Skip to content

chore(deps): bump nanoid to ^3.1.29 [security]#63

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-nanoid-vulnerability
Open

chore(deps): bump nanoid to ^3.1.29 [security]#63
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-nanoid-vulnerability

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented May 28, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nanoid 3.1.293.1.31 age adoption passing confidence

Exposure of Sensitive Information to an Unauthorized Actor in nanoid

CVE-2021-23566 / GHSA-qrpm-p2h7-hrv2

More information

Details

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Severity

  • CVSS Score: 5.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

ai/nanoid (nanoid)

v3.1.31

Compare Source

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

v3.1.30

Compare Source

  • Reduced size for project with brotli compression (by Anton Khlynovskiy).

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch from 24b1614 to cf90b20 Compare November 6, 2023 07:05
@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch from cf90b20 to a5955e9 Compare December 2, 2024 08:14
@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 776d841 to 80a43e6 Compare March 17, 2025 12:50
@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch from 80a43e6 to fee1b0c Compare April 1, 2025 12:30
@renovate renovate Bot changed the title chore(deps): bump nanoid to ^3.1.29 [security] chore(deps): bump nanoid to ^3.1.29 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-nanoid-vulnerability branch March 27, 2026 01:23
@renovate renovate Bot changed the title chore(deps): bump nanoid to ^3.1.29 [security] - autoclosed chore(deps): bump nanoid to ^3.1.29 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from fee1b0c to 88b072b Compare March 30, 2026 22:18
@renovate renovate Bot changed the title chore(deps): bump nanoid to ^3.1.29 [security] chore(deps): bump nanoid to ^3.1.29 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title chore(deps): bump nanoid to ^3.1.29 [security] - autoclosed chore(deps): bump nanoid to ^3.1.29 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 88b072b to 433c42e Compare April 27, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants