Update dependency pubnub to v7 [SECURITY] #28
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.21.6
->^7.0.0
GitHub Vulnerability Alerts
CVE-2023-26154
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.
Note:
In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.
Release Notes
pubnub/javascript (pubnub)
v7.4.0
Compare Source
October 16 2023
Added
Fixed
v7.3.3
Compare Source
September 11 2023
Fixed
v7.3.2
Compare Source
August 31 2023
Fixed
v7.3.1
Compare Source
August 21 2023
Fixed
v7.3.0
Compare Source
July 26 2023
Fixed
v7.2.3
Compare Source
June 19 2023
Added
withHeartbeat
to set state through heartbeat endpoint.v7.2.2
Compare Source
December 12 2022
Fixed
v7.2.1
Compare Source
November 10 2022
Fixed
v7.2.0
Compare Source
July 01 2022
Added
v7.1.2
Compare Source
June 22 2022
Fixed
v7.1.1
Compare Source
June 14 2022
Added
type
andstatus
fields inUser
andSpace
.status
field in memberships.v7.0.1
Compare Source
May 24 2022
v7.0.0
Compare Source
May 24 2022
Modified
v5.0.1
Compare Source
March 02 2022
Fixed
v5.0.0
Compare Source
January 12 2022
Modified
uuid
is required parameter in PubNub constructor.v4.37.0
Compare Source
December 16 2021
Added
v4.36.0
Compare Source
December 09 2021
Fixed
v4.35.0
Compare Source
December 02 2021
Added
v4.34.2
Compare Source
December 01 2021
Fixed
v4.34.1
Compare Source
November 19 2021
Fixed
.npmignore
and excluded resources from from NPM package. Fixed the following issues reported by @ElridgeDMello: #228.v4.34.0
Compare Source
November 19 2021
Added
v4.33.1
Compare Source
October-18-2021
Full Changelog
fileUploadPublishRetryLimit
setting of PubNub instance.v4.33.0
Compare Source
August-31-2021
Full Changelog
v4.32.1
Compare Source
May-26-2021
Full Changelog
getAllUUIDMetadata
call.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.