fix(deps): update dependency nanoid to v5.0.9 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
nanoid	5.0.1 -> 5.0.9

GitHub Vulnerability Alerts

CVE-2024-55565

When nanoid is called with a fractional value, there were a number of undesirable effects:

1. in browser and non-secure, the code infinite loops on while (size--)
2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled
3. if the first call in node is a fractional argument, the initial buffer allocation fails with an error

Version 3.3.8 and 5.0.9 are fixed.

---

Release Notes

ai/nanoid (nanoid)

v5.0.9

Compare Source

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

v5.0.8

Compare Source

• Reduced customAlphabet size (by @​kirillgroshkov).

v5.0.7

Compare Source

• Fixed Parcel support (by @​WilhelmYakunin).

v5.0.6

Compare Source

• Fixed React Native support.

v5.0.5

Compare Source

• Make browser’s version faster by increasing size a little (by Samuel Elgozi).

v5.0.4

Compare Source

• Fixed CLI docs (by @​ilyaboka).

v5.0.3

Compare Source

• Fixed CLI docs (by Chris Schmich).

v5.0.2

Compare Source

• Fixed webcrypto import (by Divyansh Singh).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR updates the nanoid dependency from version 5.0.1 to 5.0.9 to address a security vulnerability (CVE-2024-55565) related to the mishandling of non-integer values. The update also includes several other minor improvements and fixes from intermediate versions.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update nanoid package to fix security vulnerability	Upgrade nanoid from 5.0.1 to 5.0.9 to fix CVE-2024-55565 Fix potential vulnerability in handling non-integer size values	pnpm-lock.yaml
Update related dependencies and their transitive dependencies	Update postcss from 8.4.35 to 8.4.49 Update zod from 3.22.4 to 3.23.8 Update various @csstools packages to their latest versions	pnpm-lock.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

COMPARE TO master

Total Size Diff 📈 +3.27 KB

Diff by File

Name	Diff
pnpm-lock.yaml	📈 +3.27 KB