GithubHelp home page GithubHelp logo

uboss's Introduction

This project was bootstrapped with Create React App.

Available Scripts

In the project directory, you can run:

npm start

Runs the app in the development mode.
Open http://localhost:3000 to view it in the browser.

The page will reload if you make edits.
You will also see any lint errors in the console.

npm test

Launches the test runner in the interactive watch mode.
See the section about running tests for more information.

npm run build

Builds the app for production to the build folder.
It correctly bundles React in production mode and optimizes the build for the best performance.

The build is minified and the filenames include the hashes.
Your app is ready to be deployed!

See the section about deployment for more information.

npm run eject

Note: this is a one-way operation. Once you eject, you can’t go back!

If you aren’t satisfied with the build tool and configuration choices, you can eject at any time. This command will remove the single build dependency from your project.

Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except eject will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.

You don’t have to ever use eject. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.

Learn More

You can learn more in the Create React App documentation.

To learn React, check out the React documentation.

uboss's People

Contributors

amirping avatar

Watchers

avatar avatar

Forkers

hbj

uboss's Issues

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

path: /tmp/git/uBoss/node_modules/js-yaml/package.json

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • eslint-5.12.0.tgz
      • js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 7e570c8c7d27e2e1f27e9eb4f3cde336881a3acb

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

user profile menu stacked

after closing the interface of profile management the menu still up and cant click outside. the problem is related to anchorEL and it needs to be set it back to null

security work

  • getting APP_KEY from the backend
  • hash the local storage

User management

Full sprint run on the user management

  • Logout
  • Edit profile {data - password}
  • Signup
  • Login

Release 2

The following issue represents the second release in our app
image

Main axes to work on :

  • Showing card
  • Card data are shown in a popup
  • Card DND
  • Card API for all supported Platform (only trello)
  • Styling card depend on user view mode

WS-2019-0047 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-4.4.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-4.4.1.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • fsevents-1.2.4.tgz
      • node-pre-gyp-0.10.0.tgz
        • tar-4.4.1.tgz (Vulnerable Library)

Found in HEAD commit: 8b5d7641af924a5670dfc24f163d7d19ea3126d3

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.1.1.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.1.1.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.1.tgz

Path to dependency file: /uBoss/package.json

Path to vulnerable library: /tmp/git/uBoss/node_modules/handlebars/package.json

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • jest-23.6.0.tgz
      • jest-cli-23.6.0.tgz
        • istanbul-api-1.3.7.tgz
          • istanbul-reports-1.5.1.tgz
            • handlebars-4.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 9ee1f675cb5c94aa16c0ac1dccdca0afdef27d40

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

Dashboards Management

Implement the dashboards management in the application, and it has the following requirements

  • create a dashboard
  • edit dashboards
  • show dashboards
  • connect trello account
  • select the transform method (source list -> target list)
  • select dashboards from trello to load
  • Backend API

Edit dashboard note
for now, the dashboards edit can have an impact on the name and the description, lists name cannot be changed right now

WS-2019-0019 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

path: /tmp/git/uBoss/node_modules/braces/package.json

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • jest-23.6.0.tgz
      • jest-cli-23.6.0.tgz
        • micromatch-2.3.11.tgz
          • braces-1.8.5.tgz (Vulnerable Library)

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.12.2.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Path to dependency file: /uBoss/package.json

Path to vulnerable library: /tmp/git/uBoss/node_modules/js-yaml/package.json

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • eslint-5.12.0.tgz
      • js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 9ee1f675cb5c94aa16c0ac1dccdca0afdef27d40

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.