alexrogalskiy / java-patterns Goto Github PK
View Code? Open in Web Editor NEW๐ Java4You Design patterns
Home Page: https://alexander-rogalsky.gitbook.io/java-patterns/
License: GNU General Public License v3.0
๐ Java4You Design patterns
Home Page: https://alexander-rogalsky.gitbook.io/java-patterns/
License: GNU General Public License v3.0
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/get-pkg-repo/node_modules/trim-newlines/package.json,java-patterns/node_modules/alex/node_modules/trim-newlines/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution: trim-newlines - 3.0.1, 4.0.1
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-10-21
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Lines 62 to 67 in e8e3d31
TODO
comment in e8e3d31. It's been assigned to @undefined because they committed the code.A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-10-21
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-10-21
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Dependabot encountered the following error when parsing your .dependabot/config.yml
:
The property '#/' contains additional properties ["updates"] outside of the schema when none are allowed
The property '#/version' value 2 did not match one of the following values: 1
The property '#/update_configs' of type null did not match the following type: array
Please update the config file to conform with Dependabot's specification using our docs and online validator.
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: c7e18da0aa615be0999facab96109b66dd25deaf
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-10-21
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/get-pkg-repo/node_modules/trim-newlines/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution: trim-newlines - 3.0.1, 4.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These problems occurred while renovating this repository. View logs.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
underscore
, @types/underscore
)@commitlint/cli
, @commitlint/config-conventional
)jest-expect-message
, @types/jest-expect-message
)node
, @types/node
)node
, @types/node
)@commitlint/cli
, @commitlint/config-conventional
)@jest/test-sequencer
, @types/jest
, jest
, jest-circus
, ts-jest
)remark-cli
, remark-lint-code-block-style
, remark-lint-ordered-list-marker-value
, remark-validate-links
)These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.
Warning
Renovate failed to look up the following dependencies: Failed to look up github-tags package iterative/link-check.action
, Failed to look up pypi package java-patterns
.
Files affected: .github/workflows/link-check-all.yml
, .github/workflows/link-check-deploy.yml
, setup.py
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
docker-compose.yml
.devcontainer/Dockerfile
mcr.microsoft.com/vscode/devcontainers/javascript-node 0-16-bullseye
.github/actions/release-notes/Dockerfile
.gitpod.Dockerfile
.space/webstorm/Dockerfile
node 14-bullseye
distribution/docker-images/ci.Dockerfile
node 12-buster
distribution/docker-images/dev.Dockerfile
node 12-buster
distribution/docker-images/release.Dockerfile
node 12-buster
tilt_modules/restart_process/Dockerfile
.github/workflows/action-devto.yml
actions/checkout v2
ful1e5/TheActionDev v2
.github/workflows/add-labels.yml
.github/workflows/auto-approve.yml
hmarr/auto-approve-action v2.1.0
.github/workflows/auto-assign-issues.yml
pozil/auto-assign-issue v1.4.0
.github/workflows/auto-tag.yml
actions/checkout v2
.github/workflows/automerge-dependabot.yml
fountainhead/action-wait-for-check v1.0.0
fountainhead/action-wait-for-check v1.0.0
actions/github-script v6
.github/workflows/automerge.yml
pascalgn/automerge-action v0.15.2
.github/workflows/backport.yml
tibdex/backport v1
ubuntu 18.04
.github/workflows/blogpost-workflow.yml
actions/checkout v2
.github/workflows/broken-links.yml
actions/checkout v2
actions/setup-node v2.1.4
.github/workflows/build.yml
actions/checkout v2
actions/checkout v2
actions/setup-node v1
pnpm/action-setup v1.2.1
.github/workflows/changelog.yml
actions/cache v2.1.4
.github/workflows/chart-release.yaml
actions/checkout v2
azure/setup-helm v1
helm/chart-releaser-action v1.1.0
.github/workflows/check-changelog.yml
actions/github-script 0.9.0
.github/workflows/check-urls.yml
actions/checkout v2
trilom/file-changes-action v1.2.4
actions/upload-artifact v2
.github/workflows/checklist.yml
actions/checkout v1
.github/workflows/cla.yml
cla-assistant/github-action v2.1.3-beta
.github/workflows/claim.yml
actions/github-script v3.1
.github/workflows/clean.yml
actions/github-script v6
.github/workflows/cleanup.yml
kolpav/purge-artifacts-action v1
.github/workflows/close-pending.yml
.github/workflows/closed-issue-message.yml
aws-actions/closed-issue-message v1
.github/workflows/closing.yml
peter-evans/create-or-update-comment v1
peter-evans/create-or-update-comment v1
ubuntu 18.04
.github/workflows/codeball.yml
.github/workflows/codeql-analysis.yml
actions/checkout v2
github/codeql-action v1
github/codeql-action v1
.github/workflows/codesee-arch-diagram.yml
actions/checkout v2
actions/setup-java v3
actions/setup-node v3
actions/setup-python v2
actions-rs/toolchain v1
.github/workflows/codespell.yaml
actions/checkout v2
.github/workflows/color-check.yml
actions/checkout v2
.github/workflows/comment_on_issue.yml
actions/github-script v3.1
.github/workflows/comments.yml
.github/workflows/commitlint.yml
actions/checkout v2
wagoid/commitlint-github-action v2.2.5
.github/workflows/compress.yml
actions/checkout v2
peter-evans/create-pull-request v3
.github/workflows/cve-scan.yml
actions/checkout v2
.github/workflows/dead-link-checker.yaml
actions/checkout v2
.github/workflows/delete-workflow-runs.yml
Mattraks/delete-workflow-runs v2
.github/workflows/docker.yaml
actions/checkout v2
anchore/scan-action 1.0.6
actions/upload-artifact v2
.github/workflows/download-link-check-deploy.yml
actions/checkout v2
lycheeverse/lychee-action v1.0.8
.github/workflows/enforce-changelog.yml
actions/checkout v2
dangoslen/changelog-enforcer v2
.github/workflows/enforce-labels.yml
yogevbd/enforce-label-action 2.2.1
.github/workflows/fossa.yml
actions/checkout v2
actions/setup-go v2
.github/workflows/generate-chart-readme.yml
actions/checkout v2
actions/cache v2
actions/checkout v2
trilom/file-changes-action v1.2.4
.github/workflows/gh-pages.yml
JamesIves/github-pages-deploy-action 4.1.4
.github/workflows/github.yml
actions/checkout v2
micnncim/action-label-syncer v1
.github/workflows/gitleaks.yml
actions/checkout v3
gitleaks/gitleaks-action v2
.github/workflows/greetings.yml
.github/workflows/hash-gen.yml
MCJack123/ghaction-generate-release-hashes v1
svenstaro/upload-release-action v2
.github/workflows/helm.yml
actions/checkout v2
docker/setup-qemu-action v1
docker/setup-buildx-action v1
docker/login-action v1
docker/build-push-action v2
stefanprodan/helm-gh-pages v1.3.0
.github/workflows/insert-contributors.yml
bubkoo/contributors-list v1
actions/checkout v2
JamesIves/github-sponsors-readme-action 1.0.5
akhilmhdh/contributors-readme-action v2.3.4
.github/workflows/issue-manager.yml
tiangolo/issue-manager 0.3.0
.github/workflows/issue-triage.yml
actions/github-script v3
.github/workflows/k8s.yml
actions/checkout v2
azure/setup-helm v1
.github/workflows/label.yml
.github/workflows/labels.yml
lannonbr/issue-label-manager-action 2.0.0
.github/workflows/labels2.yml
actions/checkout v2
crazy-max/ghaction-github-labeler v3
.github/workflows/license-eyes.yml
actions/checkout v2
apache/skywalking-eyes v0.2.0
.github/workflows/link-check-all.yml
actions/checkout v2
iterative/link-check.action v0.7
.github/workflows/link-check-deploy.yml
actions/checkout v2
LouisBrunner/checks-action v1.0.0
iterative/link-check.action v0.7
LouisBrunner/checks-action v1.0.0
LouisBrunner/checks-action v1.0.0
.github/workflows/lint-md.yml
actions/checkout v3
.github/workflows/lint-pr.yml
.github/workflows/lint-test.yaml
actions/checkout v2
azure/setup-helm v1
actions/setup-python v2
helm/chart-testing-action v2.0.1
helm/kind-action v1.1.0
actions/checkout v2
helm/chart-testing-action v2.1.0
helm/kind-action v1.2.0
actions/checkout v2
.github/workflows/lint.yml
actions/checkout v2
actions/setup-python v1
ubuntu 20.04
.github/workflows/linter.yml
actions/checkout v3
github/super-linter v4
.github/workflows/lock.yml
dessant/lock-threads v2.0.3
.github/workflows/lychee-cron.yaml
actions/checkout v2
actions/setup-node v1
lycheeverse/lychee-action v1.0.8
.github/workflows/lychee-pr.yaml
actions/checkout v2
actions/setup-node v1
lycheeverse/lychee-action v1.0.8
.github/workflows/merge_master_to_dev.yml
actions/checkout v2
devmasx/merge-branch v1.3.1
.github/workflows/mkdocs.yml
actions/checkout v2
actions/setup-python v2
actions/cache v2
peaceiris/actions-gh-pages v3
ubuntu 18.04
.github/workflows/no-response.yml
lee-dohm/no-response v0.5.0
ubuntu 20.04
.github/workflows/opengraph-card.yml
actions/checkout v2
stefanzweifel/git-auto-commit-action v4
.github/workflows/pagespeed.yml
actions/checkout v2
stefanzweifel/git-auto-commit-action v4
.github/workflows/performance-comparison-label.yml
actions-ecosystem/action-remove-labels v1
actions/checkout v3
peter-evans/create-or-update-comment c9fcb64660bc90ec1cc535646af190c992007c32
.github/workflows/pr-helper.yml
Matticusau/pr-helper v1.3.0
.github/workflows/pr.yml
actions/checkout v1
actions/checkout v1
.github/workflows/project-card-moved.yml
technote-space/auto-card-labeler v1
.github/workflows/rebase.yml
actions/checkout v2
cirrus-actions/rebase 1.4
.github/workflows/rebase_dispatch.yml
peter-evans/rebase 08cedbbd4eabcd913bf091844614eceddaea4a5d
peter-evans/create-or-update-comment c9fcb64660bc90ec1cc535646af190c992007c32
peter-evans/create-or-update-comment c9fcb64660bc90ec1cc535646af190c992007c32
.github/workflows/release-changelog.yml
.github/workflows/release.yml
actions/checkout v2
haya14busa/action-bumpr v1
haya14busa/action-update-semver v1
haya14busa/action-cond v1
actions/create-release v1
actions/checkout v2
haya14busa/action-bumpr v1
.github/workflows/remove-labels.yml
mondeja/remove-labels-gh-action v1
mondeja/remove-labels-gh-action v1
mondeja/remove-labels-gh-action v1
.github/workflows/remove-old-artifacts.yml
c-hive/gha-remove-artifacts v1
.github/workflows/remove-stale.yml
.github/workflows/renovate.yml
bodinsamuel/renovate-automatic-branch v1
.github/workflows/repo-traffic.yml
actions/checkout v2
sangonzal/repository-traffic-action v0.1.4
EndBug/add-and-commit v4
.github/workflows/reviewdog.yml
actions/checkout v2
prologic/action-remark-lint v2
.github/workflows/semgrep.yml
actions/checkout v2
returntocorp/semgrep-action v1
.github/workflows/shiftleft-analysis.yml
actions/checkout v1
github/codeql-action v1
.github/workflows/size-limit.yml
actions/checkout v2
andresz1/size-limit-action v1
.github/workflows/spellcheck.yml
.github/workflows/spelling.yml
actions/checkout v2
check-spelling/check-spelling v0.0.19
.github/workflows/stale.yml
actions/stale v3
.github/workflows/stale_issue.yml
aws-actions/stale-issue-cleanup v3
.github/workflows/support-window.yml
actions/checkout v3
actions/setup-node v3
.github/workflows/sync.yml
actions/checkout v2
actions/setup-node v2.1.4
tretuna/sync-branches 1.2.0
.github/workflows/toc.yml
actions/checkout v2
stefanzweifel/git-auto-commit-action v4
.github/workflows/unlock-reopened-issues.yml
Dunning-Kruger/unlock-issues v1.1
.github/workflows/update-checksum.yml
actions/setup-python v2
actions/checkout v2
.github/workflows/validate-codeowners.yml
actions/checkout v3
mszostok/codeowners-validator v0.5.0
mszostok/codeowners-validator v0.5.0
.github/workflows/version-update.yml
actions/checkout v2
stefanzweifel/git-auto-commit-action v4
.github/workflows/versioning.yml
actions/checkout v3.0.1
Actions-R-Us/actions-tagger v2.0.2
.github/workflows/welcome_contributor.yml
actions/github-script v3.1
.github/workflows/yaml-lint.yml
actions/checkout v2.3.4
ibiqlik/action-yamllint v3.0.2
charts/values.yaml
helmfile.yaml
datas.html
c3 0.4.10
d3 3.5.15
c3 0.4.10
docs/overrides/addons/base.html
highlight.js 10.5.0
highlight.js 10.5.0
highlight.js 10.5.0
package.json
@bitjson/npm-scripts-info ^1.0.0
@cadolabs/crowdin-cli ^3.0.19
@changesets/changelog-github ^0.4.8
@changesets/cli ^2.26.0
@changesets/write ^0.2.3
@commitlint/cli ^16.2.3
@commitlint/config-conventional ^16.2.1
@types/node ^17.0.21
adr-tools ^2.0.4
alex ^9.1.0
all-contributors-cli ^6.20.0
browser-sync ^2.27.7
changelog-machine ^1.0.2
chart-csv ^1.0.3
check-for-leaks ^1.2.1
chromatic ^6.14.0
colors ^1.4.0
conventional-changelog-cli ^2.1.1
cost-of-modules 1.0.1
csvnorm ^1.1.0
danger-plugin-spellcheck ^2.1.0
deploy-to-gh-pages ^1.3.7
dockerfile_lint ^0.3.4
execa ^5.1.1
git-cz ^4.7.6
gitbook-cli ^2.3.2
github-contributors-list ^1.2.5
husky ^7.0.1
import-conductor ^2.4.0
is-ci ^3.0.1
jscs ^3.0.7
jshint ^2.13.4
jsonlint ^1.6.3
lerna ^4.0.0
lerna-changelog ^2.2.0
lerna-update-wizard ^1.1.2
license-checker ^25.0.1
linkinator ^3.0.3
lint-staged ^11.0.1
lintspaces-cli ^0.7.1
markdown-link-check ^3.8.7
markdownlint-cli ^0.27.1
node-fetch ^3.2.3
nodemon ^2.0.15
npm-check-updates ^16.6.0
npm-package-arg ^9.0.1
opencollective-postinstall ^2.0.3
patch-package ^6.4.7
prettier ^2.3.2
pretty-quick ^3.1.1
release-it ^14.10.0
remark-cli ^9.0.0
remark-lint-code-block-style ^2.0.1
remark-lint-ordered-list-marker-value ^2.0.1
remark-preset-davidtheclark ^0.12.0
remark-validate-links ^10.0.4
repo-link-check ^0.7.1
roadmarks ^1.6.3
shelljs ^0.8.5
snyk ^1.946.0
solidarity ^3.0.4
sort-package-json ^1.54.0
stylelint ^14.8.5
stylelint-config-standard ^22.0.0
stylelint-order ^4.1.0
stylelint-scss ^3.20.1
svgo ^2.8.0
syncpack ^6.2.0
tempy ^2.0.0
textlint ^12.0.2
textlint-rule-alex ^3.0.0
textlint-rule-common-misspellings ^1.0.1
textlint-rule-en-capitalization ^2.0.2
textlint-rule-stop-words ^2.0.9
textlint-rule-terminology ^2.1.5
textlint-rule-write-good ^2.0.0
ts-node ^10.7.0
typescript ^4.6.2
validate-commit-msg ^2.14.0
webtreemap-cli ^2.3.2
yalc ^1.0.0-pre.53
yaml-lint ^1.2.4
node >= 12.x
npm >= 5.0.0
packages/changelog/package.json
@compodoc/compodoc ^1.1.19
@jest/test-sequencer ^27.5.1
@size-limit/preset-small-lib ^8.1.0
@testing-library/jest-dom ^5.16.4
@microsoft/api-extractor ^7.21.0
@types/jest ^27.4.1
@types/jest-expect-message ^1.0.4
@types/node ^17.0.21
auto-changelog ^2.4.0
await-sleep ^0.0.1
bundlesize ^0.18.1
codeclimate-test-reporter ^0.5.1
coveralls ^3.1.1
cross-env 7.0.3
del-cli ^4.0.1
env-cmd ^10.1.0
identity-obj-proxy ^3.0.0
jest ^27.5.1
jest-circus ^27.5.1
jest-environment-node-debug ^2.0.0
jest-expect-message ^1.0.2
jest-extended ^2.0.0
jest-extended-snapshot ^1.1.5
jest-fetch-mock ^3.0.3
jest-html ^1.5.0
jest-junit ^13.0.0
jest-image-snapshot ^5.1.0
jest-puppeteer ^6.1.1
jest-sonar-reporter ^2.0.0
jest-supertest-matchers ^0.0.2
jest-watch-select-projects ^2.0.0
jest-watch-typeahead ^1.0.0
license-check-and-add ^4.0.3
lockfile-lint ^4.7.4
loglevel ^1.8.0
mockdate ^3.0.5
nodejs-dashboard ^0.5.1
nodelinter ^0.1.19
puppeteer ^15.3.1
size-limit ^8.1.0
solidarity ^3.0.4
source-map-explorer ^2.5.2
ts-jest ^27.1.4
ts-node ^10.7.0
tsdx ^0.14.1
typescript ^4.6.2
typescript-coverage-report ^0.6.4
node >= 12.x
npm >= 5.0.0
packages/contributors-view/package.json
@compodoc/compodoc ^1.1.19
@jest/test-sequencer ^27.5.1
@testing-library/jest-dom ^5.16.4
@microsoft/api-extractor ^7.21.0
@types/jest ^27.4.1
@types/jest-expect-message ^1.0.4
@types/node ^17.0.21
@types/puppeteer ^5.4.5
auto-changelog ^2.4.0
await-sleep ^0.0.1
bundlesize ^0.18.1
codeclimate-test-reporter ^0.5.1
coveralls ^3.1.1
cross-env 7.0.3
del-cli ^4.0.1
env-cmd ^10.1.0
identity-obj-proxy ^3.0.0
jest ^27.5.1
jest-circus ^27.5.1
jest-environment-node-debug ^2.0.0
jest-expect-message ^1.0.2
jest-extended ^2.0.0
jest-extended-snapshot ^1.1.5
jest-fetch-mock ^3.0.3
jest-html ^1.5.0
jest-junit ^13.0.0
jest-sonar-reporter ^2.0.0
jest-supertest-matchers ^0.0.2
jest-watch-select-projects ^2.0.0
jest-watch-typeahead ^1.0.0
license-check-and-add ^4.0.3
lockfile-lint ^4.7.4
loglevel ^1.8.0
mockdate ^3.0.5
nodejs-dashboard ^0.5.1
nodelinter ^0.1.19
puppeteer ^13.5.1
solidarity ^3.0.4
source-map-explorer ^2.5.2
ts-jest ^27.1.4
ts-node ^10.7.0
tsdx ^0.14.1
typescript ^4.6.2
typescript-coverage-report ^0.6.4
node >= 12.x
npm >= 5.0.0
packages/github-client/package.json
@compodoc/compodoc ^1.1.19
@jest/test-sequencer ^27.5.1
@testing-library/jest-dom ^5.16.4
@microsoft/api-extractor ^7.21.0
@octokit/rest ^18.12.0
@types/jest ^27.4.1
@types/jest-expect-message ^1.0.4
@types/node ^17.0.21
@types/node-fetch ^2.6.1
@types/puppeteer ^5.4.5
@types/underscore ^1.11.4
auto-changelog ^2.4.0
await-sleep ^0.0.1
bundlesize ^0.18.1
codeclimate-test-reporter ^0.5.1
coveralls ^3.1.1
cross-env 7.0.3
del-cli ^4.0.1
env-cmd ^10.1.0
identity-obj-proxy ^3.0.0
jest ^27.5.1
jest-circus ^27.5.1
jest-environment-node-debug ^2.0.0
jest-expect-message ^1.0.2
jest-extended ^2.0.0
jest-extended-snapshot ^1.1.5
jest-fetch-mock ^3.0.3
jest-html ^1.5.0
jest-junit ^13.0.0
jest-sonar-reporter ^2.0.0
jest-supertest-matchers ^0.0.2
jest-watch-select-projects ^2.0.0
jest-watch-typeahead ^1.0.0
license-check-and-add ^4.0.3
lockfile-lint ^4.7.4
loglevel ^1.8.0
mockdate ^3.0.5
node-fetch ^3.2.3
nodelinter ^0.1.19
solidarity ^3.0.4
source-map-explorer ^2.5.2
ts-jest ^27.1.4
ts-node ^10.7.0
tsdx ^0.14.1
typescript ^4.6.2
typescript-coverage-report ^0.6.4
underscore ^1.13.2
node >= 12.x
npm >= 5.0.0
packages/graph-view/package.json
@compodoc/compodoc ^1.1.19
@jest/test-sequencer ^27.5.1
@testing-library/jest-dom ^5.16.4
@microsoft/api-extractor ^7.21.0
@types/jest ^27.4.1
@types/jest-expect-message ^1.0.4
@types/node ^17.0.21
auto-changelog ^2.4.0
await-sleep ^0.0.1
bundlesize ^0.18.1
codeclimate-test-reporter ^0.5.1
coveralls ^3.1.1
cross-env 7.0.3
d3-array ^3.0.2
d3-axis ^3.0.0
d3-scale ^4.0.0
d3-selection ^3.0.0
d3-time ^3.0.0
d3-time-format ^4.0.0
del-cli ^4.0.1
env-cmd ^10.1.0
identity-obj-proxy ^3.0.0
jest ^27.5.1
jest-circus ^27.5.1
jest-environment-node-debug ^2.0.0
jest-expect-message ^1.0.2
jest-extended ^2.0.0
jest-extended-snapshot ^1.1.5
jest-fetch-mock ^3.0.3
jest-html ^1.5.0
jest-junit ^13.0.0
jest-sonar-reporter ^2.0.0
jest-supertest-matchers ^0.0.2
jest-watch-select-projects ^2.0.0
jest-watch-typeahead ^1.0.0
jsdom ^17.0.0
license-check-and-add ^4.0.3
lockfile-lint ^4.7.4
loglevel ^1.8.0
mockdate ^3.0.5
nodejs-dashboard ^0.5.1
nodelinter ^0.1.19
solidarity ^3.0.4
source-map-explorer ^2.5.2
ts-jest ^27.1.4
ts-node ^10.7.0
tsdx ^0.14.1
typescript ^4.6.2
typescript-coverage-report ^0.6.4
w3c-xmlserializer ^2.0.0
node >= 12.x
npm >= 5.0.0
packages/schema-diff/package.json
@compodoc/compodoc ^1.1.19
@jest/test-sequencer ^27.5.1
@testing-library/jest-dom ^5.16.4
@microsoft/api-extractor ^7.21.0
@types/jest ^27.4.1
@types/jest-expect-message ^1.0.4
@types/node ^17.0.21
@types/puppeteer ^5.4.5
auto-changelog ^2.4.0
await-sleep ^0.0.1
bundlesize ^0.18.1
codeclimate-test-reporter ^0.5.1
coveralls ^3.1.1
cross-env 7.0.3
del-cli ^4.0.1
env-cmd ^10.1.0
identity-obj-proxy ^3.0.0
jest ^27.5.1
jest-circus ^27.5.1
jest-environment-node-debug ^2.0.0
jest-expect-message ^1.0.2
jest-extended ^2.0.0
jest-extended-snapshot ^1.1.5
jest-fetch-mock ^3.0.3
jest-html ^1.5.0
jest-junit ^13.0.0
jest-sonar-reporter ^2.0.0
jest-supertest-matchers ^0.0.2
jest-watch-select-projects ^2.0.0
jest-watch-typeahead ^1.0.0
license-check-and-add ^4.0.3
lockfile-lint ^4.7.4
loglevel ^1.8.0
mockdate ^3.0.5
nodelinter ^0.1.19
solidarity ^3.0.4
source-map-explorer ^2.5.2
ts-jest ^27.1.4
ts-node ^10.7.0
tsdx ^0.14.1
typescript ^4.6.2
typescript-coverage-report ^0.6.4
node >= 12.x
npm >= 5.0.0
tilt_modules/tilt_inspector/package.json
@tilt.dev/tilt-inspector 0.1.8
.nvmrc
node 17.1.0
packages/changelog/.nvmrc
node 17.1.0
packages/contributors-view/.nvmrc
node 17.1.0
packages/github-client/.nvmrc
node 17.1.0
packages/graph-view/.nvmrc
node 17.1.0
packages/schema-diff/.nvmrc
node 17.1.0
docs/requirements.txt
jinja2 >=2.11.1
click-man >=0.4.1
mkdocs >=1.2
pygments >=2.4
mkdocs-material >=7.1.2
mkdocs-video >=1.3.0
markdown >=3.2
markdown-checklist >=0.0.1
fontawesome-markdown >=0.2.6
mkdocs-em-img2fig-plugin >=0.3.2
markdown-include >=0.6.0
pymdown-extensions >=8.2
python-markdown-math >=0.6
mkdocs-literate-nav >=0.4.1
mkdocs-material-extensions >=1.0
mkdocs-git-revision-date-localized-plugin >=0.9.2
mkdocs-awesome-pages-plugin >=2.5.0
mkdocs-mermaid2-plugin >=0.5.2
mkdocs-plugin-tags >=1.0.2
mkdocs-macros-plugin >=0.6.3
mkdocs-static-i18n >=0.14
mkdocs-minify-plugin >=0.5.0
mdx-truly-sane-lists >=1.2
mkdocs-include-markdown-plugin >=3.2.1
mkdocs-codeinclude-plugin >=0.1.0
mkdocs-markdownextradata-plugin >=0.1.1
mkdocs-redirects >=1.0.3
smarty >=0.3.3
cookiecutter >=1.7.3
mkdocs-git-committers-plugin >=0.2.2
mike >=1.1.2
mkautodoc >=0.1.0
mkdocs-simple-hooks >=0.1.5
setup.py
java-patterns =================
.python-version
python 3.8.2
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: c7e18da0aa615be0999facab96109b66dd25deaf
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-10-21
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: cab1959b859528c75870a68a563948e475d590f7
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: cab1959b859528c75870a68a563948e475d590f7
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/get-pkg-repo/node_modules/trim-newlines/package.json,java-patterns/node_modules/alex/node_modules/trim-newlines/package.json
Dependency Hierarchy:
Found in base branch: master
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution: trim-newlines - 3.0.1, 4.0.1
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/@textlint/linter-formatter/node_modules/ajv/package.json
Dependency Hierarchy:
Found in base branch: master
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1038786febc4d2287b75f9010bdf82c268a44175
Found in base branch: master
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.6.0.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: 1f54da4e2f129b3291544c4cf7a37509f981ecf3
Found in base branch: master
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/@textlint/linter-formatter/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f36cb2df7ee03044a62dbafa76b2f227006460dc
Found in base branch: master
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: java-patterns/package.json
Path to vulnerable library: java-patterns/node_modules/dockerfile_lint/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1b4aacceb567516b14f2acefdfaac2d063f30df5
Found in base branch: master
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.