This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

• add a limit to the number of binary attachments (9d39f1f)

This release includes a fix for CVE-2026-33151. Please upgrade as soon as possible.

• add a limit to the number of binary attachments (719f9eb)

• add a limit to the number of binary attachments (b25738c)

• add @types/ws as dependency (#5458) (07cbe15)
• uws emit initial_headers and headers events in uServer (#5460) (44ed73f)

• ws@~8.18.3 (no change)

• do not throw when calling io.close() on a stopped server (9581f9b)

• engine.io@~6.6.0 (no change)
• ws@~8.18.3 (no change)

There were some minor bug fixes on the server side, which mandate a client bump.

• engine.io-client@~6.6.1 (no change)
• ws@~8.18.3 (diff)

This release contains a bump of debug from ~4.3.1 to ~4.4.1.

This release contains a bump of:

• ws from ~8.17.1 to ~8.18.3
• debug from ~4.3.1 to ~4.4.1

This release contains a bump of:

• ws from ~8.17.1 to ~8.18.3
• debug from ~4.3.1 to ~4.4.1

• properly handle port option (#5241) (1da9cdd)

• ws@~8.18.3 (diff)

The url.parse() function is now deprecated and has been replaced by new URL() (see 8af7019).

• call adapter.init() when creating each namespace (f3e1f5e)
• improve io.close() function (#5344) (bb0b480)

• engine.io@~6.6.0 (no change)
• ws@~8.18.3 (diff)