Bump ws from 8.16.0 to 8.17.1 in /ui

[dependabot]

Bumps ws from 8.16.0 to 8.17.1.

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/coverage@7.5.3	environment, eval, filesystem, network, shell, unsafe	0	2.83 MB	nedbatchelder
pypi/dbt-bigquery@1.8.1	eval, filesystem, network	0	210 kB	fishtown-analytics
pypi/dbt-core@1.8.2	environment, eval, filesystem, network, unsafe	0	3.21 MB	fishtown-analytics
pypi/dbt-postgres@1.8.1	environment, filesystem, network	0	77.9 kB	fishtown-analytics
pypi/dbt-snowflake@1.8.3	environment, eval, filesystem, network	0	119 kB	fishtown-analytics
pypi/distributed@2022.2.0	environment, eval, filesystem, network, shell, unsafe	0	3.21 MB	fjetter, jacob.tomlinson, jakirkham, ...5 more
pypi/distributed@2024.6.0	environment, eval, filesystem, network, shell, unsafe	0	3.93 MB	fjetter, jacob.tomlinson, jakirkham, ...5 more
pypi/docker@6.1.3	environment, eval, filesystem, network, shell	0	1.25 MB	aiordache, ccrone, dev-tooling-team, ...4 more
pypi/docker@7.1.0	environment, filesystem, network, shell	0	511 kB	aiordache, ccrone, dev-tooling-team, ...4 more
pypi/flake8@7.1.0	filesystem	0	174 kB	asottile, graffatcolmingov
pypi/google-api-python-client@2.133.0	environment, eval, filesystem, network, unsafe	0	76.4 MB	gcloudpypi, google_opensource
pypi/google-cloud-aiplatform@1.56.0	environment, eval, filesystem, network, shell, unsafe	0	73.3 MB	gcloudpypi, google_opensource
pypi/google-cloud-bigquery-storage@2.25.0	environment, eval, filesystem, shell	0	1.33 MB	gcloudpypi, google_opensource
pypi/google-cloud-bigquery@3.24.0	environment, eval, filesystem, network, shell	0	2.96 MB	TimSwast, gcloudpypi, google_opensource
pypi/google-cloud-secret-manager@2.20.0	environment, filesystem, network	0	2.58 MB	gcloudpypi, google_opensource
pypi/google-cloud-storage@2.17.0	environment, eval, filesystem, network, shell, unsafe	0	6.99 MB	gcloudpypi, google_opensource
pypi/interrogate@1.7.0	environment, filesystem	0	1.03 MB	roguelynn
pypi/isort@6.0.0b2	environment, eval, filesystem, network, shell, unsafe	0	876 kB	static, timothycrosley
pypi/kubernetes@29.0.0	environment, eval, filesystem, network, shell	0	13.8 MB	kubernetes
pypi/kubernetes@30.1.0	environment, eval, filesystem, network, shell	0	14.9 MB	kubernetes
pypi/mkdocs-gen-files@0.5.0	eval, filesystem	0	21.9 kB	oprypin
pypi/mkdocs-material@9.5.27	environment, eval, filesystem, network	0	14.1 MB	squidfunk
pypi/mkdocs@1.6.0	environment, eval, filesystem, network, shell	0	6.87 MB	d0ugal, mkdocsdeploy, oprypin, ...2 more
pypi/mkdocstrings-python-legacy@0.2.3	environment, shell	0	65.1 kB	pawamoy
pypi/mkdocstrings@0.25.1	environment, filesystem	0	111 kB	oprypin, pawamoy
pypi/mock@5.1.0	environment, eval, filesystem, unsafe	0	408 kB	Fuzzyman, berkerpeksag, carthorse-mock, ...3 more
pypi/moto@4.2.4	environment, eval, filesystem, network, shell, unsafe	0	49.2 MB	bblommers, jackdanger, mikegrima, ...1 more
pypi/moto@5.0.10.dev9	environment, eval, filesystem, network, shell, unsafe	0	54.3 MB	bblommers, jackdanger, mikegrima, ...1 more
pypi/mypy-boto3-s3@1.34.120	environment	0	858 kB	vemel
pypi/mypy-boto3-secretsmanager@1.34.128	environment	0	143 kB	vemel
pypi/mypy@1.10.0	environment, eval, filesystem, network, shell, unsafe	0	45.2 MB	ambv, guido, hauntsaninja, ...8 more
pypi/pandas@2.2.2	environment, eval, filesystem, network, shell, unsafe	0	62.2 MB	MarcoGorelli, datapythonista, jbrockmendel, ...8 more
pypi/pillow@10.3.0	environment, eval, filesystem, shell, unsafe	0	73 MB	aclark, hugovk, radarhere, ...1 more
pypi/pre-commit@3.7.1	environment, eval, filesystem, network, shell	0	345 kB	asottile
pypi/prefect-gcp@0.6.0rc1	environment, filesystem, network	0	371 kB	desertaxle, prefect
pypi/prefect-shell@0.3.0rc1	environment, filesystem, network, shell	0	72.9 kB	desertaxle, prefect
pypi/prefect-snowflake@0.28.0rc1	environment, filesystem, network	0	145 kB	desertaxle, prefect
pypi/prefect-sqlalchemy@0.5.0rc1	environment, network	0	111 kB	desertaxle, prefect
pypi/prefect@3.0.0rc4	None	0	0 B
pypi/pyarrow@16.1.0	environment, eval, filesystem, network, shell, unsafe	0	136 MB	Charles.Cloud, cutlerb, jorgecarleitao, ...6 more
pypi/pyparsing@3.1.2	environment, eval, filesystem, unsafe	0	2.46 MB	ptmcg
pypi/pytest-asyncio@0.21.2	eval, network	0	108 kB	Andrew.Svetlov, hpk, m.seifert, ...2 more
pypi/pytest-asyncio@0.23.7	eval, network	0	219 kB	Andrew.Svetlov, hpk, m.seifert, ...2 more
pypi/pytest-cov@5.0.0	environment, eval, filesystem, network, shell	0	237 kB	ionel
pypi/pytest-xdist@3.3.1	environment, eval, filesystem, network	0	333 kB	The_Compiler, anatoly, flub, ...4 more
pypi/pytest-xdist@3.6.1	environment, eval, filesystem, network	0	363 kB	The_Compiler, anatoly, flub, ...4 more
pypi/pytest@7.4.4	environment, eval, filesystem, network, shell, unsafe	0	5.12 MB	The_Compiler, anatoly, flub, ...4 more
pypi/pytest@8.2.2	environment, eval, filesystem, network, shell, unsafe	0	5.71 MB	The_Compiler, anatoly, flub, ...4 more
pypi/python-gitlab@4.6.0	environment, eval, filesystem, network, shell, unsafe	0	2.03 MB	bufferoverflow, max-wittig, nejch
pypi/python-slugify@8.0.3	eval, filesystem, shell	0	44.5 kB	un33k
pypi/ray@2.24.0	environment, eval, filesystem, network, shell, unsafe	0	165 MB	amogkamsetty, architkulkarni, artur1993, ...23 more
pypi/respx@0.21.1	environment, eval	0	110 kB	5monkeys
pypi/setuptools-scm@8.1.0	environment, eval, filesystem, network, shell	0	269 kB	jaraco, jezdez, ronny
pypi/setuptools@70.0.0	environment, eval, filesystem, network, shell, unsafe	0	6.89 MB	abravalheri, dstufft, jaraco
pypi/sgqlc@16.3	environment, eval, filesystem, network	0	547 kB	barbieri
pypi/slack-sdk@3.29.0	environment, filesystem, network, shell	0	1.46 MB	filmaj, misscoded, seratch, ...4 more
pypi/snowflake-connector-python@3.11.0	environment, eval, filesystem, network, shell, unsafe	0	9.95 MB	Tianyi, angel.avalos, ankit.bhatnagar, ...7 more
pypi/sqlalchemy@2.0.31	None	0	0 B
pypi/tenacity@8.4.1	eval, unsafe	0	210 kB	jd, sileht
pypi/types-boto3@1.0.2	None	0	30.6 kB	vemel
pypi/wheel@0.43.0	environment, eval, filesystem, shell, unsafe	0	460 kB	agronholm, joeforker, natefoo

🚮 Removed packages: pypi/aiosqlite@0.20.0, pypi/aiosqlite@0.20.0, pypi/alembic@1.13.1, pypi/alembic@1.13.1, pypi/apprise@1.8.0, pypi/apprise@1.8.0, pypi/asgi-lifespan@2.1.0, pypi/asgi-lifespan@2.1.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/asyncpg@0.29.0, pypi/cachetools@5.3.3, pypi/cachetools@5.3.3, pypi/cairosvg@2.7.1, pypi/cairosvg@2.7.1

View full report↗︎