Skip to content

Update dependency bn.js to v5.2.3 [SECURITY]#4653

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-bn.js-vulnerability
Open

Update dependency bn.js to v5.2.3 [SECURITY]#4653
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-bn.js-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 22, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
bn.js 5.2.25.2.3 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-2739

This affects versions of the package bn.js before 4.12.3 and 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

Release Notes

indutny/bn.js (bn.js)

v5.2.3

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) February 22, 2026 02:25
@changeset-bot
Copy link

changeset-bot bot commented Feb 22, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: e91b60d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/npm-bn.js-vulnerability branch 2 times, most recently from 6fbc1df to 08ccf89 Compare February 24, 2026 13:47
@renovate renovate bot changed the title Update dependency bn.js to v5.2.3 [SECURITY] Update dependency bn.js to v5.2.3 [SECURITY] - autoclosed Feb 24, 2026
@renovate renovate bot closed this Feb 24, 2026
auto-merge was automatically disabled February 24, 2026 15:30

Pull request was closed

@renovate renovate bot deleted the renovate/npm-bn.js-vulnerability branch February 24, 2026 15:30
@renovate renovate bot changed the title Update dependency bn.js to v5.2.3 [SECURITY] - autoclosed Update dependency bn.js to v5.2.3 [SECURITY] Feb 24, 2026
@renovate renovate bot reopened this Feb 24, 2026
@renovate renovate bot force-pushed the renovate/npm-bn.js-vulnerability branch 3 times, most recently from aee9094 to e6b98b5 Compare February 25, 2026 12:08
@renovate renovate bot enabled auto-merge (squash) February 25, 2026 12:08
@renovate renovate bot force-pushed the renovate/npm-bn.js-vulnerability branch 16 times, most recently from 79a1f84 to 3f40a8b Compare March 2, 2026 19:12
@renovate renovate bot force-pushed the renovate/npm-bn.js-vulnerability branch 8 times, most recently from 590f6b9 to cb8eaf9 Compare March 5, 2026 21:06
@renovate renovate bot force-pushed the renovate/npm-bn.js-vulnerability branch from cb8eaf9 to e91b60d Compare March 6, 2026 03:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants