GithubHelp home page GithubHelp logo

scriptex / touchsweep Goto Github PK

View Code? Open in Web Editor NEW
10.0 3.0 6.0 1.46 MB

Detect your swipe gestures direction

Home Page: https://touchsweep.atanas.info

License: MIT License

TypeScript 84.40% JavaScript 15.60%
touch-events event-detection mouse-events swipe-detector mouse-event-detection touch-event-detection

touchsweep's Introduction

Travis CI Github Build Codacy Badge Codebeat Badge CodeFactor Badge DeepScan grade Analytics

TouchSweep

Super tiny vanilla JS module to detect swipe direction and trigger custom events accordingly.

Visitor stats

GitHub stars GitHub forks GitHub watchers GitHub followers

Code stats

GitHub code size in bytes GitHub repo size GitHub language count GitHub top language GitHub last commit

Install

npm i touchsweep

or

yarn add touchsweep

Usage

import TouchSweep from 'touchsweep';

const area = document.getElementById('swipe-area');
const data = {
	value: 1
};
const touchThreshold = 20;

const touchSweepInstance = new TouchSweep(area, data, touchThreshold);

// Then listen for custom swipe events and do your magic:

area.addEventListener('swipeleft', event => {
	// You have swiped left
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

area.addEventListener('swiperight', event => {
	// You have swiped right
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

area.addEventListener('swipedown', event => {
	// You have swiped down
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

area.addEventListener('swipeup', event => {
	// You have swiped up
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

area.addEventListener('swipemove', event => {
	// You are swiped continuously
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

area.addEventListener('tap', event => {
	// You have tapped
	// Custom event data is located in `event.detail`
	// Details about coordinates are also available under `event.detail`
});

Options and default settings

The module constructor accepts three (3) arguments:

  • element: A HTML Element. Default is document.body
  • eventData: A plain JS object. Default is {}
  • threshold: How many pixels to count until an event is fired. Default is 40

API

TouchSweep provides a minimal API for you to use.

The TouchSweep instance exposes two public methods which allow you to add or to remove all event listeners responsible for the module functionality.

This is useful in cases where you want to remove the TouchSweep container/area from the DOM and prevent possible memory leaks by removing all event listeners related to this DOM element.

In order to remove all previously attached event listeners:

touchSweepInstance.unbind();

In order to add all previously removed event listeners:

touchSweepInstance.bind();

Supported Browsers

Currently all evergreen browsers are supported.

Demo

There is a simple demo illustrating how the TouchSweep library works.

Check the code here and the live demo here

Typescript

TouchSweep is written in Typescript and provides full Typescript support out of the box.

LICENSE

MIT

Connect with me:

                     
Support and sponsor my work:

touchsweep's People

Contributors

anonimusprogramus avatar dependabot[bot] avatar greenkeeper[bot] avatar jenswittmann avatar renovate-bot avatar renovate[bot] avatar scriptex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

wanjarus anonimusprogramus jpweeks dakur jenswittmann

touchsweep's Issues

Webpack build: Critical dependency: require function is used in a way in which dependencies cannot be statically extracted

I'd say there must be something broken with the built file in dist/ folder in v2. With v1.3 it worked well.

I use ES modules everywhere and typescript (even though it failed in .js file as well).

Output from webpack build with --stats-error-details:

WARNING in ./node_modules/touchsweep/dist/touchsweep.js 3:24-31
Critical dependency: require function is used in a way in which dependencies cannot be statically extracted
    at CommonJsRequireContextDependency.getWarnings ([myproject]\node_modules\webpack\lib\dependencies\ContextDependency.js:102:18)
    at Compilation.reportDependencyErrorsAndWarnings ([myproject]\node_modules\webpack\lib\Compilation.js:3132:24)
    at [myproject]\node_modules\webpack\lib\Compilation.js:2729:28
    at eval (eval at create ([myproject]\node_modules\tapable\lib\HookCodeFactory.js:33:10), <anonymous>:29:1)
    at [myproject]\node_modules\webpack\lib\FlagDependencyExportsPlugin.js:385:11
    at [myproject]\node_modules\neo-async\async.js:2830:7
    at Object.each ([myproject]\node_modules\neo-async\async.js:2850:39)
    at [myproject]\node_modules\webpack\lib\FlagDependencyExportsPlugin.js:361:18
    at [myproject]\node_modules\neo-async\async.js:2830:7
    at Object.each ([myproject]\node_modules\neo-async\async.js:2850:39)
    at [myproject]\node_modules\webpack\lib\FlagDependencyExportsPlugin.js:51:16
    at Hook.eval [as callAsync] (eval at create ([myproject]\node_modules\tapable\lib\HookCodeFactory.js:33:10), <anonymous>:25:1)
    at Hook.CALL_ASYNC_DELEGATE [as _callAsync] ([myproject]\node_modules\tapable\lib\Hook.js:18:14)
    at Compilation.finish ([myproject]\node_modules\webpack\lib\Compilation.js:2714:28)
    at [myproject]\node_modules\webpack\lib\Compiler.js:1182:19
    at processTicksAndRejections (node:internal/process/task_queues:78:11)
 @ [somepath]/FlashMessage.ts 2:19-40
 @ [somepath]/index.js 8:0-67 53:2-14

CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • babel-minify-0.5.1.tgz (Root Library)
    • yargs-parser-10.1.0.tgz (Vulnerable Library)

Found in HEAD commit: bc8501a85a429794231df230bb280aae1e250ee2

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/is-number/node_modules/kind-of/package.json

Dependency Hierarchy:

  • @babel/cli-7.8.0.tgz (Root Library)
    • chokidar-2.1.8.tgz
      • braces-2.3.2.tgz
        • fill-range-4.0.0.tgz
          • is-number-3.0.0.tgz
            • kind-of-3.2.2.tgz (Vulnerable Library)
kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

  • @babel/cli-7.8.0.tgz (Root Library)
    • chokidar-2.1.8.tgz
      • braces-2.3.2.tgz
        • snapdragon-0.8.2.tgz
          • base-0.11.2.tgz
            • cache-base-1.0.1.tgz
              • has-value-1.0.0.tgz
                • has-values-1.0.0.tgz
                  • kind-of-4.0.0.tgz (Vulnerable Library)
kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/kind-of/package.json

Dependency Hierarchy:

  • @babel/cli-7.8.0.tgz (Root Library)
    • chokidar-2.1.8.tgz
      • anymatch-2.0.0.tgz
        • micromatch-3.1.10.tgz
          • kind-of-6.0.2.tgz (Vulnerable Library)
kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

  • @babel/cli-7.8.0.tgz (Root Library)
    • chokidar-2.1.8.tgz
      • braces-2.3.2.tgz
        • snapdragon-0.8.2.tgz
          • define-property-0.2.5.tgz
            • is-descriptor-0.1.6.tgz
              • kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 7d66bcdf3b5cbdbae2dea3fb1824236c53a219b5

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/touchsweep/package.json

Path to vulnerable library: /tmp/ws-scm/touchsweep/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/cli-7.10.0.tgz (Root Library)
    • lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: 99273fa491d484086dac7a4c2691ba29f0d9e18a

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)
jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/index.html

Dependency Hierarchy:

  • jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 750ac1da735cd5a7030508baf869a8c036fec151

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /touchsweep/package.json

Path to vulnerable library: /tmp/git/touchsweep/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/cli-7.5.0.tgz (Root Library)
    • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: b22a70d609e41c9d365003a786fdf57f9dd99500

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz

CVE-2021-35065 - High Severity Vulnerability

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

  • @babel/cli-7.16.8.tgz (Root Library)
    • chokidar-3.5.1.tgz
      • glob-parent-5.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 1007a1043644bc2b8c78d8389e7b34c8db21ffe8

Found in base branch: master

Vulnerability Details

The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: gulpjs/glob-parent#49

Release Date: 2021-06-22

Fix Resolution: glob-parent - 6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23337 (High) detected in lodash-4.17.20.tgz

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: touchsweep/package.json

Path to vulnerable library: touchsweep/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/cli-7.12.17.tgz (Root Library)
    • lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: d7b01d2e8374ad08ed9593f711f838089423764c

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: touchsweep/package.json

Path to vulnerable library: touchsweep/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/cli-7.12.17.tgz (Root Library)
    • lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: d7b01d2e8374ad08ed9593f711f838089423764c

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)
jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/index.html

Dependency Hierarchy:

  • jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 750ac1da735cd5a7030508baf869a8c036fec151

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23364 (Medium) detected in browserslist-4.16.3.tgz

CVE-2021-23364 - Medium Severity Vulnerability

Vulnerable Library - browserslist-4.16.3.tgz

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz

Path to dependency file: touchsweep/package.json

Path to vulnerable library: touchsweep/node_modules/browserslist/package.json

Dependency Hierarchy:

  • core-7.13.15.tgz (Root Library)
    • helper-compilation-targets-7.13.13.tgz
      • browserslist-4.16.3.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Publish Date: 2021-04-28

URL: CVE-2021-23364

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364

Release Date: 2021-04-28

Fix Resolution: browserslist - 4.16.5

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23343 (Medium) detected in path-parse-1.0.6.tgz

CVE-2021-23343 - Medium Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: touchsweep/package.json

Path to vulnerable library: touchsweep/node_modules/path-parse

Dependency Hierarchy:

  • @babel/preset-env-7.14.2.tgz (Root Library)
    • babel-plugin-polyfill-corejs3-0.2.0.tgz
      • helper-define-polyfill-provider-0.2.0.tgz
        • resolve-1.20.0.tgz
          • path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: fc3897039451f477fffd102d570aef012dd7c313

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)
jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /touchsweep/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/touchsweep/node_modules/@babel/compat-data/build/compat-table/esnext/index.html

Dependency Hierarchy:

  • jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 750ac1da735cd5a7030508baf869a8c036fec151

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

Mouse cursor / Desktop option?

It would be nice if this library also allows to do these gestures using a mouse - and still register them as swipe events.

The touch interaction can be emulated in the Developer Tools - but this requested feature is meant to be used by the user.

CVE-2021-44906 (High) detected in minimist-1.2.5.tgz

CVE-2021-44906 - High Severity Vulnerability

Vulnerable Library - minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

  • babel-minify-0.5.1.tgz (Root Library)
    • mkdirp-0.5.5.tgz
      • minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: 78790d9a468990220ceae30976c9dc38b6728c99

Found in base branch: master

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/issues/164

Release Date: 2022-03-17

Fix Resolution: minimist - 1.2.6

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.