From d64c599a70dc8482b7b47c22f67d79c50b62f9b7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 00:31:34 +0000
Subject: [PATCH 1/2] fix(astro): Update dependency nanoid to v5.0.9 [SECURITY]

---
 packages/astro/package.json |  2 +-
 pnpm-lock.yaml              | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/packages/astro/package.json b/packages/astro/package.json
index f0da99a4bd6..dafda0bbb94 100644
--- a/packages/astro/package.json
+++ b/packages/astro/package.json
@@ -84,7 +84,7 @@
     "@clerk/backend": "workspace:*",
     "@clerk/shared": "workspace:*",
     "@clerk/types": "workspace:*",
-    "nanoid": "5.0.7",
+    "nanoid": "5.0.9",
     "nanostores": "0.11.3"
   },
   "devDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index e8aeba7be97..1faf6bcebbc 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -232,8 +232,8 @@ importers:
         specifier: ^4.15.0 || ^5.0.0
         version: 4.16.1(@types/node@22.9.0)(rollup@4.26.0)(terser@5.31.1)(typescript@5.6.3)
       nanoid:
-        specifier: 5.0.7
-        version: 5.0.7
+        specifier: 5.0.9
+        version: 5.0.9
       nanostores:
         specifier: 0.11.3
         version: 0.11.3
@@ -11337,8 +11337,8 @@ packages:
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
     hasBin: true
 
-  nanoid@5.0.7:
-    resolution: {integrity: sha512-oLxFY2gd2IqnjcYyOXD8XGCftpGtZP2AbHbOkthDkvRywH5ayNtPVy9YlOPcHckXzbLTCHpkb7FB+yuxKV13pQ==}
+  nanoid@5.0.9:
+    resolution: {integrity: sha512-Aooyr6MXU6HpvvWXKoVoXwKMs/KyVakWwg7xQfv5/S/RIgJMy0Ifa45H9qqYy7pTCszrHzP21Uk4PZq2HpEM8Q==}
     engines: {node: ^18 || >=20}
     hasBin: true
 
@@ -18552,7 +18552,7 @@ snapshots:
       is-docker: 3.0.0
       jiti: 1.21.6
       mri: 1.2.0
-      nanoid: 5.0.7
+      nanoid: 5.0.9
       ofetch: 1.4.1
       package-manager-detector: 0.2.2
       parse-git-config: 3.0.0
@@ -28824,7 +28824,7 @@ snapshots:
 
   nanoid@3.3.7: {}
 
-  nanoid@5.0.7: {}
+  nanoid@5.0.9: {}
 
   nanostores@0.11.3: {}
 

From 0dd306e1dd5fd6dbac61374162f045f3330459e4 Mon Sep 17 00:00:00 2001
From: Jacek <jacek@clerk.dev>
Date: Mon, 9 Dec 2024 21:19:12 -0600
Subject: [PATCH 2/2] changeset

---
 .changeset/rotten-jobs-lie.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .changeset/rotten-jobs-lie.md

diff --git a/.changeset/rotten-jobs-lie.md b/.changeset/rotten-jobs-lie.md
new file mode 100644
index 00000000000..b0cf59f5f42
--- /dev/null
+++ b/.changeset/rotten-jobs-lie.md
@@ -0,0 +1,6 @@
+---
+'@clerk/astro': patch
+---
+
+Addresses: CVE-2024-55565i
+nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.