-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(api): update dependency nanoid to v5.0.9 [security] #1436
base: dev
Are you sure you want to change the base?
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
#1949 Bundle Size — 5.64MiB (~-0.01%).8cc615d(current) vs c56f243 dev#1947(baseline) Warning Bundle contains 5 duplicate packages – View duplicate packages Bundle metrics
|
Current #1949 |
Baseline #1947 |
|
---|---|---|
Initial JS | 3.05MiB (~-0.01% ) |
3.05MiB |
Initial CSS | 9.7KiB |
9.7KiB |
Cache Invalidation | 28.7% |
23.68% |
Chunks | 67 |
67 |
Assets | 80 |
80 |
Modules | 2016 |
2016 |
Duplicate Modules | 361 |
361 |
Duplicate Code | 10% |
10% |
Packages | 159 |
159 |
Duplicate Packages | 5 |
5 |
Bundle size by type 1 change
1 improvement
Current #1949 |
Baseline #1947 |
|
---|---|---|
JS | 4.4MiB (~-0.01% ) |
4.4MiB |
Other | 1.13MiB |
1.13MiB |
Fonts | 94.54KiB |
94.54KiB |
CSS | 9.7KiB |
9.7KiB |
IMG | 8.57KiB |
8.57KiB |
Bundle analysis report Branch renovate/npm-nanoid-vulnerabilit... Project dashboard
Generated by RelativeCI Documentation Report issue
📦 Next.js Bundle Analysis for @weareinreach/appThis analysis was generated by the Next.js Bundle Analysis action. 🤖 This PR introduced no changes to the JavaScript bundle! 🙌 |
746e9be
to
fc4a888
Compare
fc4a888
to
41473e7
Compare
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
41473e7
to
8cc615d
Compare
Quality Gate passedIssues Measures |
This PR contains the following updates:
5.0.7
->5.0.9
GitHub Vulnerability Alerts
CVE-2024-55565
When nanoid is called with a fractional value, there were a number of undesirable effects:
Version 3.3.8 and 5.0.9 are fixed.
Predictable results in nanoid generation when given non-integer values
CVE-2024-55565 / GHSA-mwcw-c2x4-8c55
More information
Details
When nanoid is called with a fractional value, there were a number of undesirable effects:
Version 3.3.8 and 5.0.9 are fixed.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
ai/nanoid (nanoid)
v5.0.9
Compare Source
v5.0.8
Compare Source
customAlphabet
size (by @kirillgroshkov).Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.