fix(deps): update dependency ua-parser-js to v1.0.33 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ua-parser-js	1.0.2 -> 1.0.33

GitHub Vulnerability Alerts

CVE-2022-25927

Description:

A regular expression denial of service (ReDoS) vulnerability has been discovered in ua-parser-js.

Impact:

This vulnerability bypass the library's MAX_LENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.

Affected Versions:

All versions of the library prior to version 0.7.33 / 1.0.33.

Patches:

A patch has been released to remove the vulnerable regular expression, update to version 0.7.33 / 1.0.33 or later.

References:

Regular expression Denial of Service - ReDoS

Credits:

Thanks to @​Snyk who first reported the issue.

---

Release Notes

faisalman/ua-parser-js (ua-parser-js)

v1.0.33

Compare Source

• Add new browser : Cobalt
• Identify Macintosh as an Apple device
• Fix ReDoS vulnerability

v1.0.32

Compare Source

• Add new browser : DuckDuckGo, Huawei Browser, LinkedIn
• Add new OS : HarmonyOS
• Add some Huawei models
• Add Sharp Aquos TV
• Improve detection Xiaomi Mi CC9
• Fix Sony Xperia 1 III misidentified as Acer tablet
• Fix Detect Sony BRAVIA as SmartTV
• Fix Detect Xiaomi Mi TV as SmartTV
• Fix Detect Galaxy Tab S8 as tablet
• Fix WeGame mistakenly identified as WeChat
• Fix included commas in Safari / Mobile Safari version
• Increase UA_MAX_LENGTH to 350

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.