This repository has been archived by the owner on Sep 3, 2022. It is now read-only.

Update dependency bcrypt to v5 [SECURITY] #107

Open

renovate wants to merge 1 commit into master from renovate/npm-bcrypt-vulnerability

renovate bot commented Aug 26, 2020 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bcrypt	`3.0.6` -> `5.0.0`

GitHub Vulnerability Alerts

CVE-2020-7689

In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.

Release Notes

kelektiv/node.bcrypt.js

`v5.0.0`

Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
- Experimental support for z/OS
- Fix a bug related to NUL in password input
- Update node-pre-gyp to 0.15.0

`v4.0.1`

Fix compilation errors in Alpine linux

`v4.0.0`

Switch to NAPI bcrypt
- Drop support for NodeJS 8

`v3.0.8`

Update node-pre-gyp to 0.14
- Pre-built binaries for NodeJS 13

`v3.0.7`

Update nan to 2.14.0
- Update node-pre-gyp to 0.13

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.


          Update dependency bcrypt to v5 [SECURITY]

03b1ae8

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet