Skip to content

THRIFT-6039: Upgrade ws from 5.2.x to 8.21.0#3526

Open
jimexist wants to merge 2 commits into
masterfrom
claude/pedantic-noether-16f102
Open

THRIFT-6039: Upgrade ws from 5.2.x to 8.21.0#3526
jimexist wants to merge 2 commits into
masterfrom
claude/pedantic-noether-16f102

Conversation

@jimexist
Copy link
Copy Markdown
Member

@jimexist jimexist commented May 25, 2026

Summary

Upgrades the ws WebSocket library from ^5.2.3 (resolved 5.2.4) to ^8.21.0. ws 5.x has been EOL for years and is several major versions behind the current release.

ws is consumed indirectly through isomorphic-ws in lib/nodejs/lib/thrift/ws_connection.js; only the client-side new WebSocket(uri, "", wsOptions) constructor is used, which is unchanged across v5 → v8. No server-side ws.Server API is used in the codebase, so the breaking changes between v5 and v8 (most of which affect the server API) do not apply.

Compatibility

  • Node engine: ws v8 requires Node.js ≥ 10.0.0; package.json's engines.node is already >= 10.18.0, so the constraint is satisfied.
  • Lock file: the transitive async-limiter dependency (only needed by ws 5.x) is removed.
  • License: ws is BSD-2-Clause (ASF Category A), so no LICENSE / NOTICE updates are required.

Notes for reviewers

  • No JIRA ticket was filed; this is a dependency bump that does not touch product code. Happy to open one if maintainers prefer.
  • The change is AI-assisted; commit and PR are labelled per AGENTS.md / CONTRIBUTING.md (Co-Authored-By / Generated-by).

Test plan

  • npm install resolves cleanly
  • lib/nodejs/test/testAll.sh passes
  • WebSocket transport sanity check (e.g. lib/nodejs/test/server.js + WS client) succeeds

🤖 Generated with Claude Code

@jimexist @claude
Upgrade ws from 5.2.x to 8.21.0
3451dac 
Client: nodejs

The ws package was pinned at ^5.2.3 (resolved 5.2.4), which is
several major versions behind the current 8.21.0 release.

ws is consumed indirectly via isomorphic-ws in
lib/nodejs/lib/thrift/ws_connection.js; only the client-side
`new WebSocket(uri, "", wsOptions)` constructor is used, which is
unchanged across the v5 -> v8 transition. No server-side ws.Server
API is used in the codebase.

ws v8 requires Node.js >= 10.0.0; package.json's engines.node is
already >= 10.18.0, so the engine constraint is satisfied. The
transitive async-limiter dependency (only needed by ws 5.x) is
removed from the lock file.

ws is BSD-2-Clause licensed (ASF Category A), so no LICENSE or
NOTICE updates are required.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Generated-by: Claude Opus 4.7 (1M context)
@jimexist jimexist requested a review from Copilot May 25, 2026 00:14
Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Upgrades the Node.js binding’s WebSocket dependency (ws) to a supported major version, aligning the dependency set with the project’s existing Node engine constraints and removing legacy transitive packages from the lockfile.

Changes:

  • Bump ws from ^5.2.3 to ^8.21.0 in package.json.
  • Refresh package-lock.json to resolve ws@8.21.0 and drop async-limiter, updating related lock metadata.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Updates the direct ws dependency to ^8.21.0.
package-lock.json Resolves ws@8.21.0, removes async-limiter, and updates dependency metadata accordingly.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jimexist jimexist changed the title Upgrade ws from 5.2.x to 8.21.0 THRIFT-6039: Upgrade ws from 5.2.x to 8.21.0 May 25, 2026
@jimexist @claude
Fix WebSocket subprotocol for ws v8
6fecd3c 
Client: nodejs

ws v8 added strict validation of the protocols argument and rejects
an empty string with `SyntaxError: An invalid or duplicated subprotocol
was specified`. ws v5 tolerated `""` silently.

WSConnection passed `""` as the protocols argument when running on
Node (browser code path is unaffected). Switch to `undefined` so the
constructor receives no subprotocol, matching both the WHATWG
WebSocket and ws documented signatures.

Surfaced by the lib-nodejs CI job after the ws 5 -> 8 upgrade.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Generated-by: Claude Opus 4.7 (1M context)
@jimexist jimexist requested a review from emmenlau as a code owner May 25, 2026 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@emmenlau emmenlau Awaiting requested review from emmenlau emmenlau is a code owner

Assignees

No one assigned

Labels

nodejs typescript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jimexist