Git Product home page Git Product logo

buctbase's People

Contributors

aidenlx avatar airwsw avatar android-kitkat avatar aozaki-kuro avatar chisaato avatar cubercsl avatar dogtorrent avatar hans362 avatar imgbotapp avatar mahoo12138 avatar myl7 avatar naicfeng avatar ovler-young avatar pokobunhsu avatar renovate[bot] avatar rinrinx2 avatar shoucandanghehe avatar spencerwooo avatar starsbysea avatar therockstarind avatar

Stargazers

avatar avatar

Watchers

avatar

buctbase's Issues

npm audit found vulnerabilities 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 11.1.3 || 12.0.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next

3 vulnerabilities (1 moderate, 2 high)

To address all issues, run:
  npm audit fix

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update Node.js to v19
  • Update actions/checkout action to v3
  • Update actions/setup-node action to v3
  • Update dependency @types/react to v18
  • Update dependency @types/react-dom to v18
  • Update dependency @types/react-pdf to v6
  • Update dependency @types/react-syntax-highlighter to v15
  • Update dependency axios to v1
  • Update dependency csstype to v3
  • Update dependency i18next-parser to v7
  • Update dependency ioredis to v5
  • Update dependency next-i18next to v13
  • Update dependency plyr-react to v5
  • Update dependency react-hotkeys-hook to v4
  • Update dependency react-reader to v1
  • Update dependency swr to v2
  • Update nextjs monorepo to v13 (major) (@next/bundle-analyzer, eslint-config-next, next)
  • Update peter-evans/create-pull-request action to v4
  • Update react monorepo to v18 (major) (react, react-dom)
  • ๐Ÿ” Create all rate-limited PRs at once ๐Ÿ”

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

dockerfile
Dockerfile
  • node 18-alpine
github-actions
.github/workflows/Auto_Gen_Audit.yml
  • actions/checkout v2
  • pnpm/action-setup v2.0.1
  • actions/setup-node v2
  • peter-evans/create-pull-request v3
.github/workflows/pull.yml
npm
package.json
  • @fortawesome/fontawesome-svg-core ^1.2.35
  • @fortawesome/free-brands-svg-icons ^5.15.4
  • @fortawesome/free-regular-svg-icons ^5.15.3
  • @fortawesome/free-solid-svg-icons ^5.15.3
  • @fortawesome/react-fontawesome ^0.1.14
  • @headlessui/react ^1.4.0
  • @openfun/subsrt ^1.0.5
  • @tailwindcss/line-clamp ^0.3.1
  • awesome-debounce-promise ^2.1.0
  • axios ^0.25.0
  • cors ^2.8.5
  • countapi-js ^1.0.2
  • crypto-js ^4.1.1
  • csstype ^2.6.2
  • dayjs ^1.10.7
  • emoji-regex ^10.0.0
  • ioredis ^4.28.2
  • jszip ^3.7.1
  • mpegts.js ^1.6.10
  • next ^12.0.10
  • next-i18next ^10.2.0
  • nextjs-progressbar ^0.0.13
  • plyr-react ^3.2.1
  • preact ^10.10.6
  • preview-office-docs ^1.0.2
  • react ^17.0.2
  • react-async-hook ^4.0.0
  • react-audio-player ^0.17.0
  • react-cookie ^4.1.1
  • react-copy-to-clipboard ^5.0.3
  • react-dom ^17.0.2
  • react-hot-toast ^2.0.0
  • react-hotkeys-hook ^3.4.4
  • react-markdown ^8.0.0
  • react-reader ^0.21.0
  • react-syntax-highlighter ^15.4.5
  • react-use-system-theme ^1.1.1
  • rehype-katex ^6.0.2
  • rehype-raw ^6.0.0
  • remark-gfm ^3.0.1
  • remark-math ^5.1.1
  • swr ^1.2.0
  • use-clipboard-copy ^0.2.0
  • use-constant ^1.1.0
  • @next/bundle-analyzer ^12.2.5
  • @types/cors ^2.8.12
  • @types/crypto-js ^4.0.2
  • @types/ioredis ^4.28.5
  • @types/react 17.0.38
  • @types/react-copy-to-clipboard ^5.0.0
  • @types/react-dom ^17.0.8
  • @types/react-pdf ^5.0.4
  • @types/react-syntax-highlighter ^13.5.1
  • autoprefixer ^10.4.0
  • cross-env ^7.0.3
  • eslint 8.8.0
  • eslint-config-next 12.0.10
  • eslint-config-prettier ^8.3.0
  • i18next-parser ^5.4.0
  • postcss ^8.4.5
  • prettier ^2.5.1
  • prettier-plugin-tailwindcss ^0.1.4
  • tailwindcss ^3.0.18
  • typescript 4.5.5
  • Check this box to trigger a request for Renovate to run again on this repository

npm audit found vulnerabilities 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 11.1.3 || 12.0.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next

3 vulnerabilities (1 moderate, 2 high)

To address all issues, run:
  npm audit fix

npm audit found vulnerabilities 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next
    eslint-config-next  >=10.2.1-canary.2
    Depends on vulnerable versions of next
    node_modules/eslint-config-next

4 vulnerabilities (1 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

npm audit found vulnerabilities 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next
    eslint-config-next  >=10.2.1-canary.2
    Depends on vulnerable versions of next
    node_modules/eslint-config-next

4 vulnerabilities (1 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.