Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency zod to v3.22.3 [security] #1062

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency zod to v3.22.3 [security] #1062

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 6, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
zod (source) 3.21.4 -> 3.22.3 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-4316

Zod version 3.22.2 allows an attacker to perform a denial of service while validating emails.

Release Notes

colinhacks/zod (zod)

v3.22.3

Compare Source

Commits:

v3.22.2

Compare Source

Commits:

v3.22.1

Compare Source

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)

v3.22.0

Compare Source

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

Calling .readonly() on any schema returns a ZodReadonly instance that wraps the original schema. The new schema parses all inputs using the original schema, then calls Object.freeze() on the result. The inferred type is also marked as readonly.

const schema = z.object({ name: string }).readonly();
type schema = z.infer<typeof schema>;
// Readonly<{name: string}>

const result = schema.parse({ name: "fido" });
result.name = "simba"; // error

The inferred type uses TypeScript's built-in readonly types when relevant.

z.array(z.string()).readonly();
// readonly string[]

z.tuple([z.string(), z.number()]).readonly();
// readonly [string, number]

z.map(z.string(), z.date()).readonly();
// ReadonlyMap<string, Date>

z.set(z.string()).readonly();
// ReadonlySet<Promise<string>>

Commits:

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Oct 6, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Oct 6, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/token-providers@npm:3.523.0 doesn't provide @aws-sdk/credential-provider-node (pc9a53), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @aws-sdk/token-providers@npm:3.525.0 doesn't provide @aws-sdk/credential-provider-node (pcac39), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @lerna/version@npm:5.6.2 doesn't provide nx (p20b2d), requested by @nrwl/devkit
➤ YN0002: │ @shared/utils@workspace:shared/utils doesn't provide @swc/core (p28398), requested by @swc/jest
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p25b1e), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p2322a), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pda81a), requested by react-feather
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pc8483), requested by react-tabs
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pae870), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p5018a), requested by use-onclickoutside
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p7bd1d), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p315a7), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p463ae), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-is (p5206e), requested by styled-components
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6560d), requested by @tiptap/core
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p1fe9b), requested by @tiptap/extension-code-block
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pda644), requested by @tiptap/extension-dropcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pa1b36), requested by @tiptap/extension-gapcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6fff9), requested by @tiptap/extension-history
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p85123), requested by @tiptap/extension-horizontal-rule
➤ YN0002: │ babel-plugin-styled-components@npm:2.1.4 [bb3ef] doesn't provide @babel/core (p6f303), requested by @babel/plugin-syntax-jsx
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @testing-library/dom (p3b203), requested by @testing-library/user-event
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p76d20), requested by @tiptap-pro/extension-details-content
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p17edc), requested by @tiptap-pro/extension-details-summary
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pd7d9d), requested by @tiptap-pro/extension-details
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb6f97), requested by @tiptap/extension-link
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p06ec2), requested by @tiptap/extension-placeholder
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb36e0), requested by @tiptap/extension-table-cell
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pe4bdb), requested by @tiptap/extension-table-header
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2de94), requested by @tiptap/extension-table-row
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2e5c3), requested by @tiptap/extension-table
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pbd616), requested by @tiptap/react
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pf2b7a) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p6bbce) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p33600) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pfc100) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p90d1a) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p19c5b) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p3bf58) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p9cf59) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p29f85) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (pe4e63) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide react-is (pd0ac5), requested by @reach/menu-button
➤ YN0060: │ ingester@workspace:targets/ingester provides typescript (p0efae) with version 5.4.3, which doesn't satisfy what ts-jest requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 3s 138ms
➤ YN0000: ┌ Fetch step
➤ YN0035: │ @tiptap-pro/extension-details@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details/-/extension-details-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details-content@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-content/-/extension-details-content-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details-summary@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-summary/-/extension-details-summary-2.3.3.tgz
➤ YN0013: │ 2204 packages were already cached, 7 had to be fetched
➤ YN0000: └ Completed in 5s 213ms
➤ YN0000: Failed with errors in 8s 361ms

@sonarcloud
Copy link

sonarcloud bot commented Oct 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@socket-security
Copy link

socket-security bot commented Oct 6, 2023
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None 0 616 kB colinmcd94

🚮 Removed packages: npm/[email protected]

View full report↗︎

@renovate renovate bot force-pushed the renovate/npm-zod-vulnerability branch from 3cf8bfe to e5e0c0e Compare April 8, 2024 15:00
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 8, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 4, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/token-providers@npm:3.523.0 doesn't provide @aws-sdk/credential-provider-node (pc9a53), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @aws-sdk/token-providers@npm:3.525.0 doesn't provide @aws-sdk/credential-provider-node (pcac39), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @lerna/version@npm:5.6.2 doesn't provide nx (p20b2d), requested by @nrwl/devkit
➤ YN0002: │ @shared/utils@workspace:shared/utils doesn't provide @swc/core (p28398), requested by @swc/jest
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p25b1e), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p2322a), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pda81a), requested by react-feather
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pc8483), requested by react-tabs
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pae870), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p5018a), requested by use-onclickoutside
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p7bd1d), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p315a7), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p463ae), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-is (p5206e), requested by styled-components
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6560d), requested by @tiptap/core
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p1fe9b), requested by @tiptap/extension-code-block
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pda644), requested by @tiptap/extension-dropcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pa1b36), requested by @tiptap/extension-gapcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6fff9), requested by @tiptap/extension-history
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p85123), requested by @tiptap/extension-horizontal-rule
➤ YN0002: │ babel-plugin-styled-components@npm:2.1.4 [bb3ef] doesn't provide @babel/core (p6f303), requested by @babel/plugin-syntax-jsx
➤ YN0060: │ frontend@workspace:targets/frontend provides @mui/material (pddd60) with version 5.14.11, which doesn't satisfy what @mui/x-date-pickers requests
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @testing-library/dom (p3b203), requested by @testing-library/user-event
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p76d20), requested by @tiptap-pro/extension-details-content
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p17edc), requested by @tiptap-pro/extension-details-summary
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pd7d9d), requested by @tiptap-pro/extension-details
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb6f97), requested by @tiptap/extension-link
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p06ec2), requested by @tiptap/extension-placeholder
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb36e0), requested by @tiptap/extension-table-cell
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pe4bdb), requested by @tiptap/extension-table-header
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2de94), requested by @tiptap/extension-table-row
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2e5c3), requested by @tiptap/extension-table
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pbd616), requested by @tiptap/react
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pf2b7a) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p6bbce) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p33600) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pfc100) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p90d1a) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p19c5b) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p3bf58) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p9cf59) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p29f85) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (pe4e63) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide react-is (pd0ac5), requested by @reach/menu-button
➤ YN0060: │ ingester@workspace:targets/ingester provides typescript (p0efae) with version 5.4.3, which doesn't satisfy what ts-jest requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 1s 553ms
➤ YN0000: ┌ Fetch step
➤ YN0035: │ @tiptap-pro/extension-details-summary@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-summary/-/extension-details-summary-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details-content@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-content/-/extension-details-content-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details/-/extension-details-2.3.3.tgz
➤ YN0013: │ 2217 packages were already cached, 4 had to be fetched
➤ YN0000: └ Completed in 5s 131ms
➤ YN0000: Failed with errors in 6s 703ms

@renovate renovate bot changed the title fix(deps): update dependency zod to v3.22.3 [security] fix(deps): update dependency zod to v3.22.3 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-zod-vulnerability branch December 8, 2024 18:35
@renovate renovate bot changed the title fix(deps): update dependency zod to v3.22.3 [security] - autoclosed fix(deps): update dependency zod to v3.22.3 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-zod-vulnerability branch from d7357bd to e5e0c0e Compare December 8, 2024 21:17
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 8, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants