fix(deps): update dependency nanoid to v5.0.9 [security] #74

renovate · 2024-12-10T00:46:52Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
nanoid	`5.0.7` -> `5.0.9`

When nanoid is called with a fractional value, there were a number of undesirable effects:

in browser and non-secure, the code infinite loops on while (size--)
in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.

ai/nanoid (nanoid)

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 1a09fe6 to 9b6084a Compare March 3, 2025 16:46

renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 9b6084a to c8af075 Compare March 11, 2025 14:11

fix(deps): update dependency nanoid to v5.0.9 [security]

3fac1b5

renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from c8af075 to 3fac1b5 Compare March 17, 2025 13:24

Provide feedback