[Security] Bump dns-packet from 5.3.1 to 5.4.0 in /frontend
Bumps dns-packet from 5.3.1 to 5.4.0. This update includes a security fix.
Vulnerabilities fixed
Potential memory exposure in dns-packet This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Patched versions: 5.4.0 Affected versions: >= 2.0.0, < 5.4.0
Changelog
Sourced from dns-packet's changelog.
Version 5.4.0 - 2022-06-14
- Feature: Added support for the SSHFP record type.
Version 5.2.0 - 2019-02-21
- Feature: Added support for de/encoding certain OPT options.
Version 5.1.0 - 2019-01-22
- Feature: Added support for the RP record type.
Version 5.0.0 - 2018-06-01
- Breaking: Node.js 6.0.0 or greater is now required.
- Feature: Added support for DNSSEC record types.
Version 4.1.0 - 2018-02-11
- Feature: Added support for the MX record type.
Version 4.0.0 - 2018-02-04
- Feature: Added
streamEncodeandstreamDecodemethods for encoding TCP packets.- Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
- Breaking: Renamed the
flag_truncandflag_authtoflag_tcandflag_aato match the names of these in the dns standards.Version 3.0.0 - 2018-01-12
- Breaking: The
classoption has been changed from integer to string.Version 2.0.0 - 2018-01-11
- Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater
Commits
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebasewill rebase this MR -
$dependabot recreatewill recreate this MR rewriting all the manual changes and resolving conflicts