View Code? Open in Web Editor
NEW
HR Documentation là một nền tảng chia sẻ các kiến thức và tài liệu về Front End, Back End, Linux và Design dành cho những bạn HR mới bước chân vào nghề tuyển dụng.
Home Page: https://hrpenci.site
License: MIT License
JavaScript 2.44%
TypeScript 17.96%
SCSS 0.16%
Shell 0.01%
MDX 78.93%
CSS 0.50%
hrpenci.site's People
Watchers
hrpenci.site's Issues
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Rate-Limited
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
Update dependency preact to v10.19.6
Update dependency prettier-plugin-pkg to v0.18.1
Update dependency react-parallax-tilt to v1.7.214
Update dependency sharp to v0.33.2
Update dependency tailwind-merge to v2.2.1
Update dependency tailwindcss to v3.4.1
Update nextra monorepo to v2.13.4 (nextra
, nextra-theme-docs
)
Update dependency @ducanh2912/next-pwa to v10.2.5
Update dependency @types/node to v20.11.25
Update dependency next-seo to v6.5.0
Update dependency sass to v1.71.1
Update dependency typescript to v5.4.2
Update dependency webpack to v5.90.3
Update lint (@next/eslint-plugin-next
, @typescript-eslint/eslint-plugin
, @typescript-eslint/parser
, eslint
, eslint-plugin-react
, eslint-plugin-tailwindcss
, eslint-plugin-typescript-sort-keys
, prettier
, prettier-plugin-tailwindcss
)
Update nextjs monorepo to v14.1.3 (@next/env
, eslint-config-next
, next
)
Update sentry-javascript monorepo (@sentry/nextjs
, @sentry/profiling-node
)
🔐 Create all rate-limited PRs at once 🔐
Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Detected dependencies
github-actions
.github/workflows/codeql.yml
actions/checkout v4
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
npm
package.json
@ducanh2912/next-pwa ^10.0.0
@sentry/nextjs ^7.91.0
@sentry/profiling-node ^1.3.3
clsx ^2.1.0
is-absolute-url ^4.0.1
mini-svg-data-uri ^1.4.4
next ^14.0.4
next-seo ^6.4.0
next-sitemap ^4.2.3
nextra ^2.13.2
nextra-theme-docs ^2.13.2
nprogress ^0.2.0
preact ^10.19.3
react ^18.2.0
react-dom ^18.2.0
react-parallax-tilt ^1.7.177
sharp ^0.33.1
tailwind-merge ^2.2.0
@babel/core ^7.23.7
@ianvs/prettier-plugin-sort-imports ^4.1.1
@next/env ^14.0.4
@next/eslint-plugin-next ^14.0.4
@svgr/webpack ^8.1.0
@types/node ^20.10.8
@types/nprogress ^0.2.3
@types/react ^18.2.45
@typescript-eslint/eslint-plugin ^6.14.0
@typescript-eslint/parser ^6.17.0
autoprefixer ^10.4.16
cross-env ^7.0.3
eslint ^8.56.0
eslint-config-next ^14.0.4
eslint-config-prettier ^9.1.0
eslint-plugin-import ^2.29.1
eslint-plugin-react ^7.33.2
eslint-plugin-react-hooks ^4.6.0
eslint-plugin-tailwindcss ^3.13.1
eslint-plugin-typescript-sort-keys ^3.1.0
eslint-plugin-unicorn ^50.0.0
husky ^8.0.3
lint-staged ^15.2.0
postcss ^8.4.32
postcss-focus-visible ^9.0.1
postcss-import ^16.0.0
prettier ^3.1.1
prettier-plugin-pkg ^0.18.0
prettier-plugin-tailwindcss ^0.5.11
sass ^1.69.6
tailwindcss ^3.4.0
typescript ^5.3.3
webpack ^5.89.0
pnpm 8.14.1
Vulnerable Library - nextra-1.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Found in HEAD commit: 0f7cb9daf3eee4198e5a28d7d9a696f38a304ec4
Vulnerabilities
CVE
Severity
CVSS
Dependency
Type
Fixed in (nextra version)
Remediation Available
CVE-2022-33987
Medium
5.3
got-8.3.2.tgz
Transitive
N/A*
❌
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
CVE-2022-33987
Vulnerable Library - got-8.3.2.tgz
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-8.3.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
nextra-1.1.0.tgz (Root Library)
download-8.0.0.tgz
❌ got-8.3.2.tgz (Vulnerable Library)
Found in HEAD commit: 0f7cb9daf3eee4198e5a28d7d9a696f38a304ec4
Found in base branch: production
Vulnerability Details
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
CVSS 3 Score Details (5.3 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - next-pwa-5.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ejs/package.json
Vulnerabilities
CVE
Severity
CVSS
Dependency
Type
Fixed in (next-pwa version)
Remediation Available
CVE-2023-29827
Medium
5.5
ejs-3.1.9.tgz
Transitive
N/A*
❌
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
CVE-2023-29827
Vulnerable Library - ejs-3.1.9.tgz
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ejs/package.json
Dependency Hierarchy:
next-pwa-5.6.0.tgz (Root Library)
workbox-webpack-plugin-6.5.4.tgz
workbox-build-6.5.4.tgz
rollup-plugin-off-main-thread-2.2.3.tgz
❌ ejs-3.1.9.tgz (Vulnerable Library)
Found in base branch: production
Vulnerability Details
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.
Publish Date: 2023-05-04
URL: CVE-2023-29827
CVSS 3 Score Details (5.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with Mend here