vnodesign / tuanducdesign.com Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://tuanducdesign-com.vercel.app
License: MIT License
Home Page: https://tuanducdesign-com.vercel.app
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@next/bundle-analyzer
, eslint-config-next
, next
)@next/bundle-analyzer
, eslint-config-next
, next
).github/workflows/prettier.yml
actions/checkout v4
package.json
@badrap/bar-of-progress ^0.2.2
@headlessui/react ^1.7.16
@juggle/resize-observer ^3.4.0
@mdx-js/react ^2.3.0
@reach/rect ^0.18.0
@tailwindcss/aspect-ratio ^0.4.2
@tailwindcss/forms ^0.5.4
@tailwindcss/typography ^0.5.9
clsx ^2.0.0
feed ^4.2.2
focus-visible ^5.2.0
gray-matter ^4.0.3
image-size ^1.0.2
intersection-observer ^0.12.2
mini-svg-data-uri ^1.4.4
next ^13.4.12
next-mdx-remote ^4.4.1
next-remote-watch ^2.0.0
next-seo ^6.1.0
next-sitemap ^4.1.8
prismjs ^1.29.0
react ^18.2.0
react-dom ^18.2.0
react-icons ^4.10.1
react-intersection-observer ^9.5.2
redent ^4.0.0
rehype-preset-minify ^7.0.0
rehype-prism-plus ^1.6.1
rehype-slug ^6.0.0
remark-gfm ^4.0.0
sharp ^0.32.4
slug ^8.2.3
unist-util-visit ^5.0.0
zustand ^4.3.9
@next/bundle-analyzer ^13.4.12
@svgr/webpack ^8.0.1
autoprefixer ^10.4.14
cross-env ^7.0.3
eslint ^8.46.0
eslint-config-next ^13.4.12
eslint-config-prettier ^9.0.0
eslint-plugin-prettier ^5.0.0
husky ^8.0.3
lint-staged ^15.0.0
postcss ^8.4.27
postcss-focus-visible ^9.0.0
postcss-import ^15.1.0
prettier ^3.0.0
prettier-plugin-tailwindcss ^0.5.0
tailwindcss ^3.3.3
yarn-upgrade-all ^0.7.2
High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, AVIF and TIFF images
Library home page: https://registry.npmjs.org/sharp/-/sharp-0.28.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sharp/package.json
Found in HEAD commit: a2ac6f23fde482c0c6bc4705b8cb10fa4e4be3cd
CVE | Severity | Dependency | Type | Fixed in (sharp version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-29256 | 6.7 | sharp-0.28.3.tgz | Direct | 0.30.5 | โ |
High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, AVIF and TIFF images
Library home page: https://registry.npmjs.org/sharp/-/sharp-0.28.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/sharp/package.json
Dependency Hierarchy:
Found in HEAD commit: a2ac6f23fde482c0c6bc4705b8cb10fa4e4be3cd
Found in base branch: main
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install
time when installing versions of sharp
prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKG_CONFIG_PATH
environment variable in a build environment then they might be able to use this to inject an arbitrary command at npm install
time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5.
Publish Date: 2022-05-25
URL: CVE-2022-29256
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29256
Release Date: 2022-05-25
Fix Resolution: 0.30.5
Step up your Open Source Security Game with Mend here
Found in HEAD commit: 6d439f5b5664eaa468eb91c02e6a6c97e8e15375
CVE | Severity | Dependency | Type | Fixed in (tailwindcss version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2023-2251 | 7.5 | yaml-1.10.2.tgz | Transitive | 3.3.2 | โ |
JavaScript parser and stringifier for YAML
Library home page: https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz
Dependency Hierarchy:
Found in HEAD commit: 6d439f5b5664eaa468eb91c02e6a6c97e8e15375
Found in base branch: main
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2.
Publish Date: 2023-04-24
URL: CVE-2023-2251
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-f9xv-q969-pqx4
Release Date: 2023-04-24
Fix Resolution (yaml): 2.0.0-0
Direct dependency fix Resolution (tailwindcss): 3.3.2
Step up your Open Source Security Game with Mend here
Found in HEAD commit: 6d439f5b5664eaa468eb91c02e6a6c97e8e15375
CVE | Severity | Dependency | Type | Fixed in (next-mdx-remote version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2020-7753 | 7.5 | trim-0.0.1.tgz | Transitive | 4.0.0 | โ |
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 6d439f5b5664eaa468eb91c02e6a6c97e8e15375
Found in base branch: main
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution (trim): 0.0.3
Direct dependency fix Resolution (next-mdx-remote): 4.0.0
Step up your Open Source Security Game with Mend here
High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, AVIF and TIFF images
Library home page: https://registry.npmjs.org/sharp/-/sharp-0.29.3.tgz
Found in HEAD commit: 0f996ffb9df1029c1a757c0161d57d02cd0cc908
CVE | Severity | Dependency | Type | Fixed in (sharp version) | Remediation Available | |
---|---|---|---|---|---|---|
CVE-2022-29256 | 6.7 | sharp-0.29.3.tgz | Direct | 0.30.5 | โ |
High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, AVIF and TIFF images
Library home page: https://registry.npmjs.org/sharp/-/sharp-0.29.3.tgz
Dependency Hierarchy:
Found in HEAD commit: 0f996ffb9df1029c1a757c0161d57d02cd0cc908
Found in base branch: main
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install
time when installing versions of sharp
prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKG_CONFIG_PATH
environment variable in a build environment then they might be able to use this to inject an arbitrary command at npm install
time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5.
Publish Date: 2022-05-25
URL: CVE-2022-29256
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29256
Release Date: 2022-05-25
Fix Resolution: 0.30.5
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.