chore: [security] bump nanoid from 3.3.7 to 3.3.8 #351

Merged

martinr92 merged 1 commit from dependabot-npm_and_yarn-develop-nanoid-3.3.8 into develop

2024-12-15 11:11:39 +00:00

martinr92 commented

2024-12-10 03:58:27 +00:00

(Migrated from gitlab.com)

Bumps nanoid from 3.3.7 to 3.3.8. This update includes a security fix.

Vulnerabilities fixed

Infinite loop in nanoid
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

Patched versions: 3.3.8; 5.0.9
Affected versions: = 4.0.0, < 5.0.9

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> Infinite loop in nanoid nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. Patched versions: 3.3.8; 5.0.9 Affected versions: = 4.0.0, < 5.0.9 </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>. <blockquote> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744"><code>3044cd5</code></a> Release 3.3.8 version</li> <li><a href="https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231"><code>4fe3495</code></a> Update size limit</li> <li><a href="https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c"><code>d643045</code></a> Fix pool pollution, infinite loop (<a href="https://github.com/ai/nanoid/issues/510">#510</a>)</li> <li>See full diff in <a href="https://github.com/ai/nanoid/compare/3.3.7...3.3.8">compare view</a></li> </ul> </details>

martinr92 commented

2024-12-10 03:58:27 +00:00

(Migrated from gitlab.com)

assigned to @martinr92

martinr92 commented

2024-12-15 10:58:21 +00:00

(Migrated from gitlab.com)

added 3 commits

5b7d30ed...fd0794d7 - 2 commits from branch develop
0bfd8cfd - chore: [security] bump nanoid from 3.3.7 to 3.3.8

Compare with previous version

added 3 commits <ul><li>5b7d30ed...fd0794d7 - 2 commits from branch <code>develop</code></li><li>0bfd8cfd - chore: [security] bump nanoid from 3.3.7 to 3.3.8</li></ul> [Compare with previous version](/marty-media/server/-/merge_requests/327/diffs?diff_id=1212204082&start_sha=5b7d30ed6bd0881328eec259d3bbc7f753b89aad)

martinr92 commented

2024-12-15 11:08:17 +00:00

(Migrated from gitlab.com)

SonarQube Cloud Code Analysis

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

## SonarQube Cloud Code Analysis ## Quality Gate passed Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed.svg '') [0 New issues](https://sonarcloud.io/project/issues?id=marty-media_server&pullRequest=327&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted.svg '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=marty-media_server&pullRequest=327&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed.svg '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=marty-media_server&pullRequest=327&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed.svg '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=marty-media_server&pullRequest=327&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed.svg '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=marty-media_server&pullRequest=327&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarQube Cloud](https://sonarcloud.io/dashboard?id=marty-media_server&pullRequest=327)

martinr92 (Migrated from gitlab.com) merged commit into develop

2024-12-15 11:11:39 +00:00

martinr92 commented

2024-12-15 13:33:24 +00:00

(Migrated from gitlab.com)

🎉 This MR is included in version 0.5.6-beta.1 🎉

The release is available on GitLab release.

Your semantic-release bot 📦 🚀

:tada: This MR is included in version 0.5.6-beta.1 :tada: The release is available on [GitLab release](https://gitlab.com/marty-media/server/-/releases/v0.5.6-beta.1). Your **[semantic-release](https://github.com/semantic-release/semantic-release)** bot :package: :rocket:

martinr92 commented

2024-12-22 12:32:44 +00:00

(Migrated from gitlab.com)

🎉 This MR is included in version 0.5.6 🎉

The release is available on GitLab release.

Your semantic-release bot 📦 🚀

:tada: This MR is included in version 0.5.6 :tada: The release is available on [GitLab release](https://gitlab.com/marty-media/server/-/releases/v0.5.6). Your **[semantic-release](https://github.com/semantic-release/semantic-release)** bot :package: :rocket: