Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update npm package nanoid to v3.3.8 [SECURITY] #5843

Merged
merged 1 commit into from
Dec 10, 2024

Conversation

hash-worker[bot]
Copy link
Contributor

@hash-worker hash-worker bot commented Dec 9, 2024

This PR contains the following updates:

Package Type Update Change
nanoid dependencies patch 3.3.7 -> 3.3.8

GitHub Vulnerability Alerts

CVE-2024-55565

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.


Release Notes

ai/nanoid (nanoid)

v3.3.8

Compare Source

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@hash-worker hash-worker bot enabled auto-merge December 9, 2024 23:09
@github-actions github-actions bot added area/deps Relates to third-party dependencies (area) area/apps > hash* Affects HASH (a `hash-*` app) area/apps > hash-api Affects the HASH API (app) type/eng > backend Owned by the @backend team area/apps labels Dec 9, 2024
Copy link
Contributor

github-actions bot commented Dec 9, 2024

Benchmark results

@rust/hash-graph-benches – Integrations

representative_read_entity

Function Value Mean Flame graphs
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1 $$16.9 \mathrm{ms} \pm 206 \mathrm{μs}\left({\color{lightgreen}-29.054 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1 $$16.9 \mathrm{ms} \pm 208 \mathrm{μs}\left({\color{gray}-1.394 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1 $$17.9 \mathrm{ms} \pm 204 \mathrm{μs}\left({\color{gray}4.08 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1 $$16.9 \mathrm{ms} \pm 214 \mathrm{μs}\left({\color{gray}-1.044 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1 $$17.1 \mathrm{ms} \pm 212 \mathrm{μs}\left({\color{gray}-1.592 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1 $$17.7 \mathrm{ms} \pm 193 \mathrm{μs}\left({\color{red}6.96 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1 $$17.2 \mathrm{ms} \pm 212 \mathrm{μs}\left({\color{gray}-0.415 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1 $$16.7 \mathrm{ms} \pm 191 \mathrm{μs}\left({\color{lightgreen}-30.768 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2 $$16.6 \mathrm{ms} \pm 229 \mathrm{μs}\left({\color{lightgreen}-21.615 \mathrm{\%}}\right) $$ Flame Graph

representative_read_multiple_entities

Function Value Mean Flame graphs
entity_by_property depths: DT=255, PT=255, ET=255, E=255 $$66.5 \mathrm{ms} \pm 348 \mathrm{μs}\left({\color{gray}-0.934 \mathrm{\%}}\right) $$ Flame Graph
entity_by_property depths: DT=0, PT=0, ET=0, E=0 $$39.2 \mathrm{ms} \pm 141 \mathrm{μs}\left({\color{gray}-0.513 \mathrm{\%}}\right) $$ Flame Graph
entity_by_property depths: DT=2, PT=2, ET=2, E=2 $$57.2 \mathrm{ms} \pm 213 \mathrm{μs}\left({\color{gray}0.038 \mathrm{\%}}\right) $$ Flame Graph
entity_by_property depths: DT=0, PT=0, ET=0, E=2 $$43.7 \mathrm{ms} \pm 207 \mathrm{μs}\left({\color{gray}0.353 \mathrm{\%}}\right) $$ Flame Graph
entity_by_property depths: DT=0, PT=0, ET=2, E=2 $$49.4 \mathrm{ms} \pm 246 \mathrm{μs}\left({\color{gray}-0.356 \mathrm{\%}}\right) $$ Flame Graph
entity_by_property depths: DT=0, PT=2, ET=2, E=2 $$53.7 \mathrm{ms} \pm 230 \mathrm{μs}\left({\color{gray}-1.046 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=255, PT=255, ET=255, E=255 $$108 \mathrm{ms} \pm 425 \mathrm{μs}\left({\color{gray}-0.590 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=0, PT=0, ET=0, E=0 $$43.5 \mathrm{ms} \pm 161 \mathrm{μs}\left({\color{gray}0.439 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=2, PT=2, ET=2, E=2 $$100 \mathrm{ms} \pm 403 \mathrm{μs}\left({\color{gray}-0.126 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=0, PT=0, ET=0, E=2 $$83.0 \mathrm{ms} \pm 343 \mathrm{μs}\left({\color{gray}0.504 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=0, PT=0, ET=2, E=2 $$91.7 \mathrm{ms} \pm 413 \mathrm{μs}\left({\color{gray}-1.574 \mathrm{\%}}\right) $$ Flame Graph
link_by_source_by_property depths: DT=0, PT=2, ET=2, E=2 $$96.5 \mathrm{ms} \pm 325 \mathrm{μs}\left({\color{gray}-0.245 \mathrm{\%}}\right) $$ Flame Graph

representative_read_entity_type

Function Value Mean Flame graphs
get_entity_type_by_id Account ID: d4e16033-c281-4cde-aa35-9085bf2e7579 $$1.39 \mathrm{ms} \pm 3.69 \mathrm{μs}\left({\color{gray}-0.319 \mathrm{\%}}\right) $$ Flame Graph

scaling_read_entity_complete_one_depth

Function Value Mean Flame graphs
entity_by_id 50 entities $$267 \mathrm{ms} \pm 1.01 \mathrm{ms}\left({\color{gray}-0.332 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 5 entities $$26.8 \mathrm{ms} \pm 251 \mathrm{μs}\left({\color{gray}0.403 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 1 entities $$20.1 \mathrm{ms} \pm 67.3 \mathrm{μs}\left({\color{gray}-1.639 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 10 entities $$57.3 \mathrm{ms} \pm 351 \mathrm{μs}\left({\color{red}52.2 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 25 entities $$177 \mathrm{ms} \pm 570 \mathrm{μs}\left({\color{gray}-0.720 \mathrm{\%}}\right) $$ Flame Graph

scaling_read_entity_linkless

Function Value Mean Flame graphs
entity_by_id 1 entities $$1.94 \mathrm{ms} \pm 7.26 \mathrm{μs}\left({\color{gray}0.335 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 100 entities $$2.11 \mathrm{ms} \pm 5.91 \mathrm{μs}\left({\color{gray}0.728 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 10 entities $$1.95 \mathrm{ms} \pm 5.67 \mathrm{μs}\left({\color{gray}-0.333 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 1000 entities $$2.89 \mathrm{ms} \pm 14.8 \mathrm{μs}\left({\color{gray}0.887 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 10000 entities $$13.8 \mathrm{ms} \pm 43.5 \mathrm{μs}\left({\color{red}34.0 \mathrm{\%}}\right) $$ Flame Graph

scaling_read_entity_complete_zero_depth

Function Value Mean Flame graphs
entity_by_id 50 entities $$4.02 \mathrm{ms} \pm 17.2 \mathrm{μs}\left({\color{gray}1.14 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 5 entities $$1.96 \mathrm{ms} \pm 10.2 \mathrm{μs}\left({\color{gray}-0.513 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 1 entities $$1.93 \mathrm{ms} \pm 6.41 \mathrm{μs}\left({\color{gray}-0.659 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 10 entities $$2.18 \mathrm{ms} \pm 15.1 \mathrm{μs}\left({\color{gray}0.876 \mathrm{\%}}\right) $$ Flame Graph
entity_by_id 25 entities $$3.36 \mathrm{ms} \pm 19.5 \mathrm{μs}\left({\color{gray}0.788 \mathrm{\%}}\right) $$ Flame Graph

@hash-worker hash-worker bot added this pull request to the merge queue Dec 10, 2024
Merged via the queue into main with commit 3790335 Dec 10, 2024
166 checks passed
@hash-worker hash-worker bot deleted the deps/js/npm-nanoid-vulnerability branch December 10, 2024 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/apps > hash* Affects HASH (a `hash-*` app) area/apps > hash-api Affects the HASH API (app) area/apps area/deps Relates to third-party dependencies (area) type/eng > backend Owned by the @backend team
Development

Successfully merging this pull request may close these issues.

2 participants