wearegenki / node-utils Goto Github PK
View Code? Open in Web Editor NEWReusable utilities for node apps.
License: Apache License 2.0
node-utils's People
Contributors
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Watchers
node-utils's Issues
CVE-2020-7753 (High) detected in trim-0.0.1.tgz
CVE-2020-7753 - High Severity Vulnerability
Vulnerable Library - trim-0.0.1.tgz
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: node-utils/package.json
Path to vulnerable library: node-utils/node_modules/trim/package.json
Dependency Hierarchy:
- minna-tools-essential-0.36.1-next.57.tgz (Root Library)
- eslint-config-0.36.1-next.57.tgz
- eslint-plugin-markdown-1.0.2.tgz
- remark-parse-5.0.0.tgz
- โ trim-0.0.1.tgz (Vulnerable Library)
- remark-parse-5.0.0.tgz
- eslint-plugin-markdown-1.0.2.tgz
- eslint-config-0.36.1-next.57.tgz
Found in HEAD commit: 71d14dece47b6d497b5c153fa8e990ccaec04679
Found in base branch: master
Vulnerability Details
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: component/trim#8
Release Date: 2020-10-27
Fix Resolution: trim - 0.0.3
Step up your Open Source Security Game with WhiteSource here
Dependency Dashboard
This issue provides visibility into Renovate updates and their statuses. Learn more
Edited/Blocked
These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.
Ignored or Blocked
These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
- Check this box to trigger a request for Renovate to run again on this repository
CVE-2021-3807 (High) detected in ansi-regex-5.0.0.tgz
CVE-2021-3807 - High Severity Vulnerability
Vulnerable Library - ansi-regex-5.0.0.tgz
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: node-utils/package.json
Path to vulnerable library: node-utils/node_modules/ansi-regex/package.json
Dependency Hierarchy:
- minna-tools-essential-0.36.1-next.57.tgz (Root Library)
- jest-config-0.36.1-next.57.tgz
- jest-25.2.3.tgz
- pretty-format-25.5.0.tgz
- โ ansi-regex-5.0.0.tgz (Vulnerable Library)
- pretty-format-25.5.0.tgz
- jest-25.2.3.tgz
- jest-config-0.36.1-next.57.tgz
Found in base branch: master
Vulnerability Details
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.