Skip to content

fix(security): update dependency configcat-common to v9.4.0 #1348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 4, 2025
Merged

fix(security): update dependency configcat-common to v9.4.0 #1348

merged 2 commits into from
Jul 4, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jul 4, 2025
edited by beeme1mr
Loading

This PR contains the following updates:

Package Change Age Confidence
configcat-common (source) 9.3.1 -> 9.4.0 age confidence

Release Notes

configcat/common-js (configcat-common)

v9.4.0

Compare Source

Improvements:

  • Include the SDK Key in log message of error 1100 ("Your SDK Key seems to be wrong...") (#​112)
  • Mask SDK Key (keep only the last 6 characters visible) when writing it to the log.
  • If available, use monitonic clock (performance.now) instead of system clock (new Date()) for scheduling poll iterations in Auto Polling mode for improved precision and resistance to system clock adjustments (time sync, user initiated clock adjustments, etc.)
  • Correct the internal cache refresh behavior in offline mode: if the client uses an external cache, a synchronization should happen in every case where a fetch operation would happen in online mode. (For example, in Auto Polling mode, the background polling loop should sync with the external cache even when it doesn't initiate config fetch operations.)
  • Eliminate race condition between concurrent cache synchronizations.
  • Emit configChanged once per config refresh operation, eliminate race conditions around cache write, and improve performance in high concurrency situations by deduplicating config refresh instead of config fetch operation only.
  • Correct the intellisense docs for some config caching/refreshing-related APIs.

Bug fixes:

  • Fix a bug that causes an error when user-provided logger, config cache, etc. implementation contains a circular reference. (#​111, #​112)
  • Fix a minor bug in setting type mismatch check. (Type mismatch should also be reported for allowed flag override values.)
  • Fix a minor bug in formatting errors. (Some JS runtimes doesn't include the error message in the stack trace.)
  • Fix a minor bug in FetchError. (Name property should be set to the class name.)

Breaking changes:

  • Change forceRefreshAsync to report failure and log a warning in offline mode only when the client is not configured to use an external cache. (Very low impact expected.) (#​112)
  • Make the clientReady event consistent with other SDKs in Auto Polling mode. When the client is offline, clientReady is emitted as soon as the initial sync with the external cache completes. (Low impact expected.)
  • Make changes to also emit the configChanged event when the local cache is updated as a result of synchronization with the external cache. (Low impact expected.)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

BEGIN_COMMIT_OVERRIDE
feat!: Update the ConfigCat core library to v9
END_COMMIT_OVERRIDE

@renovate renovate bot added the renovate label Jul 4, 2025
@renovate renovate bot requested review from a team as code owners July 4, 2025 18:59
@renovate renovate bot enabled auto-merge (squash) July 4, 2025 18:59
@renovate
Copy link
Contributor Author

renovate bot commented Jul 4, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: libs/providers/config-cat/package-lock.json
npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @openfeature/config-cat-provider@0.7.5
npm error Found: @openfeature/core@1.2.0
npm error node_modules/@openfeature/core
npm error   peer @openfeature/core@"1.2.0" from @openfeature/server-sdk@1.14.0
npm error   node_modules/@openfeature/server-sdk
npm error     peer @openfeature/server-sdk@"^1.13.5" from the root project
npm error
npm error Could not resolve dependency:
npm error peer @openfeature/config-cat-core@"0.1.1" from the root project
npm error
npm error Conflicting peer dependency: @openfeature/core@1.8.1
npm error node_modules/@openfeature/core
npm error   peer @openfeature/core@"^1.6.0" from @openfeature/config-cat-core@0.1.1
npm error   node_modules/@openfeature/config-cat-core
npm error     peer @openfeature/config-cat-core@"0.1.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-07-04T18_59_18_620Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-07-04T18_59_18_620Z-debug-0.log

@renovate renovate bot added the renovate label Jul 4, 2025
@github-actions github-actions bot requested review from adams85 and lukas-reining July 4, 2025 18:59
@renovate
Copy link
Contributor Author

renovate bot commented Jul 4, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@toddbaert
fixup: engine
0da4925 
Signed-off-by: Todd Baert <todd.baert@dynatrace.com>
@toddbaert toddbaert force-pushed the renovate/vulnerability-updates branch from b257164 to 0da4925 Compare July 4, 2025 19:27
@toddbaert toddbaert disabled auto-merge July 4, 2025 19:44
@toddbaert toddbaert merged commit 601e7de into main Jul 4, 2025
7 checks passed
This was referenced Jul 4, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

@adams85 adams85 Awaiting requested review from adams85

@lukas-reining lukas-reining Awaiting requested review from lukas-reining

Assignees

@adams85 adams85

@lukas-reining lukas-reining

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@toddbaert @adams85 @lukas-reining