Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Upgrade bcryptjs from 2.4.3 to 3.0.1 #9632

Open
wants to merge 1 commit into
base: alpha
Choose a base branch
from
Open

refactor: Upgrade bcryptjs from 2.4.3 to 3.0.1 #9632

wants to merge 1 commit into from

Conversation

parseplatformorg
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to upgrade bcryptjs from 2.4.3 to 3.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released 22 days ago.

Release notes
Package name: bcryptjs
  • 3.0.1 - 2025-02-17

    Bug fixes

    • Separate ESM and UMD type definitions (e7055ca)
  • 3.0.0 - 2025-02-13

    Breaking changes

    • Modernize project structure (2f45985)
      The project now exports an ECMAScript module by default, albeit with an UMD fallback, ships with types, the dist/ directory no longer exists in version control, and Closure Compiler externs have been removed.
    • Generate 2b hashes by default (d36bfb4)
      This library was not affected by the bug that led to incrementing the bcrypt version from 2a to 2b, but nowadays most implementations use 2b, including the native bcrypt binding, so this change aligns with them. Existing hashes will continue to work, but test logic that generates hashes and compares them literally might need to be updated to account for the new default.

    Features

    • Add helper to check for password input length (d5656b3)

    Other

    • Update publish workflow (2a9bea9)
    • Add note on using the ESM variant in the browser (e09eb9a)
    • Update types (58333a1)
    • Merge lint and test workflows (2e3b176)
    • Fix tests (ec02e8a)
    • Update legacy fallback to handle crypto dependency (9db275f)
    • Update lint workflow title (ac70ac5)
    • Adapt crypto module usage for ESM environments (574d690)
    • Format with prettier (e746547)
    • Rename default branch to 'main' (548559d)
    • Update description to mention TypeScript support (4977df0)
    • Add stale action for issues and PRs (a84d4e4)
    • Fix typo (c8c9c01)
    • Fix Node.js version in CI (1b54cc4)

    Backlog from v2

    • Added externs to .npmignore (#124) (7e2e93a)
      The npm package does not need externs as it is needed only for closure compiler. Added it in .npmignore since bcryptjs overrides global module and process in WebStorm IDE.
    • Make sure the bin script uses LF (684fac6)
    • Post-merge; Clean up a bit (b09f7f2)
    • Improve safeStringCompare using xor (#77) (648482a)
    • Added bin entry (49a1d1a)
  • 2.4.3 - 2017-02-07

    Last v2 before restructuring the project to export an ECMAScript module by default.

from bcryptjs GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade bcryptjs from 2.4.3 to 3.0.1
868275f 
Snyk has created this PR to upgrade bcryptjs from 2.4.3 to 3.0.1.

See this package in npm:
bcryptjs

See this project in Snyk:
https://app.snyk.io/org/acinader/project/21343059-02d9-4182-87d7-718a44b181ef?utm_source=github&utm_medium=referral&page=upgrade-pr
@parse-github-assistant Parse GitHub Assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title [Snyk] Upgrade bcryptjs from 2.4.3 to 3.0.1 refactor: Upgrade bcryptjs from 2.4.3 to 3.0.1 Mar 11, 2025
@parse-github-assistant Parse GitHub Assistant
Copy link

🚀 Thanks for opening this pull request!

@codecov Codecov
Copy link

codecov bot commented Mar 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.55%. Comparing base (4f55c3e) to head (868275f).

Additional details and impacted files 
@@            Coverage Diff             @@
##            alpha    #9632      +/-   ##
==========================================
- Coverage   93.56%   93.55%   -0.02%     
==========================================
  Files         186      186              
  Lines       14840    14840              
==========================================
- Hits        13885    13883       -2     
- Misses        955      957       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@parseplatformorg @snyk-bot