Bump pbkdf2 from 3.0.17 to 3.1.3 #233

dependabot · 2025-06-24T05:52:45Z

Bumps pbkdf2 from 3.0.17 to 3.1.3.

Changelog

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3" 7431b57

[Tests] fix tests in node < 3 eb9f97a

[Fix] ensure unknown algorithms throw + known ones match node 26d4fd3

[Tests] add GHA, always run nyc 513906a

[lint] fix a few more rules ab04da8

[lint] switch to eslint 89694cf

[Tests] add coverage d0d534b

[Refactor] use to-buffer e3102a8

[readme] improve badges fca0c9d

[Tests] remove unused travis file a2c7d93

[meta] switch from files to npmignore 7f31fbc

[Tests] use .nycrc 8d628e8

[Refactor] minor tweaks fc61005

[Deps] update create-hmac, safe-buffer, sha.js ae2a7d0

[Fix] pin create-hash, ripemd160 due to breaking changes e079968

[Tests] fix tests in node 3 45fbcf3

[meta] skip publishing benchmarks 19ea57b

[Dev Deps] add missing peer dep 645e252

v3.1.2 - 2021-04-09

Commits

handle nextTick 36457b9

Check for process before accessing 449e510

handle different returns fb82137

v3.1.1 - 2020-06-04

Commits

style nit 6d994f2

remove arrow 70ea270

v3.1.0 - 2020-06-03

Merged

check if process.version is available [#85](https://github.com/crypto-browserify/pbkdf2/issues/85)

Commits

... (truncated)

Commits

3e40827 v3.1.3
e3102a8 [Refactor] use to-buffer
7431b57 Revert "[Tests] fix tests in node < 3"
19ea57b [meta] skip publishing benchmarks
a2c7d93 [Tests] remove unused travis file
645e252 [Dev Deps] add missing peer dep
796c38d [meta] add auto-changelog
d0d534b [Tests] add coverage
7f31fbc [meta] switch from files to npmignore
fca0c9d [readme] improve badges
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [pbkdf2](https://github.com/crypto-browserify/pbkdf2) from 3.0.17 to 3.1.3. - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.3) --- updated-dependencies: - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-06-24T05:53:12Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality
hasown@2.0.2
has-tostringtag@1.0.2
has-property-descriptors@1.0.2
set-function-length@1.2.2
available-typed-arrays@1.0.7
gopd@1.2.0
es-define-property@1.0.1
typed-array-buffer@1.0.3
which-typed-array@1.1.19
is-typed-array@1.1.15
es-errors@1.3.0
define-data-property@1.1.4
possible-typed-array-names@1.1.0
call-bind@1.0.8
dunder-proto@1.0.1
math-intrinsics@1.1.0
get-proto@1.0.1
call-bind-apply-helpers@1.0.2
es-object-atoms@1.1.1
call-bound@1.0.4
to-buffer@1.1.1 ⏵ 1.2.1	^-10		⁺¹³
get-intrinsic@1.3.0
pbkdf2@3.0.17 ⏵ 3.1.3	^-8	⁺⁷⁵	⁺⁷

View full report

socket-security · 2025-06-24T05:53:14Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		Socket optimized override available for `available-typed-arrays@1.0.7`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/available-typed-arrays@1.0.7` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/available-typed-arrays@1.0.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `es-define-property@1.0.1`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/es-define-property@1.0.1` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-define-property@1.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `gopd@1.2.0`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/gopd@1.2.0` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/gopd@1.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `has-property-descriptors@1.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/has-property-descriptors@1.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. < B93F p dir="auto"> Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/has-property-descriptors@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `has-tostringtag@1.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/has-tostringtag@1.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/has-tostringtag@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `hasown@2.0.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/hasown@2.0.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/hasown@2.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `is-typed-array@1.1.15`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/is-typed-array@1.1.15` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/is-typed-array@1.1.15`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `set-function-length@1.2.2`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/set-function-length@1.2.2` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/set-function-length@1.2.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `typed-array-buffer@1.0.3`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/typed-array-buffer@1.0.3` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/typed-array-buffer@1.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Socket optimized override available for `which-typed-array@1.1.19`. cleanup available: Run `npx socket optimize` From: yarn.lock → `npm/which-typed-array@1.1.19` ℹ Read more on: This package \| This alert \| Using Socket CLI to optimize dependencies Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Run `npx socket optimize` in your repository to optimize your dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/which-typed-array@1.1.19`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump pbkdf2 from 3.0.17 to 3.1.3 #233

Bump pbkdf2 from 3.0.17 to 3.1.3 #233

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bump pbkdf2 from 3.0.17 to 3.1.3 #233

Are you sure you want to change the base?

Bump pbkdf2 from 3.0.17 to 3.1.3 #233

Uh oh!

Conversation

v3.1.3 - 2025-06-20

Commits

v3.1.2 - 2021-04-09

Commits

v3.1.1 - 2020-06-04

Commits

v3.1.0 - 2020-06-03

Merged

Commits

Uh oh!

Uh oh!

Uh oh!

Uh oh!