Laravel - Shadcn UI
laravel-shadcn's Introduction
laravel-shadcn's People
laravel-shadcn's Issues
Click on this checkbox to rebase all open PRs at once
๐ Create all rate-limited PRs at once ๐
react-email-2.1.0.tgz: 1 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - react-email-2.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/next/package.json
Vulnerabilities
CVE | Severity | Dependency | Type | Fixed in (react-email version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2024-34351 | 7.5 | next-14.1.0.tgz | Transitive | 2.1.3-canary.0 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-34351
Vulnerable Library - next-14.1.0.tgz
Library home page: https://registry.npmjs.org/next/-/next-14.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/next/package.json
Dependency Hierarchy:
- react-email-2.1.0.tgz (Root Library)
- โ next-14.1.0.tgz (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the Host
header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a /
. This vulnerability was fixed in Next.js 14.1.1
.
Publish Date: 2024-05-09
URL: CVE-2024-34351
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-77r5-gw3j-2mpf
Release Date: 2024-05-09
Fix Resolution (next): 14.1.1-canary.0
Direct dependency fix Resolution (react-email): 2.1.3-canary.0
Step up your Open Source Security Game with Mend here
Dependency Dashboard
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Rate-Limited
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
- Update dependency @headlessui/react to v1.7.19
- Update dependency @headlessui/tailwindcss to v0.2.1
- Update dependency @react-email/components to v0.0.20
- Update dependency @tailwindcss/typography to v0.5.13
- Update dependency @types/lodash to v4.17.6
- Update dependency clsx to v2.1.1
- Update dependency laravel-vite-plugin to v1.0.4
- Update dependency laravel/sanctum to v4.0.2
- Update dependency react-day-picker to v8.10.1
- Update dependency react-email to v2.1.5
- Update dependency react-resizable-panels to v2.0.19
- Update dependency tailwindcss to v3.4.4
- Update dependency @hookform/resolvers to v3.6.0
- Update dependency @inertiajs/core to v1.2.0
- Update dependency @inertiajs/react to v1.2.0
- Update dependency @tanstack/react-table to v8.19.2
- Update dependency @tremor/react to v3.17.4
- Update dependency @vitejs/plugin-react to v4.3.1
- Update dependency @vitejs/plugin-react-swc to v3.7.0
- Update dependency axios to v1.7.2
- Update dependency inertiajs/inertia-laravel to v1.3.0
- Update dependency input-otp to v1.2.4
- Update dependency jotai to v2.8.4
- Update dependency laravel/framework to v11.13.0
- Update dependency laravel/jetstream to v5.1.2
- Update dependency laravel/pint to v1.16.1
- Update dependency laravel/sail to v1.30.0
- Update dependency lucide-react to ^0.400.0
- Update dependency pestphp/pest-plugin-laravel to v2.4.0
- Update dependency prettier to v3.3.2
- Update dependency spatie/laravel-ignition to v2.8.0
- Update dependency spatie/laravel-permission to v6.9.0
- Update dependency typescript to v5.5.3
- Update dependency vite to v5.3.2
- Update dependency ziggy-js to v2.2.1
- Update dependency zod to v3.23.8
- Update radix-ui-primitives monorepo (
@radix-ui/react-alert-dialog
,@radix-ui/react-avatar
,@radix-ui/react-checkbox
,@radix-ui/react-collapsible
,@radix-ui/react-context-menu
,@radix-ui/react-dialog
,@radix-ui/react-dropdown-menu
,@radix-ui/react-label
,@radix-ui/react-navigation-menu
,@radix-ui/react-popover
,@radix-ui/react-radio-group
,@radix-ui/react-scroll-area
,@radix-ui/react-select
,@radix-ui/react-separator
,@radix-ui/react-slider
,@radix-ui/react-slot
,@radix-ui/react-switch
,@radix-ui/react-tabs
,@radix-ui/react-toast
,@radix-ui/react-tooltip
) - Update dependency @headlessui/react to v2
- Update dependency nwidart/laravel-modules to v11
- ๐ Create all rate-limited PRs at once ๐
Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
- Update dependency mockery/mockery to v1.6.12
- Update dependency pestphp/pest to v2.34.8
- Update dependency postcss to v8.4.39
- Update dependency @types/node to v20.14.9
- Update dependency react-hook-form to v7.52.1
- Update dependency sonner to v1.5.0
- Update dependency spatie/laravel-medialibrary to v11.7.2
- Update dependency tailwind-merge to v2.3.0
- Update dependency tightenco/ziggy to v2.2.1
- Update react monorepo (
@types/react
,@types/react-dom
,react
,react-dom
) - Click on this checkbox to rebase all open PRs at once
Detected dependencies
composer
composer.json
php ^8.2
inertiajs/inertia-laravel ^1.0
laravel/framework ^11.0
laravel/jetstream ^5.0@dev
laravel/sanctum ^4.0
laravel/tinker ^2.9
nwidart/laravel-modules ^10.0
spatie/laravel-medialibrary ^11.0.0
spatie/laravel-permission ^6.4
tightenco/ziggy ^2.0
fakerphp/faker ^1.23
laravel/pint ^1.13
laravel/sail ^1.26
mockery/mockery ^1.6
nunomaduro/collision ^8.0
pestphp/pest ^2.0
pestphp/pest-plugin-laravel ^2.0
spatie/laravel-ignition ^2.4
npm
Modules/Master/package.json
axios ^1.1.2
laravel-vite-plugin ^1.0.0
sass ^1.69.5
postcss ^8.3.7
vite ^5.0.0
package.json
@headlessui/react ^1.7.18
@headlessui/tailwindcss ^0.2.0
@hookform/resolvers ^3.3.4
@inertiajs/core ^1.0.15
@inertiajs/react ^1.0.15
@radix-ui/react-alert-dialog ^1.0.5
@radix-ui/react-avatar ^1.0.4
@radix-ui/react-checkbox ^1.0.4
@radix-ui/react-collapsible ^1.0.3
@radix-ui/react-context-menu ^2.1.5
@radix-ui/react-dialog ^1.0.5
@radix-ui/react-dropdown-menu ^2.0.6
@radix-ui/react-icons ^1.3.0
@radix-ui/react-label ^2.0.2
@radix-ui/react-navigation-menu ^1.1.4
@radix-ui/react-popover ^1.0.7
@radix-ui/react-radio-group ^1.1.3
@radix-ui/react-scroll-area ^1.0.5
@radix-ui/react-select ^2.0.0
@radix-ui/react-separator ^1.0.3
@radix-ui/react-slider ^1.1.2
@radix-ui/react-slot ^1.0.2
@radix-ui/react-switch ^1.0.3
@radix-ui/react-tabs ^1.0.4
@radix-ui/react-toast ^1.1.5
@radix-ui/react-tooltip ^1.0.7
@react-email/components 0.0.15
@remixicon/react ^4.2.0
@tanstack/react-table ^8.13.2
@tremor/react ^3.14.1
class-variance-authority ^0.7.0
classnames ^2.5.1
clsx ^2.1.0
cmdk ^1.0.0
date-fns ^3.3.1
input-otp ^1.0.1
jotai ^2.7.1
lodash ^4.17.21
lucide-react ^0.358.0
next-themes ^0.3.0
react ^18.2.0
react-day-picker ^8.10.0
react-dom ^18.2.0
react-email 2.1.0
react-hook-form ^7.51.0
react-resizable-panels ^2.0.12
sonner ^1.4.3
tailwind-merge ^2.2.1
tailwindcss-animate ^1.0.7
ziggy-js ^2.0.0
zod ^3.22.4
@prettier/plugin-php ^0.22.0
@tailwindcss/forms ^0.5.7
@tailwindcss/typography ^0.5.10
@types/lodash ^4.14.202
@types/node ^20.11.25
@types/react ^18.2.64
@types/react-dom ^18.2.21
@vitejs/plugin-react ^4.0.0
@vitejs/plugin-react-swc ^3.6.0
autoprefixer ^10.4.18
axios ^1.6.7
laravel-vite-plugin ^1.0.0
postcss ^8.4.35
prettier ^3.0.0
tailwindcss ^3.4.1
typescript ^5.0.0
vite ^5.0.0
- Check this box to trigger a request for Renovate to run again on this repository
spatie/laravel-medialibrary-11.4.5: 1 vulnerabilities (highest severity is: 9.8)
Vulnerabilities
CVE | Severity | Dependency | Type | Fixed in (spatie/laravel-medialibrary version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2024-34515 | 9.8 | spatie/image-optimizer-1.7.2 | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-34515
Vulnerable Library - spatie/image-optimizer-1.7.2
Easily optimize images using PHP
Library home page: https://api.github.com/repos/spatie/image-optimizer/zipball/62f7463483d1bd975f6f06025d89d42a29608fe1
Dependency Hierarchy:
- spatie/laravel-medialibrary-11.4.5 (Root Library)
- spatie/image-3.4.0
- โ spatie/image-optimizer-1.7.2 (Vulnerable Library)
- spatie/image-3.4.0
Found in base branch: main
Vulnerability Details
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar protocol in arguments to file_exists.
Publish Date: 2024-05-05
URL: CVE-2024-34515
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2024-05-05
Fix Resolution: 1.7.3
Step up your Open Source Security Game with Mend here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.