Integrated Upstream PRs
UDMODZ Edition maintains compatibility with the core repository while applying critical upstream PRs (Pull Requests) to optimize connection stability, memory management, and security.
🛡️ PR #2682: Active Login for Existing Sessions
- Issue: Recurring reconnects for existing sessions sometimes resulted in passive logins being rejected by the WhatsApp server with response code
428. - Solution: Forces
passive: falseingenerateLoginNode. This ensures connection handshakes are actively handled for linked devices.
🛡️ PR #2681: Skip Empty Link-Code Pairing Notices
- Issue: Empty registration notices sent during companion pairing caused uncaught errors or empty session records.
- Solution: Adds checks to skip empty registration nodes in
messages-recv.tsif reference, ephemeral, or identity buffers are missing.
🧠 PR #2666: Shared AsyncLocalStorage Singleton (Heap Leak Fix)
- Issue: In vanilla Baileys, creating multiple sockets or re-initiating connection instances caused severe memory leaks. Each socket instance spawned a new
AsyncLocalStorageobject, which permanently captured references to pending Node.js asynchronous resource contexts. - Solution: Refactored transaction management in
src/Utils/auth-utils.tsto utilize a single process-wideAsyncLocalStorageinstance. Store isolation is maintained using unique token symbols.
🔒 PR #2665: Bounds Checking in Binary Node Decoders
- Issue: Buffer boundary overflows occurred during decoding when reading sub-integers from small binary node payloads.
- Solution: Implements bounds validation in
getBinaryNodeChildUIntinsidesrc/WABinary/generic-utils.tsto confirmbuff.length >= lengthprior to invoking buffer converters.
🆔 PR #2661: LID Migration Updates
- Issue: Mappings between phone numbers and WhatsApp internal LIDs became stale, resulting in delivery failures and cryptographic session conflicts.
- Solution: Parses
refresh_lid: 'true'parameters on message ACKs, queries updated LIDs with cache bypass enabled, migrates active cryptographic session stores, and emits the'lid-migration.update'event.
🔑 PR #2689: Shortcake Companion Linking Protocol
- Issue: Linking was interrupted when WhatsApp's newer passkey-based companion validation challenges were presented to headless clients.
- Solution: Adds support for companion-side WebAuthn assertions, ephemeral X25519 DH handshakes, commitment verification codes, and AES-GCM pairing envelopes.