Closed dependabot[bot] closed 11 months ago
Latest commit: 28dfe70ebdbc6ebac25ee565578ec13594cc6bca
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
Hi, @thawankeane! Thanks for the bump.
This issue cuts both ways atm; if we upgrade to 3.22.x
then we force all users to do the same, as the two minors are incompatible.
We can try a slightly different approach to this - could you try out #350 for me? It should be installable via npm install inngest@pr-350
.
Hey @jpwilliams, I can confirm, the pr-350
version is working as expected, thanks for your time!
This is coming up in our security scans for 2.7.2, see CVE-2023-4316. Requesting this also be applied to 2.x.
@dependabot rebase
@thawankeane: Hey @jpwilliams, I can confirm, the
pr-350
version is working as expected, thanks for your time!
Thanks! This fix is shipped in v3.1.1.
@itzsaga: This is coming up in our security scans for 2.7.2, see CVE-2023-4316. Requesting this also be applied to 2.x.
Hi, @itzsaga! 👋 We don't currently validate using Zod; we only use it for the types, so this vulnerability can't be exploited in the library in v2 or v3. In fact, we just separated from the library a little bit more to ensure cross-minor compatibility - see #350.
I'm keeping this around so we can patch before we add validation - the main concern currently is TS 4.7 compatibility for typing over the unused validation side. #350 might have allowed us to patch this regardless. 🙂
@itzsaga: This is coming up in our security scans for 2.7.2, see CVE-2023-4316. Requesting this also be applied to 2.x.
Hi, @itzsaga! 👋 We don't currently validate using Zod; we only use it for the types, so this vulnerability can't be exploited in the library in v2 or v3. In fact, we just separated from the library a little bit more to ensure cross-minor compatibility - see #350.
I'm keeping this around so we can patch before we add validation - the main concern currently is TS 4.7 compatibility for typing over the unused validation side. #350 might have allowed us to patch this regardless. 🙂
Thanks for the explanation.
Bumps zod from 3.21.4 to 3.22.3.
Release notes
Sourced from zod's releases.
... (truncated)
Commits
1e61d76
3.22.32ba00fe
[2609] fix ReDoS vulnerability in email regex (#2824)ae0f7a2
docs: update ref to discriminated-unions docs (#2485)ad2ee9c
2718 Updated Custom Schemas documentation example to use type narrowing (#2778)28c1927
Update sponsors18115a8
Formatting64dcc8e
Update sponsorsf59be09
clarify datetime ISO 8601 (#2673)9bd3879
docs: remove obsolete text about readonly types (#2676)1e23990
CommitDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show