fix(deps): update dependency ua-parser-js to v0.7.33 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ua-parser-js	0.7.23 -> 0.7.33

GitHub Vulnerability Alerts

CVE-2022-25927

Description:

A regular expression denial of service (ReDoS) vulnerability has been discovered in ua-parser-js.

Impact:

This vulnerability bypass the library's MAX_LENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.

Affected Versions:

All versions of the library prior to version 0.7.33 / 1.0.33.

Patches:

A patch has been released to remove the vulnerable regular expression, update to version 0.7.33 / 1.0.33 or later.

References:

Regular expression Denial of Service - ReDoS

Credits:

Thanks to @​Snyk who first reported the issue.

---

Release Notes

faisalman/ua-parser-js (ua-parser-js)

v0.7.33

Compare Source

• Add new browser : Cobalt
• Identify Macintosh as an Apple device
• Fix ReDoS vulnerability

v0.7.32

Compare Source

• Add new browser : DuckDuckGo, Huawei Browser, LinkedIn
• Add new OS : HarmonyOS
• Add some Huawei models
• Add Sharp Aquos TV
• Improve detection Xiaomi Mi CC9
• Fix Sony Xperia 1 III misidentified as Acer tablet
• Fix Detect Sony BRAVIA as SmartTV
• Fix Detect Xiaomi Mi TV as SmartTV
• Fix Detect Galaxy Tab S8 as tablet
• Fix WeGame mistakenly identified as WeChat
• Fix included commas in Safari / Mobile Safari version
• Increase UA_MAX_LENGTH to 350

v0.7.31

Compare Source

• Fix OPPO Reno A5 incorrect detection
• Fix TypeError Bug
• Use AST to extract regexes and verify them with safe-regex

v0.7.30

Compare Source

• Add new browser : Obigo, UP.Browser, Klar
• Add new device : Oculus, Roku
• Add new OS: Maemo, HP-UX, Android-x86, Deepin, elementary OS, GhostBSD, Linspire, Manjaro, Sabayon
• Improve detection for Sony Xperia 1ii, LG Android TV, and some more devices
• Improve detection for ARM64 CPU
• Improve detection for Windows Mobile, Netscape, Mac on PowerPC
• Categorize PDA as mobile
• Fix Sharp devices misjudged as Huawei
• Fix trailing comma for ES3 compatibility
• Some code refactor

v0.7.28

Compare Source

v0.7.27

Compare Source

v0.7.26

Compare Source

v0.7.25

Compare Source

v0.7.24

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22762
    throw new Error(
          ^

Error: Error when performing the request to https://registry.npmjs.org/yarn/latest; for troubleshooting help, see https://github.com/nodejs/corepack#troubleshooting
    at fetch (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22762:11)
    at async fetchAsJson (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22776:20)
    ... 4 lines matching cause stack trace ...
    at async Object.runMain (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:24232:5) {
  [cause]: TypeError: globalThis.fetch is not a function
      at fetch (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22756:33)
      at async fetchAsJson (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22776:20)
      at async fetchLatestStableVersion (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22703:20)
      at async fetchLatestStableVersion2 (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22826:14)
      at async Engine.getDefaultVersion (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:23433:23)
      at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:23525:47)
      at async Object.runMain (/opt/containerbase/tools/corepack/0.28.0/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:24232:5)
}

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22534
    throw new Error(
          ^

Error: Error when performing the request to https://registry.npmjs.org/yarn/latest; for troubleshooting help, see https://github.com/nodejs/corepack#troubleshooting
    at fetch (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22534:11)
    at async fetchAsJson (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22548:20)
    ... 4 lines matching cause stack trace ...
    at async Object.runMain (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:24007:5) {
  [cause]: TypeError: globalThis.fetch is not a function
      at fetch (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22528:33)
      at async fetchAsJson (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22548:20)
      at async fetchLatestStableVersion (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22475:20)
      at async fetchLatestStableVersion2 (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:22598:14)
      at async Engine.getDefaultVersion (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:23208:23)
      at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:23300:47)
      at async Object.runMain (/opt/containerbase/tools/corepack/0.28.2/16.19.0/node_modules/corepack/dist/lib/corepack.cjs:24007:5)
}