CVE-2021-23566 in nanoid before 3.1.31

package.json

@@ -116,7 +116,7 @@
     "moment": "^2.10.3",
     "moment-duration-format-commonjs": "^1.0.0",
     "mustache": "^2.1.2",
-    "nanoid": "^1.0.1",
+    "nanoid": "^3.1.31",
     "os-family": "^1.0.0",
     "parse5": "^1.5.0",
     "pify": "^2.3.0",
@@ -163,7 +163,6 @@
     "@types/json5": "0.0.30",
     "@types/mime-db": "^1.27.0",
     "@types/mustache": "^0.8.32",
-    "@types/nanoid": "^2.1.0",
     "@types/semver": "^7.3.4",
     "@types/source-map-support": "^0.5.0",
     "@types/useragent": "^2.1.1",

src/browser/connection/index.ts

@@ -6,7 +6,7 @@ import { pull as remove } from 'lodash';
 import parseUserAgent, { ParsedUserAgent } from '../../utils/parse-user-agent';
 import { readSync as read } from 'read-file-relative';
 import promisifyEvent from 'promisify-event';
-import nanoid from 'nanoid';
+import { nanoid } from 'nanoid';
 import COMMAND from './command';
 import BrowserConnectionStatus from './status';
 import HeartbeatStatus from './heartbeat-status';

src/compiler/test-file/api-based.js

@@ -6,7 +6,7 @@ import {
 
 import { readFileSync } from 'fs';
 import stripBom from 'strip-bom';
-import nanoid from 'nanoid';
+import { nanoid } from 'nanoid';
 import TestFileCompilerBase from './base';
 import TestFile from '../../api/structure/test-file';
 import Fixture from '../../api/structure/fixture';

src/role/role.ts

@@ -2,7 +2,7 @@ import { EventEmitter } from 'events';
 import RolePhase from './phase';
 import { StateSnapshot } from 'testcafe-hammerhead';
 import roleMarker from './marker-symbol';
-import nanoid from 'nanoid';
+import { nanoid } from 'nanoid';
 import TestRun from '../test-run';
 import TestCafeErrorList from '../errors/error-list';
 

src/screenshots/utils.js

@@ -6,7 +6,7 @@ import {
     constant,
 } from 'lodash';
 
-import generateId from 'nanoid/generate';
+import { customAlphabet } from 'nanoid';
 import {
     MARK_LENGTH,
     MARK_HEIGHT,
@@ -17,7 +17,7 @@ const ALPHABET = '01';
 
 export function generateScreenshotMark () {
     // NOTE: 32-bit id
-    const id = generateId(ALPHABET, MARK_LENGTH);
+    const id = customAlphabet(ALPHABET, MARK_LENGTH);
 
     // NOTE: array of RGB values
     const markSeed = flatten(map(id, bit => bit === '0' ? [0, 0, 0, 255] : [255, 255, 255, 255]));

src/test-run/commands/base.js

@@ -1,4 +1,4 @@
-import nanoid from 'nanoid';
+import { nanoid } from 'nanoid';
 import Assignable from '../../utils/assignable';
 
 export class CommandBase extends Assignable {

src/test-run/index.ts

@@ -4,7 +4,7 @@ import {
     chain,
 } from 'lodash';
 
-import nanoid from 'nanoid';
+import { nanoid } from 'nanoid';
 import { readSync as read } from 'read-file-relative';
 import promisifyEvent from 'promisify-event';
 import Mustache from 'mustache';

test/server/browser-provider-test.js

@@ -1,6 +1,6 @@
 const expect                          = require('chai').expect;
 const { noop, stubFalse, pick, omit } = require('lodash');
-const nanoid                          = require('nanoid');
+const { nanoid }                      = require('nanoid');
 const { rmdirSync, statSync }         = require('fs');
 const { join, dirname }               = require('path');
 const proxyquire                      = require('proxyquire');

test/server/capturer-test.js

@@ -1,5 +1,5 @@
 const { noop }                   = require('lodash');
-const nanoid                     = require('nanoid');
+const { nanoid }                 = require('nanoid');
 const { expect }                 = require('chai');
 const { resolve, dirname, join } = require('path');
 const { statSync }               = require('fs');

test/server/cli-argument-parser-test.js

@@ -4,7 +4,7 @@ const fs                = require('fs');
 const tmp               = require('tmp');
 const { find }          = require('lodash');
 const CliArgumentParser = require('../../lib/cli/argument-parser');
-const nanoid            = require('nanoid');
+const { nanoid }        = require('nanoid');
 const runOptionNames    = require('../../lib/configuration/run-option-names');
 
 describe('CLI argument parser', function () {

test/server/compiler-test.js

@@ -7,7 +7,7 @@ const { expect }          = require('chai');
 const proxyquire          = require('proxyquire');
 const sinon               = require('sinon');
 const globby              = require('globby');
-const nanoid              = require('nanoid');
+const { nanoid }          = require('nanoid');
 const dedent              = require('dedent');
 const { TEST_RUN_ERRORS } = require('../../lib/errors/types');
 const exportableLib       = require('../../lib/api/exportable-lib');

test/server/configuration-test.js

@@ -4,7 +4,7 @@ const { cloneDeep, noop } = require('lodash');
 const { expect }    = require('chai');
 const fs            = require('fs');
 const tmp           = require('tmp');
-const nanoid        = require('nanoid');
+const { nanoid }    = require('nanoid');
 const del           = require('del');
 const pathUtil      = require('path');
 

test/server/crop-test.js

@@ -1,4 +1,4 @@
-const nanoid      = require('nanoid');
+const { nanoid }  = require('nanoid');
 const expect      = require('chai').expect;
 const { resolve } = require('path');
 

test/server/request-hooks-test.js

@@ -2,7 +2,7 @@ const { RequestFilterRule }                       = require('testcafe-hammerhead
 const testRunTracker                              = require('../../lib/api/test-run-tracker');
 const exportableLib                               = require('../../lib/api/exportable-lib');
 const { RequestMock, RequestLogger, RequestHook } = exportableLib;
-const nanoid                                      = require('nanoid');
+const { nanoid }                                  = require('nanoid');
 const { expect }                                  = require('chai');
 
 describe('RequestLogger', () => {