vukan-markovic / book_trading_club Goto Github PK
View Code? Open in Web Editor NEWMEAN 2 Web application with CRUD operations and authentication
Home Page: https://bookclubtrading.herokuapp.com
License: MIT License
MEAN 2 Web application with CRUD operations and authentication
Home Page: https://bookclubtrading.herokuapp.com
License: MIT License
Vulnerabilities
DepShield reports that this application's usage of lodash.restparam:3.6.1 results in the following vulnerability(s):
Occurrences
lodash.restparam:3.6.1 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash.restparam:3.6.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
HTTP request logger middleware for node.js
Library home page: https://registry.npmjs.org/morgan/-/morgan-1.6.1.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /Book_trading_club/node_modules/morgan/package.json
Dependency Hierarchy:
morgan before 1.9.1 is vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.
Publish Date: 2018-11-25
URL: WS-2018-0209
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/735
Release Date: 2019-04-08
Fix Resolution: 1.9.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash._bindcallback:3.0.1 results in the following vulnerability(s):
Occurrences
lodash._bindcallback:3.0.1 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._bindcallback:3.0.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of mime:1.3.4 results in the following vulnerability(s):
Occurrences
mime:1.3.4 is a transitive dependency introduced by the following direct dependency(s):
• express:4.14.1
└─ send:0.14.2
└─ mime:1.3.4
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.foreach:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.foreach:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• mongoose-unique-validator:1.0.6
└─ lodash.foreach:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.isboolean:3.0.3 results in the following vulnerability(s):
Occurrences
lodash.isboolean:3.0.3 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.isboolean:3.0.3
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.isstring:4.0.1 results in the following vulnerability(s):
Occurrences
lodash.isstring:4.0.1 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.isstring:4.0.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of uglify-js:2.3.6 results in the following vulnerability(s):
Occurrences
uglify-js:2.3.6 is a transitive dependency introduced by the following direct dependency(s):
• hbs:3.1.1
└─ handlebars:3.0.0
└─ uglify-js:2.3.6
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.includes:4.3.0 results in the following vulnerability(s):
Occurrences
lodash.includes:4.3.0 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.includes:4.3.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
A comprehensive library for mime-type mapping
Library home page: https://registry.npmjs.org/mime/-/mime-1.3.4.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/mime/package.json
Dependency Hierarchy:
Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.
Publish Date: 2017-09-27
URL: WS-2017-0330
Type: Upgrade version
Origin: broofa/mime@1df903f
Release Date: 2019-04-03
Fix Resolution: 1.4.1,2.0.3
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.isplainobject:4.0.6 results in the following vulnerability(s):
Occurrences
lodash.isplainobject:4.0.6 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.isplainobject:4.0.6
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash._cacheindexof:3.0.2 results in the following vulnerability(s):
Occurrences
lodash._cacheindexof:3.0.2 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._cacheindexof:3.0.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/lodash/package.json
Dependency Hierarchy:
In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.
Publish Date: 2018-11-25
URL: WS-2018-0210
Type: Change files
Origin: lodash/lodash@90e6199
Release Date: 2018-08-31
Fix Resolution: Replace or update the following files: lodash.js, test.js
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash._baseindexof:3.1.0 results in the following vulnerability(s):
Occurrences
lodash._baseindexof:3.1.0 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._baseindexof:3.1.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.union:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.union:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash.union:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.isinteger:4.0.4 results in the following vulnerability(s):
Occurrences
lodash.isinteger:4.0.4 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.isinteger:4.0.4
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/morgan/node_modules/debug/package.json
Dependency Hierarchy:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
Base Score Metrics:
Type: Change files
Origin: debug-js/debug@42a6ae0
Release Date: 2017-09-21
Fix Resolution: Replace or update the following file: node.js
Step up your Open Source Security Game with WhiteSource here
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/snapdragon/node_modules/ms/package.json
Dependency Hierarchy:
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/send/node_modules/ms/package.json
Dependency Hierarchy:
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-05-15
URL: WS-2017-0247
Type: Change files
Origin: vercel/ms@305f2dd
Release Date: 2017-04-12
Fix Resolution: Replace or update the following file: index.js
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/lodash/package.json
Dependency Hierarchy:
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):
Occurrences
lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):
• mongoose:4.13.17
└─ lodash.get:4.4.2
• mongoose-unique-validator:1.0.6
└─ lodash.get:4.4.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-4.4.1.tgz
Dependency Hierarchy:
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/npm/node_modules/node-gyp/node_modules/tar/package.json
Dependency Hierarchy:
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
Publish Date: 2019-04-05
URL: WS-2019-0047
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/803
Release Date: 2019-04-05
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash._getnative:3.9.1 results in the following vulnerability(s):
Occurrences
lodash._getnative:3.9.1 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._createcache:3.1.2
└─ lodash._getnative:3.9.1
└─ lodash._getnative:3.9.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.once:4.1.1 results in the following vulnerability(s):
Occurrences
lodash.once:4.1.1 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.once:4.1.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
On registry https://registry.npmjs.org/
, the "latest" version (v2.0.0) of dependency boostrap
has the following deprecation notice:
Package no longer supported. Contact [email protected] for more info.
Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.
Affected package file(s): package.json
If you don't care about this, you can close this issue and not be warned about boostrap
's deprecation again. If you would like to completely disable all future deprecation warnings then add the following to your config:
"suppressNotifications": ["deprecationWarningIssues"]
🚨 You need to enable Continuous Integration on all branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial
branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/
.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial
branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.
Vulnerabilities
DepShield reports that this application's usage of lodash._createcache:3.1.2 results in the following vulnerability(s):
Occurrences
lodash._createcache:3.1.2 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._createcache:3.1.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/uglify-js/package.json
Dependency Hierarchy:
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
Publish Date: 2017-01-23
URL: CVE-2015-8857
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2018-12-15
Fix Resolution: v2.4.24
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of handlebars:3.0.0 results in the following vulnerability(s):
Occurrences
handlebars:3.0.0 is a transitive dependency introduced by the following direct dependency(s):
• hbs:3.1.1
└─ handlebars:3.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: http://registry.npmjs.org/handlebars/-/handlebars-3.0.0.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/handlebars/package.json
Dependency Hierarchy:
Quoteless Attributes in Templates can lead to Content Injection
Publish Date: 2015-12-14
URL: WS-2015-0003
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/61
Release Date: 2015-12-14
Fix Resolution: If you are unable to upgrade to version 4.0.0 or greater you can add quotes to your attributes in your handlebar templates.
Step up your Open Source Security Game with WhiteSource here
HTTP response freshness testing
Library home page: https://registry.npmjs.org/fresh/-/fresh-0.3.0.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/fresh/package.json
Dependency Hierarchy:
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Publish Date: 2018-06-07
URL: CVE-2017-16119
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/uglify-js/package.json
Dependency Hierarchy:
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Publish Date: 2017-01-23
URL: CVE-2015-8858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2018-12-15
Fix Resolution: v2.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.isnumber:3.0.3 results in the following vulnerability(s):
Occurrences
lodash.isnumber:3.0.3 is a transitive dependency introduced by the following direct dependency(s):
• jsonwebtoken:8.4.0
└─ lodash.isnumber:3.0.3
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Port of jQuery.extend for node.js and the browser
Library home page: https://registry.npmjs.org/extend/-/extend-3.0.1.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/extend/package.json
Dependency Hierarchy:
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16492
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/381185
Release Date: 2019-02-01
Fix Resolution: v3.0.2,v2.0.2
Step up your Open Source Security Game with WhiteSource here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/uglify-js/package.json
Dependency Hierarchy:
UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.
Publish Date: 2015-08-24
URL: WS-2015-0024
Type: Upgrade version
Origin: mishoo/UglifyJS@905b601
Release Date: 2017-01-31
Fix Resolution: v2.4.24
Step up your Open Source Security Game with WhiteSource here
A querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.2.0.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/qs/package.json
Dependency Hierarchy:
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
Publish Date: 2017-07-17
URL: CVE-2017-1000048
Base Score Metrics:
Type: Change files
Origin: ljharb/qs@c709f6e
Release Date: 2017-03-06
Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js
Step up your Open Source Security Game with WhiteSource here
A comprehensive library for mime-type mapping
Library home page: https://registry.npmjs.org/mime/-/mime-1.3.4.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/mime/package.json
Dependency Hierarchy:
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Publish Date: 2018-06-07
URL: CVE-2017-16138
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of qs:6.2.0 results in the following vulnerability(s):
Occurrences
qs:6.2.0 is a transitive dependency introduced by the following direct dependency(s):
• body-parser:1.15.2
└─ qs:6.2.0
• express:4.14.1
└─ qs:6.2.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash._root:3.0.1 results in the following vulnerability(s):
Occurrences
lodash._root:3.0.1 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash._baseuniq:4.6.0
└─ lodash._root:3.0.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of fresh:0.3.0 results in the following vulnerability(s):
Occurrences
fresh:0.3.0 is a transitive dependency introduced by the following direct dependency(s):
• express:4.14.1
└─ fresh:0.3.0
└─ send:0.14.2
└─ fresh:0.3.0
• serve-favicon:2.3.2
└─ fresh:0.3.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /Book_trading_club/package.json
Path to vulnerable library: /tmp/git/Book_trading_club/node_modules/uglify-js/package.json
Dependency Hierarchy:
Uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into .parse().
Publish Date: 2015-10-24
URL: WS-2015-0017
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/48
Release Date: 2015-10-24
Fix Resolution: Update to version 2.6.0 or later
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash.uniq:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
DepShield reports that this application's usage of debug:2.2.0 results in the following vulnerability(s):
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• npm:6.4.1
└─ lodash.clonedeep:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.