checkout my latest work here https://veritem.me
My Porgramming garden on the internet
This Project is under MIT licence
My Code Garden on the internet, moved to https://veritem.me/
License: MIT License
checkout my latest work here https://veritem.me
My Porgramming garden on the internet
This Project is under MIT licence
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz
Path to dependency file: codekin.tech/package.json
Path to vulnerable library: codekin.tech/node_modules/postcss-functions/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df
Found in base branch: main
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: codekin.tech/package.json
Path to vulnerable library: codekin.tech/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df
Found in base branch: main
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
This issue provides visibility into Renovate updates and their statuses. Learn more
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
remark-autolink-headings
, remark-slug
)Lightweight, robust, elegant syntax highlighting. A spin-off project from Dabblet.
Library home page: https://registry.npmjs.org/prismjs/-/prismjs-1.23.0.tgz
Path to dependency file: codekin.tech/package.json
Path to vulnerable library: codekin.tech/node_modules/mdx-prism/node_modules/prismjs/package.json
Dependency Hierarchy:
Found in base branch: main
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.
Publish Date: 2021-06-28
URL: CVE-2021-32723
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gj77-59wh-66hg
Release Date: 2021-06-28
Fix Resolution: prismjs - 1.24.0
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: codekin.tech/package.json
Path to vulnerable library: codekin.tech/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df
Found in base branch: main
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: codekin.tech/package.json
Path to vulnerable library: codekin.tech/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df
Found in base branch: main
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.