next-upload
next-upload copied to clipboard
Published
20 hours ago •
TimMikeladze
TimMikeladze
fix(deps): update dependency nanoid to v5.0.9 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| nanoid | 5.0.7 -> 5.0.9 |
GitHub Vulnerability Alerts
CVE-2024-55565
When nanoid is called with a fractional value, there were a number of undesirable effects:
- in browser and non-secure, the code infinite loops on while (size--)
- in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
- if the first call in node is a fractional argument, the initial buffer allocation fails with an error
Version 3.3.8 and 5.0.9 are fixed.
Release Notes
ai/nanoid (nanoid)
v5.0.9
- Fixed a way to break Nano ID by passing non-integer size (by @myndzi).
v5.0.8
- Reduced
customAlphabetsize (by @kirillgroshkov).
Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}