In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.
Release Notes
kelektiv/node.bcrypt.js
### [`v5.0.0`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#500-2020-06-02)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0)
- Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
- Experimental support for z/OS
- Fix a bug related to NUL in password input
- Update `node-pre-gyp` to 0.15.0
### [`v4.0.1`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#401-2020-02-27)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v4.0.0...v4.0.1)
- Fix compilation errors in Alpine linux
### [`v4.0.0`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#400-2020-02-17)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.8...v4.0.0)
- Switch to NAPI bcrypt
- Drop support for NodeJS 8
### [`v3.0.8`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#308-2019-12-31)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.7...v3.0.8)
- Update `node-pre-gyp` to 0.14
- Pre-built binaries for NodeJS 13
### [`v3.0.7`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#307-2019-10-18)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.6...v3.0.7)
- Update `nan` to 2.14.0
- Update `node-pre-gyp` to 0.13
### [`v3.0.6`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#306-2019-04-11)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.5...v3.0.6)
- Update `nan` to 2.13.2
### [`v3.0.5`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#305-2019-03-19)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.4...v3.0.5)
- Update `nan` to 2.13.1
- NodeJS 12 compatibility
- Remove `node-pre-gyp` from bundled dependencies
### [`v3.0.4`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#304-napi-2019-03-08)
[Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.3...v3.0.4)
- Sync N-API bcrypt with NAN bcrypt
Renovate configuration
:date: Schedule: "" in timezone Europe/Berlin.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
3.0.3->5.0.0GitHub Vulnerability Alerts
CVE-2020-7689
In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.
Release Notes
kelektiv/node.bcrypt.js
### [`v5.0.0`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#500-2020-06-02) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0) - Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug was unsuccessful. - Experimental support for z/OS - Fix a bug related to NUL in password input - Update `node-pre-gyp` to 0.15.0 ### [`v4.0.1`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#401-2020-02-27) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v4.0.0...v4.0.1) - Fix compilation errors in Alpine linux ### [`v4.0.0`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#400-2020-02-17) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.8...v4.0.0) - Switch to NAPI bcrypt - Drop support for NodeJS 8 ### [`v3.0.8`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#308-2019-12-31) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.7...v3.0.8) - Update `node-pre-gyp` to 0.14 - Pre-built binaries for NodeJS 13 ### [`v3.0.7`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#307-2019-10-18) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.6...v3.0.7) - Update `nan` to 2.14.0 - Update `node-pre-gyp` to 0.13 ### [`v3.0.6`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#306-2019-04-11) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.5...v3.0.6) - Update `nan` to 2.13.2 ### [`v3.0.5`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#305-2019-03-19) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.4...v3.0.5) - Update `nan` to 2.13.1 - NodeJS 12 compatibility - Remove `node-pre-gyp` from bundled dependencies ### [`v3.0.4`](https://togithub.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md#304-napi-2019-03-08) [Compare Source](https://togithub.com/kelektiv/node.bcrypt.js/compare/v3.0.3...v3.0.4) - Sync N-API bcrypt with NAN bcryptRenovate configuration
:date: Schedule: "" in timezone Europe/Berlin.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.