Security fixes
This release includes a fix for the following security issue:
Unauthenticated memory-leak DoS via aborted WebSocket handshake
Affects: upgradeWebSocket. A WebSocket upgrade request with a missing or malformed Sec-WebSocket-Key header leaked the request's IncomingMessage and left a promise pending, even though no connection was established. Since the route is reachable pre-handshake without authentication, an attacker could flood it to gradually exhaust memory. GHSA-9mqv-5hh9-4cgg
Users of upgradeWebSocket are encouraged to upgrade to this version.