Bump ws and viem in /examples

[dependabot]

Bumps ws to 8.20.1 and updates ancestor dependency viem. These dependencies need to be updated together.

Updates ws from 8.18.3 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• Additional commits viewable in compare view

Updates viem from 2.47.6 to 2.51.3

Release notes

Sourced from viem's releases.

viem@2.51.3

Patch Changes

• #4675 cc15e56ae47e03d2ec8fe9b0e443b4e52b7c350a Thanks @​deodad! - Fixed access key metadata reads incorrectly using the client account.

viem@2.51.2

Patch Changes

• #4668 672a7ef72cd7fb9b9330d5c90979729e6b96cbbc Thanks @​deodad! - viem/tempo: Fixed signVoucher to raw sign channel vouchers with access key accounts.

• #4672 c582dad966c136488b9f36c01f0f3986ff98e407 Thanks @​deodad! - Added a Tempo key authorization manager that can be used by prepareTransactionRequest to attach pending key authorizations.

viem@2.51.0

Minor Changes

• #4663 752712f1d2358715e9d63bd754f80c90a8d02e91 Thanks @​jxom! - viem/tempo: Added Actions.channel actions for reading and mutating TIP-20 channel reserve state.

• #4597 d346038e71f31cb1c82fc94bb49c4ac553a23717 Thanks @​wwared! - viem/op-stack: Added OP Stack super-root dispute game support for withdrawal prove flows.

• #4661 9713c7562eac9fd328e6cc1be7388bc1659a9c27 Thanks @​jxom! - Updated generated Tempo precompile ABIs from latest Tempo main and added logoURI to TIP-20 metadata and token creation.

• #4653 a29cf5eef5809b50bbb7931f35331203c32d7692 Thanks @​islishude! - Added support for eth_getBlockReceipts.

Patch Changes

• #4650 73b8b89c0369597bf4df781b021130f544ebe6b0 Thanks @​deodad! - Exported ExtractFormattedTransactionRequest.

• #4664 c3fda73603695bc68336f6e22f6475ba6ed0cdc7 Thanks @​jxom! - Handled eth_createAccessList responses that include an error field.

• #4660 c5cc58ebbc027029022f09eba54ed2e789b8b2b1 Thanks @​struong! - Emitted a full broadcast envelope when the fee payer co-signed during eth_fillTransaction, enabling single round-trip sponsorship, and stripped feeToken from the sender's sign payload under sponsorship per the Tempo Transaction spec.

• #4654 038a062a8c2a875a3bbd58426e6060cf5d1d7986 Thanks @​deodad! - Added raw signing support to Tempo access key accounts.

viem@2.50.4

Patch Changes

• #4647 423131df9e00e3df062274e483b98a4921674cea Thanks @​jxom! - Fixed Tempo chain declarations to emit portable inferred types for exported derived chains.

viem@2.50.3

Patch Changes

• #4642 5bafcd444f7ebae9bb06a8efbc801a7ea845154d Thanks @​jxom! - viem/tempo: Updated wallet.deposit to use amount and supported token symbols for wallet_deposit requests.

viem@2.49.3

Patch Changes

• #4621 6d80eaeea315c552a57e9683607ed36f7d219a9e Thanks @​Blessing-Circle! - Added Arc chain.

• #4622 c5dc4d63506f787e92417eff77dd0ef84e3a2c8c Thanks @​struong! - viem/tempo: Preserved feeToken on broadcast envelope when feePayerSignature is present. Previously stripped unconditionally when feePayer === true, breaking fee payer signature verification on-chain.

... (truncated)

Commits

• e999340 Version Packages (#4676)
• fd4527f fix: resolve tmp audit and request spy typing (#4677)
• cc15e56 fix(tempo): read access key metadata without sender (#4675)
• 585d806 chore: version package (#4673)
• 741bceb ci: disable Tempo devnet tests
• 6e50f39 fix: stabilize local tests
• c582dad feat(tempo): add key authorization manager (#4672)
• 672a7ef fix(tempo): raw sign access key vouchers (#4668)
• 9deee0d chore: update ox to 0.14.25
• 7b06563 chore: version package (#4670)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/zx	8.7.1	🟢 7.9	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 17 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 10/24 approved changesets -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/@biomejs/biome	2.4.9	Unknown	Unknown
npm/@biomejs/cli-darwin-arm64	2.4.9	Unknown	Unknown
npm/@biomejs/cli-darwin-x64	2.4.9	Unknown	Unknown
npm/@biomejs/cli-linux-arm64	2.4.9	Unknown	Unknown
npm/@biomejs/cli-linux-arm64-musl	2.4.9	Unknown	Unknown
npm/@biomejs/cli-linux-x64	2.4.9	Unknown	Unknown
npm/@biomejs/cli-linux-x64-musl	2.4.9	Unknown	Unknown
npm/@biomejs/cli-win32-arm64	2.4.9	Unknown	Unknown
npm/@biomejs/cli-win32-x64	2.4.9	Unknown	Unknown
npm/@stellar/stellar-sdk	14.6.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits
npm/@types/node	24.12.0	🟢 6.5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 25/29 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/dotenv	16.4.7	🟢 4.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/ox	0.14.25	Unknown	Unknown
npm/undici-types	7.16.0	🟢 8.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md License 🟢 10 license file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 77 contributing companies or organizations
npm/viem	2.51.3	Unknown	Unknown
npm/ws	8.20.1	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/29 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• examples/package-lock.json