Skip to content

Commit

Permalink
fix(astro): Update dependency nanoid to v5.0.9 [SECURITY] (#4744)
Browse files Browse the repository at this point in the history 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jacek <[email protected]>
  • Loading branch information
@renovate @jacekradko
renovate[bot] and jacekradko authored Dec 10, 2024
1 parent d0efff7 commit 3a1d19a
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 7 deletions.
6 changes: 6 additions & 0 deletions .changeset/rotten-jobs-lie.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
'@clerk/astro': patch
---

Addresses: CVE-2024-55565i
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
2 changes: 1 addition & 1 deletion packages/astro/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@
"@clerk/backend": "workspace:*",
"@clerk/shared": "workspace:*",
"@clerk/types": "workspace:*",
"nanoid": "5.0.7",
"nanoid": "5.0.9",
"nanostores": "0.11.3"
},
"devDependencies": {
Expand Down
12 changes: 6 additions & 6 deletions pnpm-lock.yaml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3a1d19a

Please sign in to comment.