scriptex / animateme Goto Github PK
View Code? Open in Web Editor NEWReveal DOM elements as you scroll
Home Page: https://animate-me.atanas.info
License: MIT License
Reveal DOM elements as you scroll
Home Page: https://animate-me.atanas.info
License: MIT License
Is there any way to disable AnimateMe after it has been applied?
Similarly, skrollr has: skrollr.init().destroy();
A querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.10.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: d65d37f6b24ed74a3bfe302093361caa78536613
Found in base branch: master
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.
Publish Date: 2022-03-17
URL: CVE-2021-44907
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44907
Release Date: 2022-03-17
Fix Resolution: GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;cloudscribe.templates - 5.2.0;KnstAsyncApiUI - 1.0.2-pre;Romano.Vue - 1.0.1;Yarnpkg.Yarn - 0.26.1;VueJS.NetCore - 1.1.1;NativeScript.Sidekick.Standalone.Shell - 1.9.1-v2018050205;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;dotnetng.template - 1.0.0.2;Fable.Template.Elmish.React - 0.1.6;Fable.Snowpack.Template - 2.1.0;Yarn.MSBuild - 0.22.0,0.24.6
Step up your Open Source Security Game with WhiteSource here
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/path-parse/package.json,AnimateMe/node_modules/path-parse
Dependency Hierarchy:
Found in HEAD commit: cd3091d7c07e4851cad7349b398737af73dfce95
Found in base branch: master
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/glob-parent
Dependency Hierarchy:
Found in HEAD commit: 700196faeae8f40b9f85070d2b24e16a5bc169bf
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c1e2c634db79cd7267acafaf4b0f7cd5461dd33
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: d65d37f6b24ed74a3bfe302093361caa78536613
Found in base branch: master
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44906
Release Date: 2022-03-17
Fix Resolution: BumperLane.Public.Service.Contracts - 0.23.35.214-prerelease;cloudscribe.templates - 5.2.0;Virteom.Tenant.Mobile.Bluetooth - 0.21.29.159-prerelease;ShowingVault.DotNet.Sdk - 0.13.41.190-prerelease;Envisia.DotNet.Templates - 3.0.1;Yarnpkg.Yarn - 0.26.1;Virteom.Tenant.Mobile.Framework.UWP - 0.20.41.103-prerelease;Virteom.Tenant.Mobile.Framework.iOS - 0.20.41.103-prerelease;BumperLane.Public.Api.V2.ClientModule - 0.23.35.214-prerelease;VueJS.NetCore - 1.1.1;Dianoga - 4.0.0,3.0.0-RC02;Virteom.Tenant.Mobile.Bluetooth.iOS - 0.20.41.103-prerelease;Virteom.Public.Utilities - 0.23.37.212-prerelease;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;Virteom.Tenant.Mobile.Framework - 0.21.29.159-prerelease;Virteom.Tenant.Mobile.Bluetooth.Android - 0.20.41.103-prerelease;z4a-dotnet-scaffold - 1.0.0.2;Raml.Parser - 1.0.7;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;SitecoreMaster.TrueDynamicPlaceholders - 1.0.3;Virteom.Tenant.Mobile.Framework.Android - 0.20.41.103-prerelease;Fable.Template.Elmish.React - 0.1.6;BlazorPolyfill.Build - 6.0.100.2;Fable.Snowpack.Template - 2.1.0;BumperLane.Public.Api.Client - 0.23.35.214-prerelease;Yarn.MSBuild - 0.22.0,0.24.6;Blazor.TailwindCSS.BUnit - 1.0.2;Bridge.AWS - 0.3.30.36;tslint - 5.6.0;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: bbf742371ca48f55212a5f6af9a3592898bc4375
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
This issue provides visibility into Renovate updates and their statuses. Learn more
This repository currently has no open or pending branches.
Extend the CSS file and add predefined animations.
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: aca3ba6a574fbdd8af527d2793a455cd3032dcf3
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html,/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html
Dependency Hierarchy:
Found in HEAD commit: 8195843b5d64a21b9a0c00753c65dc738dd7e968
JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.
Publish Date: 2016-11-27
URL: WS-2016-0090
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-04-08
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: bbf742371ca48f55212a5f6af9a3592898bc4375
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Publish Date: 2020-05-01
URL: WS-2020-0068
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/package/yargs-parser
Release Date: 2020-05-04
Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html,/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html
Dependency Hierarchy:
Found in HEAD commit: 8195843b5d64a21b9a0c00753c65dc738dd7e968
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Use Webpack to build and export for all environments using the UMD pattern
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c1e2c634db79cd7267acafaf4b0f7cd5461dd33
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: c9fcf85bc0d8e840d2148b9495752ac32b7f2209
Found in base branch: master
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /AnimateMe/package.json
Path to vulnerable library: /tmp/git/AnimateMe/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 122c18a40e27192676945bd05c469ea3a36baa7e
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 95418d542f2e4ea6cf38900a561f7a54b1497093
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: gulpjs/glob-parent#49
Release Date: 2021-06-22
Fix Resolution: glob-parent - 6.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html
Path to vulnerable library: /AnimateMe/node_modules/@babel/compat-data/build/compat-table/es2016plus/index.html,/AnimateMe/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html
Dependency Hierarchy:
Found in HEAD commit: 8195843b5d64a21b9a0c00753c65dc738dd7e968
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/is-number/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/AnimateMe/package.json
Path to vulnerable library: /tmp/ws-scm/AnimateMe/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: ffacec9e8ee470e4f624d1ac78f7e8d623140a4f
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Step up your Open Source Security Game with WhiteSource here
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/normalize-url
Dependency Hierarchy:
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: AnimateMe/package.json
Path to vulnerable library: AnimateMe/node_modules/normalize-url
Dependency Hierarchy:
Found in HEAD commit: 700196faeae8f40b9f85070d2b24e16a5bc169bf
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.