Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency nanoid to v3.1.31 [security] #20726

Merged
merged 2 commits into from
Mar 24, 2022
Merged

chore(deps): update dependency nanoid to v3.1.31 [security] #20726

merged 2 commits into from
Mar 24, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 22, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nanoid 3.1.20 -> 3.1.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23566

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Release Notes

ai/nanoid

v3.1.31

Compare Source

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

v3.1.30

Compare Source

  • Reduced size for project with brotli compression (by Anton Khlynovskiy).

v3.1.29

Compare Source

  • Reduced npm package size.

v3.1.28

Compare Source

  • Reduced npm package size.

v3.1.27

Compare Source

  • Cleaned dependencies from development tools.

v3.1.26

Compare Source

  • Improved performance (by Eitan Har-Shoshanim).
  • Reduced npm package size.

v3.1.25

Compare Source

  • Fixed browserify support.

v3.1.24

Compare Source

  • Fixed browserify support (by Artur Paikin).

v3.1.23

Compare Source

  • Fixed esbuild support.

v3.1.22

Compare Source

  • Added default and browser.default to package.exports.

v3.1.21

Compare Source

  • Reduced npm package size.

Configuration

📅 Schedule: "" in timezone America/New_York.

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested review from a team as code owners March 22, 2022 13:48
@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Mar 22, 2022
@renovate renovate bot removed the request for review from a team March 22, 2022 13:48
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Mar 22, 2022

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

@renovate renovate bot requested a review from rachelruderman March 22, 2022 13:48
@cypress
Copy link

cypress bot commented Mar 22, 2022
edited
Loading


Test summary

19343 0 218 0Flakiness 2

Run details
Project cypress
Status Passed
Commit bf85d7c
Started Mar 22, 2022 10:07 PM
Ended Mar 22, 2022 10:19 PM
Duration 11:52 💡
OS Linux Debian - 10.10
Browser Multiple

View run in Cypress Dashboard ➡️

Flakiness

settings_spec.js Flakiness
1 Settings > file preference panel > loads preferred editor, available editors and shows spinner
reporter.hooks.spec.js Flakiness
1 hooks > can rerun without timeout error leaking into next run (due to run restart)

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

lmiller1990
lmiller1990 previously approved these changes Mar 22, 2022
View reviewed changes
@lmiller1990
Copy link
Contributor

Seems we cannot apply this patch, electron browser does not have a secure number generator. We could change to use nanoid/non-secure like suggested? Your browser does not have secure random generator.

@jennifer-shehane jennifer-shehane requested review from lmiller1990 and removed request for rachelruderman March 23, 2022 16:31
@lmiller1990 lmiller1990 merged commit 88556c2 into develop Mar 24, 2022
@lmiller1990 lmiller1990 deleted the renovate/npm-nanoid-vulnerability branch March 24, 2022 05:12
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Mar 28, 2022

Released in 9.5.3.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v9.5.3, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Mar 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lmiller1990 lmiller1990 lmiller1990 approved these changes

Assignees
No one assigned
Labels
renovate Triggered by renovatebot type: dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lmiller1990 @renovate-bot