dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

Build(deps): [security] bump nanoid from 3.1.30 to 3.3.3 #346

Merged
argoyle merged 1 commits from dependabot-npm_and_yarn-nanoid-3.3.3 into master 2022-05-02 05:37:27 +00:00
Conversation 4 Commits 1 Files Changed 1
+3 -3
argoyle commented 2022-05-02 04:41:37 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Bumps nanoid from 3.1.30 to 3.3.3. This update includes a security fix.

Vulnerabilities fixed

Exposure of Sensitive Information to an Unauthorized Actor in nanoid The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Patched versions: 3.1.31 Affected versions: >= 3.0.0, < 3.1.31

Changelog

Sourced from nanoid's changelog.

3.3.3

  • Reduced size (by Anton Khlynovskiy).

3.3.2

  • Fixed enhanced-resolve support.

3.3.1

  • Reduced package size.

3.3

  • Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

  • Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

  • Reduced async exports size (by Artyom Arutyunyan).
  • Moved from Jest to uvu (by Vitaly Baev).

3.1.31

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).
Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.3.3. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> <p><strong>Exposure of Sensitive Information to an Unauthorized Actor in nanoid</strong> The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.</p> <p>Patched versions: 3.1.31 Affected versions: &gt;= 3.0.0, &lt; 3.1.31</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.3</h2> <ul> <li>Reduced size (by Anton Khlynovskiy).</li> </ul> <h2>3.3.2</h2> <ul> <li>Fixed <code>enhanced-resolve</code> support.</li> </ul> <h2>3.3.1</h2> <ul> <li>Reduced package size.</li> </ul> <h2>3.3</h2> <ul> <li>Added <code>size</code> argument to function from <code>customAlphabet</code> (by Stefan Sundin).</li> </ul> <h2>3.2</h2> <ul> <li>Added <code>--size</code> and <code>--alphabet</code> arguments to binary (by Vitaly Baev).</li> </ul> <h2>3.1.32</h2> <ul> <li>Reduced <code>async</code> exports size (by Artyom Arutyunyan).</li> <li>Moved from Jest to uvu (by Vitaly Baev).</li> </ul> <h2>3.1.31</h2> <ul> <li>Fixed collision vulnerability on object in <code>size</code> (by Artyom Arutyunyan).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/0454333dee4612d2c2e163d271af6cc3ce1e5aa4"><code>0454333</code></a> Release 3.3.3 version</li> <li><a href="https://github.com/ai/nanoid/commit/71271f292ea71dadd2b38a4993256063ab887468"><code>71271f2</code></a> Update dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/f4e7325581e1ab999328adab1e8d8114230751eb"><code>f4e7325</code></a> reduce bundlesize by moving from while to reduce (<a href="https://github.com/ai/nanoid/issues/355">#355</a>)</li> <li><a href="https://github.com/ai/nanoid/commit/cb3053e651c5984a8a8f4161c8e4dee424e71d30"><code>cb3053e</code></a> Add R implementation to the language lists (<a href="https://github.com/ai/nanoid/issues/353">#353</a>)</li> <li><a href="https://github.com/ai/nanoid/commit/7f0df4721e3535ad6ed81971c65f423fb7892630"><code>7f0df47</code></a> Release 3.3.2 version</li> <li><a href="https://github.com/ai/nanoid/commit/56f3f5cca7d60bb2b7de37278b096f93cfd5ffe7"><code>56f3f5c</code></a> Update dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/41cc4e28cb7b5e852028e2cf07683a5a001f0d13"><code>41cc4e2</code></a> Update CI</li> <li><a href="https://github.com/ai/nanoid/commit/ec6f809b1210ad27568753a91a8312a164c62674"><code>ec6f809</code></a> Release 3.3.1 version</li> <li><a href="https://github.com/ai/nanoid/commit/c7d8578a0ebd30789fbb948f16a3bccf25d409f4"><code>c7d8578</code></a> Update dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/05b2596660e2b39792d6ad18ee2a8b0b6630ee58"><code>05b2596</code></a> Remove old tests</li> <li>Additional commits viewable in <a href="https://github.com/ai/nanoid/compare/3.1.30...3.3.3">compare view</a></li> </ul> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>
argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2022-05-02 04:45:54 +00:00
argoyle commented 2022-05-02 04:49:15 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

aborted the automatic merge because source branch was updated

aborted the automatic merge because source branch was updated
argoyle commented 2022-05-02 04:49:15 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • e3085f89...485dda0e - 2 commits from branch master
  • aeadce04 - Build(deps): [security] bump nanoid from 3.1.30 to 3.3.3

Compare with previous version

added 3 commits <ul><li>e3085f89...485dda0e - 2 commits from branch <code>master</code></li><li>aeadce04 - Build(deps): [security] bump nanoid from 3.1.30 to 3.3.3</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/297/diffs?diff_id=384811095&start_sha=e3085f8948a54e340bf5442d206ea016c67b1ade)
argoyle commented 2022-05-02 05:28:41 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • aeadce04...6f23a7d1 - 2 commits from branch master
  • 6cb19be6 - Build(deps): [security] bump nanoid from 3.1.30 to 3.3.3

Compare with previous version

added 3 commits <ul><li>aeadce04...6f23a7d1 - 2 commits from branch <code>master</code></li><li>6cb19be6 - Build(deps): [security] bump nanoid from 3.1.30 to 3.3.3</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/297/diffs?diff_id=384819239&start_sha=aeadce0410b3c49d6b71b22295ae1db2e80a34a1)
argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2022-05-02 05:29:04 +00:00
argoyle commented 2022-05-02 05:37:28 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

mentioned in commit fe900783e2

mentioned in commit fe900783e2adfe57ff8df947c9754cb92375c1e3
argoyle (Migrated from gitlab.com) merged commit fe900783e2 into master 2022-05-02 05:37:28 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label dependencies javascript security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#346
Delete Branch "dependabot-npm_and_yarn-nanoid-3.3.3"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?