Skip to content

chore(deps): update dependency nanoid to v3.3.8 [security]#399

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-nanoid-vulnerability
Open

chore(deps): update dependency nanoid to v3.3.8 [security]#399
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-nanoid-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Dec 11, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
nanoid 3.3.43.3.8 age confidence

GitHub Vulnerability Alerts

CVE-2024-55565

When nanoid is called with a fractional value, there were a number of undesirable effects:

  1. in browser and non-secure, the code infinite loops on while (size--)
  2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
  3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.

Severity
  • CVSS Score: 4.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Release Notes

ai/nanoid (nanoid)

v3.3.8

Compare Source

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

v3.3.7

Compare Source

  • Fixed node16 TypeScript support (by Saadi Myftija).

v3.3.6

Compare Source

  • Fixed package.

v3.3.5

Compare Source

  • Backport funding information.

Configuration

📅 Schedule: (in timezone Europe/Prague)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Dec 11, 2024
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from d1c511d to 682910b Compare December 12, 2024 11:08
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 996c62e to a686e11 Compare January 30, 2025 17:38
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from a686e11 to 3174f8c Compare February 9, 2025 13:37
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 3 times, most recently from 0464aa5 to e75e781 Compare March 3, 2025 12:54
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 84368cb to 58091a5 Compare March 13, 2025 18:42
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 65cc2f6 to 6e0da73 Compare April 1, 2025 10:50
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 6e0da73 to 11fa3ca Compare April 8, 2025 11:28
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 11fa3ca to d6b8d4a Compare April 24, 2025 10:28
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from ac966d9 to 0d46bc8 Compare May 23, 2025 15:40
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from f66bb96 to 664dfca Compare May 28, 2025 07:40
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 044e504 to 60f2df6 Compare June 9, 2025 11:00
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from ec9bc62 to ff9c6c5 Compare June 23, 2025 09:18
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 4 times, most recently from bb3da13 to c2aef1b Compare July 7, 2025 12:59
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from c2aef1b to 6b8848a Compare July 9, 2025 13:07
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 6b8848a to b7dc050 Compare July 17, 2025 15:15
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from b7dc050 to 9de02f5 Compare July 31, 2025 09:00
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 9de02f5 to 4b07327 Compare August 6, 2025 12:12
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 5f15efa to ceccc8f Compare August 18, 2025 14:33
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from ceccc8f to 1efeedc Compare August 29, 2025 12:52
@renovate renovate bot changed the title fix(deps): update dependency nanoid to v3.3.8 [security] chore(deps): update dependency nanoid to v3.3.8 [security] Sep 26, 2025
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from f72dff2 to 75d87d3 Compare October 23, 2025 13:21
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 75d87d3 to f218805 Compare November 11, 2025 14:47
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Nov 11, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from b8f2517 to 348b43a Compare December 3, 2025 13:46
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 348b43a to 797859a Compare December 31, 2025 16:34
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 797859a to 697c8ae Compare January 19, 2026 16:28
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 697c8ae to 7b6903a Compare February 2, 2026 20:55
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from 7b6903a to c0afef3 Compare February 12, 2026 14:00
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from c0afef3 to 5d79b20 Compare March 5, 2026 15:33
@renovate renovate bot changed the title chore(deps): update dependency nanoid to v3.3.8 [security] chore(deps): update dependency nanoid to v3.3.8 [security] - autoclosed Mar 27, 2026
@renovate renovate bot closed this Mar 27, 2026
@renovate renovate bot deleted the renovate/npm-nanoid-vulnerability branch March 27, 2026 01:39
@renovate renovate bot changed the title chore(deps): update dependency nanoid to v3.3.8 [security] - autoclosed chore(deps): update dependency nanoid to v3.3.8 [security] Mar 30, 2026
@renovate renovate bot reopened this Mar 30, 2026
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch 2 times, most recently from 5d79b20 to bd002f3 Compare March 30, 2026 17:58
@renovate renovate bot force-pushed the renovate/npm-nanoid-vulnerability branch from bd002f3 to 3501fbd Compare April 8, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants