fix(deps): Exposure of Sensitive Information to an Unauthorized Actor in nanoid

8 months ago · edaf6b9f19
2 changed files with 9 additions and 9 deletions
--- a/packages/nocodb/package.json
+++ b/packages/nocodb/package.json
@ -130,7 +130,7 @@
    "mssql": "^10.0.2",
    "multer": "^1.4.5-lts.1",
    "mysql2": "^3.6.5",
-    "nanoid": "^3.1.20",
+    "nanoid": "^5.0.4",
    "nc-help": "0.3.1",
    "nc-lib-gui": "0.204.0",
    "nc-plugin": "^0.1.3",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -665,8 +665,8 @@ importers:
        specifier: ^3.6.5
        version: 3.6.5
      nanoid:
-        specifier: ^3.1.20
-        version: 3.1.20
+        specifier: ^5.0.4
+        version: 5.0.4
      nc-help:
        specifier: 0.3.1
        version: 0.3.1(asn1.js@5.4.1)(debug@4.3.4)(knex@2.4.2)
@ -19873,12 +19873,6 @@ packages:
    dependencies:
      lru-cache: 7.18.3

-  /nanoid@3.1.20:
-    resolution: {integrity: sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==}
-    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
-    hasBin: true
-    dev: false
-
  /nanoid@3.3.3:
    resolution: {integrity: sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==}
    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
@ -19896,6 +19890,12 @@ packages:
    hasBin: true
    dev: true

+  /nanoid@5.0.4:
+    resolution: {integrity: sha512-vAjmBf13gsmhXSgBrtIclinISzFFy22WwCYoyilZlsrRXNIHSwgFQ1bEdjRwMT3aoadeIF6HMuDRlOxzfXV8ig==}
+    engines: {node: ^18 || >=20}
+    hasBin: true
+    dev: false
+
  /nanopop@2.3.0:
    resolution: {integrity: sha512-fzN+T2K7/Ah25XU02MJkPZ5q4Tj5FpjmIYq4rvoHX4yb16HzFdCO6JxFFn5Y/oBhQ8no8fUZavnyIv9/+xkBBw==}
    dev: false