web-security-fundamentals
web-security-fundamentals copied to clipboard
mike-works
fix(deps): update dependency bcrypt to v5 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| bcrypt | 3.0.8 -> 5.0.0 |
GitHub Vulnerability Alerts
CVE-2020-7689
In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.
Release Notes
kelektiv/node.bcrypt.js (bcrypt)
v5.0.0
- Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
- Experimental support for z/OS
- Fix a bug related to NUL in password input
- Update
node-pre-gypto 0.15.0
v4.0.1
- Fix compilation errors in Alpine linux
v4.0.0
- Switch to NAPI bcrypt
- Drop support for NodeJS 8
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
I spent a number of hours trying to get this to run on my M1 mac and I think bcrypt might have been the culprit. I believe this should be merged in save others the headache.
If anyone else it getting an error like this, you should try installing the latest bcrypt via yarn:
/Users/ghelton/git/web-security-fundamentals/node_modules/bcrypt: Command failed.
