 in /desktop (#3004)
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.5.5 to 8.2.3.
Release notes
Sourced from ws's releases.
8.2.3
Bug fixes
- When context takeover is enabled, messages are now compressed even if their size
is below the value of the
perMessageDeflate.threshold option (41ae5631).
8.2.2
Bug fixes
- Some closing operations are now run only if needed (ec9377ca).
8.2.1
Bug fixes
- Fixed an issue where the socket was not resumed, preventing the connection
from being closed cleanly (869c9892).
8.2.0
Features
- Added
WebSocket.WebSocket as an alias for WebSocket and
WebSocket.WebSocketServer as an alias for WebSocket.Server to fix name
consistency and improve interoperability with the ES module wrapper (https://github.com/facebook/flipper/issues/1935).
8.1.0
Features
Bug fixes
- Fixed an issue with a breaking change in Node.js master (6a72da3e).
- Fixed a misleading error message (c95e695d).
8.0.0
Breaking changes
- The
WebSocket constructor now throws a SyntaxError if any of the
subprotocol names are invalid or duplicated (0aecf0c9).
- The server now aborts the opening handshake if an invalid
Sec-WebSocket-Protocol header field value is received (1877ddeb).
- The
protocols argument of handleProtocols hook is no longer an Array but
a Set (1877ddeb).
- The opening handshake is now aborted if the
Sec-WebSocket-Extensions header
field value is empty or it begins or ends with a white space (e814110e).
- Dropped support for Node.js < 10.0.0 (552b5067).
- The
WebSocket constructor now throws a SyntaxError if the connection URL
contains a fragment identifier or if the URL's protocol is not one of 'ws:',
'wss:', or 'ws+unix:' (ebea038f).
- Text messages and close reasons are no longer decoded to strings. They are
... (truncated)
Commits
cfd99b6 [dist] 8.2.3fef7942 [ci] Fix typo41ae563 [fix] Ignore the threshold option if context takeover is enabled474aa36 [doc] Improve WebSocket#{p{i,o}ng,send}() documentation055949f [doc] Remove no longer needed noop function from code snippet5b85322 [ci] Update coverallsapp/github-action action to version 1.1.3f871195 [doc] Update issue template72296e5 [dist] 8.2.23039b6b [doc] Change label text to CI04c032c [ci] Use Github Actions for Windows x86 testing- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request resolved: https://github.com/facebook/flipper/pull/3004
Reviewed By: passy
Differential Revision: D31991546
Pulled By: cekkaewnumchai
fbshipit-source-id: 029092fa88e0c4a0816574c6c18e5565b9650615
---
desktop/app/package.json | 2 +-
desktop/static/package.json | 2 +-
desktop/yarn.lock | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/desktop/app/package.json b/desktop/app/package.json
index 3ef0819e7..18355263e 100644
--- a/desktop/app/package.json
+++ b/desktop/app/package.json
@@ -72,7 +72,7 @@
"tmp": "^0.2.1",
"uuid": "^8.3.2",
"which": "^2.0.1",
- "ws": "^8.2.1",
+ "ws": "^8.2.3",
"xdg-basedir": "^4.0.0"
},
"optionalDependencies": {
diff --git a/desktop/static/package.json b/desktop/static/package.json
index 9143d81bd..2a03ff232 100644
--- a/desktop/static/package.json
+++ b/desktop/static/package.json
@@ -10,7 +10,7 @@
"mac-ca": "^1.0.6",
"mkdirp": "^1.0.4",
"node-fetch": "^2.6.5",
- "ws": "^8.2.1",
+ "ws": "^8.2.3",
"xdg-basedir": "^4.0.0",
"yargs": "^16.2.0"
}
diff --git a/desktop/yarn.lock b/desktop/yarn.lock
index d02e99717..172e013f1 100644
--- a/desktop/yarn.lock
+++ b/desktop/yarn.lock
@@ -13799,7 +13799,7 @@ ws@1.1.5, ws@^1.1.5:
options ">=0.0.5"
ultron "1.0.x"
-ws@^7.4.5, ws@^7.4.6, ws@^8.2.1, ws@^8.2.3, ws@~8.2.3:
+ws@^7.4.5, ws@^7.4.6, ws@^8.2.3, ws@~8.2.3:
version "7.5.5"
resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.5.tgz#8b4bc4af518cfabd0473ae4f99144287b33eb881"
integrity sha512-BAkMFcAzl8as1G/hArkxOxq3G7pjUqQ3gzYbLL0/5zNkph70e+lCoxBGnm6AW1+/aiNeV4fnKqZ8m4GZewmH2w==
@@ -13831,7 +13831,6 @@ xmlchars@^2.2.0:
xmldom@^0.5.0, "xmldom@github:xmldom/xmldom#0.7.0":
version "0.7.0"
- uid c568938641cc1f121cef5b4df80fcfda1e489b6e
resolved "https://codeload.github.com/xmldom/xmldom/tar.gz/c568938641cc1f121cef5b4df80fcfda1e489b6e"
xtend@^4.0.0, xtend@~4.0.1: