Update dependency js-toml to v1.1.1 #24

Merged

MarkerBot merged 1 commit from renovate/js-toml-1.x-lockfile into main

2026-05-25 11:01:17 -07:00

MarkerBot commented

2026-05-25 11:00:53 -07:00

Member

This PR contains the following updates:

Package	Change	Age	Confidence
js-toml	`1.1.0` → `1.1.1`

Release Notes

sunnyadn/js-toml (js-toml)

`v1.1.1`

Compare Source

Security

Fix CPU exhaustion via O(n²) BigInt construction on radix-prefixed integer literals (GHSA-wp3c-266w-4qfq, CWE-400, CWE-407). The 0x / 0o / 0b integer parser previously used a hand-written BigInt accumulator loop that ran in O(n²) in the literal length, allowing a single ~500 kB literal to block the event loop for tens of seconds. Switched to the native BigInt(prefixedString) constructor (O(n)) and capped radix-prefixed literals at 1000 digits. Reported by @tonghuaroot.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [js-toml](https://github.com/sunnyadn/js-toml) | [`1.1.0` → `1.1.1`](https://renovatebot.com/diffs/npm/js-toml/1.1.0/1.1.1) | ![age](https://developer.mend.io/api/mc/badges/age/npm/js-toml/1.1.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/js-toml/1.1.0/1.1.1?slim=true) | --- ### Release Notes <details> <summary>sunnyadn/js-toml (js-toml)</summary> ### [`v1.1.1`](https://github.com/sunnyadn/js-toml/blob/HEAD/CHANGELOG.md#111---2026-05-25) [Compare Source](https://github.com/sunnyadn/js-toml/compare/v1.1.0...v1.1.1) ##### Security - Fix CPU exhaustion via O(n²) BigInt construction on radix-prefixed integer literals ([GHSA-wp3c-266w-4qfq](https://github.com/sunnyadn/js-toml/security/advisories/GHSA-wp3c-266w-4qfq), CWE-400, CWE-407). The `0x` / `0o` / `0b` integer parser previously used a hand-written `BigInt` accumulator loop that ran in O(n²) in the literal length, allowing a single \~500 kB literal to block the event loop for tens of seconds. Switched to the native `BigInt(prefixedString)` constructor (O(n)) and capped radix-prefixed literals at 1000 digits. Reported by [@tonghuaroot](https://github.com/tonghuaroot). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

MarkerBot added 1 commit

2026-05-25 11:00:53 -07:00

Update dependency js-toml to v1.1.1

ci/woodpecker/push/build Pipeline was successful

Details

ci/woodpecker/pr/build Pipeline was successful

Details

ci/woodpecker/pull_request_closed/build Pipeline was successful

Details

88cd808330

MarkerBot scheduled this pull request to auto merge when all checks succeed

2026-05-25 11:00:54 -07:00