alpersonalwebsite / myreads Goto Github PK
View Code? Open in Web Editor NEW[2016 - Some years ago...] - One of my first React projects
License: MIT License
[2016 - Some years ago...] - One of my first React projects
License: MIT License
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/webpack-dev-server/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 53fdd366e851c25b48c253f0f8f72629f27627d4
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Publish Date: 2020-05-01
URL: WS-2020-0068
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/package/yargs-parser
Release Date: 2020-05-04
Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1
Step up your Open Source Security Game with WhiteSource here
dependency
react was updated from 16.8.4
to 16.8.5
.dependency
react-dom was updated from 16.8.4
to 16.8.5
.This version is covered by your current version range and after updating it in your project the build failed.
This monorepo update includes releases of one or more dependencies which all belong to the react group definition.
react is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/sockjs/examples/express/index.html
Path to vulnerable library: /myReads/node_modules/sockjs/examples/express/index.html,/myReads/node_modules/sockjs/examples/multiplex/index.html,/myReads/node_modules/vm-browserify/example/run/index.html,/myReads/node_modules/sockjs/examples/echo/index.html,/myReads/node_modules/sockjs/examples/hapi/html/index.html,/myReads/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 9d78f8cf9a0c6413c5b55917c4151fb4791348b2
JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.
Publish Date: 2016-11-27
URL: WS-2016-0090
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-04-08
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
path: /tmp/git/myReads/node_modules/js-yaml/package.json
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz
Dependency Hierarchy:
Found in HEAD commit: dfbd26ad4a20dcaa179ca51fdb44659ad8fd9544
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-26
URL: WS-2019-0032
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-26
Fix Resolution: 3.13.0
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 53fdd366e851c25b48c253f0f8f72629f27627d4
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-2.0.1.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/shallow-clone/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: e20ef7c8f1390af826b02497e2f5afa0ae3414e8
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/webpack-dev-server/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: e2906d58b513fa7136b06e93de1d187b505ee653
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/sockjs/examples/express/index.html
Path to vulnerable library: /myReads/node_modules/sockjs/examples/express/index.html,/myReads/node_modules/sockjs/examples/multiplex/index.html,/myReads/node_modules/vm-browserify/example/run/index.html,/myReads/node_modules/sockjs/examples/echo/index.html,/myReads/node_modules/sockjs/examples/hapi/html/index.html,/myReads/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 9d78f8cf9a0c6413c5b55917c4151fb4791348b2
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/loader-fs-cache/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: e2906d58b513fa7136b06e93de1d187b505ee653
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.2
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/sockjs/examples/express-3.x/index.html
Path to vulnerable library: /myReads/node_modules/sockjs/examples/express-3.x/index.html,/myReads/node_modules/sockjs/examples/hapi/html/index.html,/myReads/node_modules/sockjs/examples/express/index.html,/myReads/node_modules/sockjs/examples/echo/index.html,/myReads/node_modules/sockjs/examples/multiplex/index.html
Dependency Hierarchy:
Found in HEAD commit: 53fdd366e851c25b48c253f0f8f72629f27627d4
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
path: /tmp/git/myReads/node_modules/braces/package.json
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Dependency Hierarchy:
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-02-21
URL: WS-2019-0019
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
4.3.1
to 4.4.0
.This version is covered by your current version range and after updating it in your project the build failed.
react-router-dom is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/sockjs/examples/express/index.html
Path to vulnerable library: /myReads/node_modules/sockjs/examples/express/index.html,/myReads/node_modules/sockjs/examples/multiplex/index.html,/myReads/node_modules/vm-browserify/example/run/index.html,/myReads/node_modules/sockjs/examples/echo/index.html,/myReads/node_modules/sockjs/examples/hapi/html/index.html,/myReads/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 9d78f8cf9a0c6413c5b55917c4151fb4791348b2
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Path to vulnerable library: /myReads/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/myReads/node_modules/@babel/compat-data/build/compat-table/es5/index.html
Path to vulnerable library: /myReads/node_modules/@babel/compat-data/build/compat-table/es5/index.html,/myReads/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html
Dependency Hierarchy:
Found in HEAD commit: e20ef7c8f1390af826b02497e2f5afa0ae3414e8
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial
branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/
.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz
Path to dependency file: /tmp/ws-scm/myReads/package.json
Path to vulnerable library: /tmp/ws-scm/myReads/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: aad8b14f11c540140775004b4fa5d8b105d8d5c7
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.