SocialGouv / e2esdk

SDK to build end-to-end encrypted web applications
https://socialgouv.github.io/e2esdk
Apache License 2.0
21 stars 0 forks source link

fix(deps): update dependency zod to v3.22.3 [security] #87

Open renovate[bot] opened 8 months ago

renovate[bot] commented 8 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
zod (source) 3.21.4 -> 3.22.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-4316

Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.


Release Notes

colinhacks/zod (zod) ### [`v3.22.3`](https://redirect.github.com/colinhacks/zod/releases/tag/v3.22.3) [Compare Source](https://redirect.github.com/colinhacks/zod/compare/v3.22.2...v3.22.3) ##### Commits: - [`1e23990`](https://redirect.github.com/colinhacks/zod/commit/1e23990bcdd33d1e81b31e40e77a031fcfd87ce1) Commit - [`9bd3879`](https://redirect.github.com/colinhacks/zod/commit/9bd3879b482f139fd03d5025813ee66a04195cdd) docs: remove obsolete text about readonly types ([#​2676](https://redirect.github.com/colinhacks/zod/issues/2676)) - [`f59be09`](https://redirect.github.com/colinhacks/zod/commit/f59be093ec21430d9f32bbcb628d7e39116adf34) clarify datetime ISO 8601 ([#​2673](https://redirect.github.com/colinhacks/zod/issues/2673)) - [`64dcc8e`](https://redirect.github.com/colinhacks/zod/commit/64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3) Update sponsors - [`18115a8`](https://redirect.github.com/colinhacks/zod/commit/18115a8f128680b4526df58ce96deab7dce93b93) Formatting - [`28c1927`](https://redirect.github.com/colinhacks/zod/commit/28c19273658b164c53c149785fa7a8187c428ad4) Update sponsors - [`ad2ee9c`](https://redirect.github.com/colinhacks/zod/commit/ad2ee9ccf723c4388158ff6b8669c2a6cdc85643) 2718 Updated Custom Schemas documentation example to use type narrowing ([#​2778](https://redirect.github.com/colinhacks/zod/issues/2778)) - [`ae0f7a2`](https://redirect.github.com/colinhacks/zod/commit/ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551) docs: update ref to discriminated-unions docs ([#​2485](https://redirect.github.com/colinhacks/zod/issues/2485)) - [`2ba00fe`](https://redirect.github.com/colinhacks/zod/commit/2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4) \[2609] fix ReDoS vulnerability in email regex ([#​2824](https://redirect.github.com/colinhacks/zod/issues/2824)) - [`1e61d76`](https://redirect.github.com/colinhacks/zod/commit/1e61d76cdec05de9271fc0df58798ddf9ce94923) 3.22.3 ### [`v3.22.2`](https://redirect.github.com/colinhacks/zod/releases/tag/v3.22.2) [Compare Source](https://redirect.github.com/colinhacks/zod/compare/v3.22.1...v3.22.2) ##### Commits: - [`13d9e6b`](https://redirect.github.com/colinhacks/zod/commit/13d9e6bda286cbd4c1b177171273695d8309e5de) Fix lint - [`0d49f10`](https://redirect.github.com/colinhacks/zod/commit/0d49f10b3c25a8e4cbb6534cc0773b195c56d06d) docs: add typeschema to ecosystem ([#​2626](https://redirect.github.com/colinhacks/zod/issues/2626)) - [`8e4af7b`](https://redirect.github.com/colinhacks/zod/commit/8e4af7b56df6f2e3daf0dd825b986f1d963025ce) X to Zod: add app.quicktype.io ([#​2668](https://redirect.github.com/colinhacks/zod/issues/2668)) - [`792b3ef`](https://redirect.github.com/colinhacks/zod/commit/792b3ef0d41c144cd10641c6966b98dae1222d82) Fix superrefine types ### [`v3.22.1`](https://redirect.github.com/colinhacks/zod/releases/tag/v3.22.1) [Compare Source](https://redirect.github.com/colinhacks/zod/compare/v3.22.0...v3.22.1) #### Commits: Fix handing of `this` in ZodFunction schemas. The parse logic for function schemas now requires the `Reflect` API. ```ts const methodObject = z.object({ property: z.number(), method: z.function().args(z.string()).returns(z.number()), }); const methodInstance = { property: 3, method: function (s: string) { return s.length + this.property; }, }; const parsed = methodObject.parse(methodInstance); parsed.method("length=8"); // => 11 (8 length + 3 property) ``` - [`932cc47`](https://redirect.github.com/colinhacks/zod/commit/932cc472d2e66430d368a409b8d251909d7d8d21) Initial prototype fix for issue [#​2651](https://redirect.github.com/colinhacks/zod/issues/2651) ([#​2652](https://redirect.github.com/colinhacks/zod/issues/2652)) - [`0a055e7`](https://redirect.github.com/colinhacks/zod/commit/0a055e726ac210ef6efc69aa70cd2491767f6060) 3.22.1 ### [`v3.22.0`](https://redirect.github.com/colinhacks/zod/releases/tag/v3.22.0) [Compare Source](https://redirect.github.com/colinhacks/zod/compare/v3.21.4...v3.22.0) #### `ZodReadonly` This release introduces `ZodReadonly` and the `.readonly()` method on `ZodType`. Calling `.readonly()` on any schema returns a `ZodReadonly` instance that wraps the original schema. The new schema parses all inputs using the original schema, then calls `Object.freeze()` on the result. The inferred type is also marked as `readonly`. ```ts const schema = z.object({ name: string }).readonly(); type schema = z.infer; // Readonly<{name: string}> const result = schema.parse({ name: "fido" }); result.name = "simba"; // error ``` The inferred type uses TypeScript's built-in readonly types when relevant. ```ts z.array(z.string()).readonly(); // readonly string[] z.tuple([z.string(), z.number()]).readonly(); // readonly [string, number] z.map(z.string(), z.date()).readonly(); // ReadonlyMap z.set(z.string()).readonly(); // ReadonlySet> ``` #### Commits: - [`6dad907`](https://redirect.github.com/colinhacks/zod/commit/6dad90785398885f7b058f5c0760d5ae5476b833) Comments - [`56ace68`](https://redirect.github.com/colinhacks/zod/commit/56ace682e4cc89132c034a3ae2c13b2d5b1a0115) Fix deno test - [`3809d54`](https://redirect.github.com/colinhacks/zod/commit/3809d54fc8c5dd0a0ce367bd2575fe3fdadf087d) Add superforms - [`d1ad522`](https://redirect.github.com/colinhacks/zod/commit/d1ad5221900af640bc3093a2fb0476ec0c94953e) Add transloadit - [`a3bb701`](https://redirect.github.com/colinhacks/zod/commit/a3bb701757127ffe05e773a2e449136b9b7efcb3) Testing on Typescript 5.0 ([#​2221](https://redirect.github.com/colinhacks/zod/issues/2221)) - [`51e14be`](https://redirect.github.com/colinhacks/zod/commit/51e14beeab2f469fcbf18e3df44653e1643f5487) docs: update deprecated link ([#​2219](https://redirect.github.com/colinhacks/zod/issues/2219)) - [`a263814`](https://redirect.github.com/colinhacks/zod/commit/a263814fc430db8d47430cd2884d2cea6b11c671) fixed Datetime & IP TOC links - [`502384e`](https://redirect.github.com/colinhacks/zod/commit/502384e56fe2b1f8173735df6c3b0d41bce04edc) docs: add mobx-zod-form to form integrations ([#​2299](https://redirect.github.com/colinhacks/zod/issues/2299)) - [`a8be450`](https://redirect.github.com/colinhacks/zod/commit/a8be4500851923aa865e009fe9c2855e80482047) docs: Add `zocker` to Ecosystem section ([#​2416](https://redirect.github.com/colinhacks/zod/issues/2416)) - [`15de22a`](https://redirect.github.com/colinhacks/zod/commit/15de22a3ba6144c7d8d2276e8e56174bcdfa7225) Allow subdomains and hyphens in `ZodString.email` ([#​2274](https://redirect.github.com/colinhacks/zod/issues/2274)) - [`00f5783`](https://redirect.github.com/colinhacks/zod/commit/00f5783602ccbe423deb0dbd76ecf13a276bc54d) Add `zod-openapi` to ecosystem ([#​2434](https://redirect.github.com/colinhacks/zod/issues/2434)) - [`0a17340`](https://redirect.github.com/colinhacks/zod/commit/0a17340e9fc4b909d10ca3687b6bc6454903ff21) docs: fix minor typo ([#​2439](https://redirect.github.com/colinhacks/zod/issues/2439)) - [`60a2134`](https://redirect.github.com/colinhacks/zod/commit/60a21346086d32ca9f39efc2771f5db37c835c03) Add masterborn - [`0a90ed1`](https://redirect.github.com/colinhacks/zod/commit/0a90ed1461dafa62ff50ce0d5d5434fd4a2a4a20) chore: move `exports.types` field to first spot @​ package.json. ([#​2443](https://redirect.github.com/colinhacks/zod/issues/2443)) - [`67f35b1`](https://redirect.github.com/colinhacks/zod/commit/67f35b16692ca33fd48adfec9ae83b9514f8a4b7) docs: allow Zod to be used in dev tools at site ([#​2432](https://redirect.github.com/colinhacks/zod/issues/2432)) - [`6795c57`](https://redirect.github.com/colinhacks/zod/commit/6795c574b1d34f6e95ae891f96d8b219b98ace92) Fix not working Deno doc link. ([#​2428](https://redirect.github.com/colinhacks/zod/issues/2428)) - [`37e9c55`](https://redirect.github.com/colinhacks/zod/commit/37e9c550460e4edd144da90d903e878c119c5cc1) Generalize uuidRegex - [`0969950`](https://redirect.github.com/colinhacks/zod/commit/09699501ff6218b3b0a7e382eca3c02a8226ce13) adds ctx to preprocess ([#​2426](https://redirect.github.com/colinhacks/zod/issues/2426)) - [`af08390`](https://redirect.github.com/colinhacks/zod/commit/af08390139cf9fd4fc9e398b60a39191bf224076) fix: super refinement function types ([#​2420](https://redirect.github.com/colinhacks/zod/issues/2420)) - [`36fef58`](https://redirect.github.com/colinhacks/zod/commit/36fef58410f4b2c9e79edabae2fc567a4aee13a7) Make email regex reasonable ([#​2157](https://redirect.github.com/colinhacks/zod/issues/2157)) - [`f627d14`](https://redirect.github.com/colinhacks/zod/commit/f627d14d3bfe3a680ac0d54705b2e63daa912aed) Document canary - [`e06321c`](https://redirect.github.com/colinhacks/zod/commit/e06321c15d22082e47c7c111a92ec7b3e104c644) docs: add tapiduck to API libraries ([#​2410](https://redirect.github.com/colinhacks/zod/issues/2410)) - [`11e507c`](https://redirect.github.com/colinhacks/zod/commit/11e507c4d3bf4ad3ab2057a0122168ed0048a2c4) docs: add ts as const example in zod enums ([#​2412](https://redirect.github.com/colinhacks/zod/issues/2412)) - [`5427565`](https://redirect.github.com/colinhacks/zod/commit/5427565c347a14056bc60e3ffd800b98753952bc) docs: add zod-fixture to mocking ecosystem ([#​2409](https://redirect.github.com/colinhacks/zod/issues/2409)) - [`d3bf7e6`](https://redirect.github.com/colinhacks/zod/commit/d3bf7e60a8eb706c4c63a9a91fd66565b82883cf) docs: add `zodock` to mocking ecosystem ([#​2394](https://redirect.github.com/colinhacks/zod/issues/2394)) - [`2270ae5`](https://redirect.github.com/colinhacks/zod/commit/2270ae563f7f14bed770f75d9c252880794fa71f) remove "as any" casts in createZodEnum ([#​2332](https://redirect.github.com/colinhacks/zod/issues/2332)) - [`00bdd0a`](https://redirect.github.com/colinhacks/zod/commit/00bdd0a7ffdf495af14e67ae1396c85a282c38dd) fix proto pollution vulnerability ([#​2239](https://redirect.github.com/colinhacks/zod/issues/2239)) - [`a3c5256`](https://redirect.github.com/colinhacks/zod/commit/a3c525658bc43edf40747a99b8f882d8d3d1e0c7) Fix error_handling unrecognized_keys example - [`4f75cbc`](https://redirect.github.com/colinhacks/zod/commit/4f75cbc682199a5411189f9cd9abba9af4924746) Adds getters to Map for key + value ([#​2356](https://redirect.github.com/colinhacks/zod/issues/2356)) - [`ca7b032`](https://redirect.github.com/colinhacks/zod/commit/ca7b03222764496d72085b1178fa22f4a57fe579) FMC ([#​2346](https://redirect.github.com/colinhacks/zod/issues/2346)) - [`6fec8bd`](https://redirect.github.com/colinhacks/zod/commit/6fec8bd3407f463f157522a3979b4d202870ba4c) docs: fix typo in link fragment ([#​2329](https://redirect.github.com/colinhacks/zod/issues/2329)) - [`16f90bd`](https://redirect.github.com/colinhacks/zod/commit/16f90bd22b465aca9a1fbad09248d80aa93fd824) Update README.md - [`2c80250`](https://redirect.github.com/colinhacks/zod/commit/2c802507d92d2d2e15be959695b1de78b896bfcb) Update readme - [`eaf64e0`](https://redirect.github.com/colinhacks/zod/commit/eaf64e09ba1a87dd6bf348fb97061894a01242d2) Update sponsors - [`c576311`](https://redirect.github.com/colinhacks/zod/commit/c5763112e2912390f3317d738e4261fa8747494e) Update readme - [`5e23b4f`](https://redirect.github.com/colinhacks/zod/commit/5e23b4fae4715c7391f9ceb4369421a034851b4c) Add `*.md` pattern to prettier ([#​2476](https://redirect.github.com/colinhacks/zod/issues/2476)) - [`898dced`](https://redirect.github.com/colinhacks/zod/commit/898dced470f1045b5469543abd2f427a713d93eb) Revamp tests - [`6309322`](https://redirect.github.com/colinhacks/zod/commit/6309322a28545e316299f8b9a36f43132d347300) Update test runners - [`c0aece1`](https://redirect.github.com/colinhacks/zod/commit/c0aece1672d1442d69ce1991142af8f16ed20ecb) Add vitest config - [`73a5610`](https://redirect.github.com/colinhacks/zod/commit/73a5610186c413872153e8dcac76c4c4f23dfe4e) Update script - [`8d8e1a2`](https://redirect.github.com/colinhacks/zod/commit/8d8e1a2d306cecaf3d8cb88f32fe3e130a834f9f) Fix deno test bug - [`9eb2508`](https://redirect.github.com/colinhacks/zod/commit/9eb2508fac78cc36faefd050e9616bb6d34814c1) Clean up configs - [`cfbc7b3`](https://redirect.github.com/colinhacks/zod/commit/cfbc7b3f6714ced250dd4053822faf472bf1828e) Fix root jest config - [`8677f68`](https://redirect.github.com/colinhacks/zod/commit/8677f688b0ab1bb5991e90744f46a15082772bd6) docs(comparison-yup): Yup added partial() and deepPartial() in v1 ([#​2603](https://redirect.github.com/colinhacks/zod/issues/2603)) - [`fb00edd`](https://redirect.github.com/colinhacks/zod/commit/fb00edd04ca338b8d791a96dead161076538c6c2) docs: add VeeValidate form library for Vue.js ([#​2578](https://redirect.github.com/colinhacks/zod/issues/2578)) - [`ab8e717`](https://redirect.github.com/colinhacks/zod/commit/ab8e71793431eeb163613007c134132e6c2ab078) docs: fix typo in z.object ([#​2570](https://redirect.github.com/colinhacks/zod/issues/2570)) - [`d870407`](https://redirect.github.com/colinhacks/zod/commit/d870407a020f9518fbae662f9f48a9aba005a3e2) docs: fix incomplete Records example ([#​2579](https://redirect.github.com/colinhacks/zod/issues/2579)) - [`5adae24`](https://redirect.github.com/colinhacks/zod/commit/5adae24e9b2fc98fc679defa8f78e4142d4c3451) docs: add conform form integration ([#​2577](https://redirect.github.com/colinhacks/zod/issues/2577)) - [`8b8ab3e`](https://redirect.github.com/colinhacks/zod/commit/8b8ab3e79691ebafbb9aac3ce089eaf0dcd6d8fe) Update README.md ([#​2562](https://redirect.github.com/colinhacks/zod/issues/2562)) - [`6aab901`](https://redirect.github.com/colinhacks/zod/commit/6aab9016873c12be08d19bcc097b3e5ba4c9d6fe) fix typo test name ([#​2542](https://redirect.github.com/colinhacks/zod/issues/2542)) - [`81a89f5`](https://redirect.github.com/colinhacks/zod/commit/81a89f593f4d6b05f770bbb3ad0fc98075f468dd) Update nullish documentation to correct chaining order ([#​2457](https://redirect.github.com/colinhacks/zod/issues/2457)) - [`78a4090`](https://redirect.github.com/colinhacks/zod/commit/78a409012a4dc34a455f5c4a7e028ca47c921e1b) docs: update comparison with `runtypes` ([#​2536](https://redirect.github.com/colinhacks/zod/issues/2536)) - [`1ecd624`](https://redirect.github.com/colinhacks/zod/commit/1ecd6241ef97b33ce229b49f1346ffeee5d0ba74) Fix prettier - [`981d4b5`](https://redirect.github.com/colinhacks/zod/commit/981d4b5e272e7e35ff44a31fbb5e8e90594b1933) Add ZodReadonly ([#​2634](https://redirect.github.com/colinhacks/zod/issues/2634)) - [`fba438c`](https://redirect.github.com/colinhacks/zod/commit/fba438cddea800b081a15aefc8b1efea2eccf7af) 3.22.0

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

sonarcloud[bot] commented 8 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

socket-security[bot] commented 8 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/clsx@1.2.1 None 0 5.67 kB lukeed

View full report↗︎

socket-security[bot] commented 8 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/core-js@3.29.1
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
Install scripts npm/core-js-pure@3.29.1
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/core-js@3.29.1
  • @SocketSecurity ignore npm/core-js-pure@3.29.1