-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency nanoid to v3.1.31 [security] #20726
Conversation
See the guidelines for reviewing dependency updates for info on how to review dependency update PRs. |
Test summaryRun details
View run in Cypress Dashboard ➡️ Flakiness
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
Seems we cannot apply this patch, electron browser does not have a secure number generator. We could change to use |
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
This PR contains the following updates:
3.1.20
->3.1.31
GitHub Vulnerability Alerts
CVE-2021-23566
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
Release Notes
ai/nanoid
v3.1.31
Compare Source
size
(by Artyom Arutyunyan).v3.1.30
Compare Source
brotli
compression (by Anton Khlynovskiy).v3.1.29
Compare Source
v3.1.28
Compare Source
v3.1.27
Compare Source
dependencies
from development tools.v3.1.26
Compare Source
v3.1.25
Compare Source
browserify
support.v3.1.24
Compare Source
browserify
support (by Artur Paikin).v3.1.23
Compare Source
esbuild
support.v3.1.22
Compare Source
default
andbrowser.default
topackage.exports
.v3.1.21
Compare Source
Configuration
📅 Schedule: "" in timezone America/New_York.
🚦 Automerge: Disabled due to failing status checks.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.