Comments (9)
github-actions
commented on June 9, 2024
Thank you so much for contributing to our work!
from five-fifths-voter.
blumareks
commented on June 9, 2024
@davidnixon RE: OWASP - the initial scan is here: https://ibm.box.com/s/047u6izz6zpys7b3gkvw4smt1s9zsmqo thank you for looking into it.
from five-fifths-voter.
drealuc
commented on June 9, 2024
David will review report.
from five-fifths-voter.
drealuc
commented on June 9, 2024
Andrea meeting with John Wacklicki on 10/06 to discuss security advisement to use IBM internet services - firewall.
from five-fifths-voter.
davidnixon
commented on June 9, 2024
I am having some trouble running dependency-check with our solution. It does not like yarn, our package manager but prefers npm.
yarn audit show this:
yarn audit v1.22.5
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Remote Code Execution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @vue/cli-service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @vue/cli-service > copy-webpack-plugin > │
│ │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1548 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Prototype Pollution in node-forge │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ node-forge │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 0.10.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @vue/cli-service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @vue/cli-service > webpack-dev-server > selfsigned > │
│ │ node-forge │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1561 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @vue/cli-plugin-unit-jest │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @vue/cli-plugin-unit-jest > ts-jest > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
3 vulnerabilities found - Packages audited: 1575
Severity: 1 Low | 2 High
Done in 1.64s.
Still looking ...
from five-fifths-voter.
davidnixon
commented on June 9, 2024
Also looking at insider which show no vulberabilities
scan.pdf
still looking
from five-fifths-voter.
davidnixon
commented on June 9, 2024
yarn audit fixes on this branch f588628
Lets discuss next steps in scrum
from five-fifths-voter.
drealuc
commented on June 9, 2024
Will be closed on 10/12/20.
from five-fifths-voter.
drealuc
commented on June 9, 2024
Completed!
from five-fifths-voter.
Related Issues (20)
- Finding polling site and times in Georgia
- Early voting in Georgia election - GA site launch
- Deciding how to vote in Georgia election
- Mail-in ballot in Georgia election - GA site launch
- Election Day voting in Georgia election
- Voting ID & residency requirements in Georgia Election
- Investigate API data sources for Georgia Election
- Update Voter Journey Page - GA site launch
- Location API to route user to voter journey page - GA site launch
- Post Voter Registration deadline landing page - GA site launch
- Deliver your ballot update - GA site launch
- Fix navigation - GA site launch
- Invalid Date time on Deadlines for NC, should be more informative HOT 1
- There are 2 Election Day Voting Location listings HOT 1
- [Idea] Better datetime listing for early voting HOT 2
- Post midterm 2022
- Add Instagram button HOT 3
- Update GETSTARTED to more match Tutorial HOT 3
- Wish list for next versions HOT 1
- Home page 2024 - Our mission HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from five-fifths-voter.