search

matthewhudson / pxon

πŸ‘Ύ A JavaScript module for importing, creating, manipulating, and exporting PXON schema.
https://matthewhudson.github.io/pxon/
26 stars 1 forks source link

chore(deps): update dependency cryptiles to 4.1.2 [security] #46

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 3 years ago

Mend Renovate

This PR contains the following updates:

Package Change
cryptiles 2.0.5 -> 4.1.2

GitHub Vulnerability Alerts

CVE-2018-1000620

Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits() method does not provide sufficient entropy and its generates digits that are not evenly distributed.

Recommendation

Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptiles and it is strongly recommended to use the maintained package.

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 3 years ago

Codecov Report

Merging #46 (5873610) into master (56e1707) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##            master       #46   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           29        29           
=========================================
  Hits            29        29

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 56e1707...5873610. Read the comment docs.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

renovate[bot] commented 1 year ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (4.1.2). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.