jamland / mono-switch Goto Github PK
View Code? Open in Web Editor NEW๐๐ฒ Tool for quick switch between system STEREO / MONO audio output using shortcuts.
License: MIT License
๐๐ฒ Tool for quick switch between system STEREO / MONO audio output using shortcuts.
License: MIT License
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/lodash/package.json
Dependency Hierarchy:
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/dot-prop/package.json
Dependency Hierarchy:
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
Build cross platform desktop apps with JavaScript, HTML, and CSS
Library home page: https://registry.npmjs.org/electron/-/electron-4.0.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/electron/package.json
Dependency Hierarchy:
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.
Publish Date: 2020-07-07
URL: CVE-2020-15096
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6vrv-94jv-crrg
Release Date: 2020-07-07
Fix Resolution: electron - 6.1.11,8.2.4,9.0.0-beta.21
Step up your Open Source Security Game with WhiteSource here
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.7.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-01
Fix Resolution: serialize-javascript - 3.1.0
Step up your Open Source Security Game with WhiteSource here
โดMacOS Distribution:
https://github.com/electron-userland/electron-osx-sign/wiki/1.-Getting-Started
๐ฎ๐พโโ๏ธCode Siging:
https://github.com/electron/electron/blob/master/docs/tutorial/code-signing.md
โฝ๏ธElectron Update Guides:
https://electronjs.org/docs/tutorial/updates
https://github.com/electron/update.electronjs.org
electron-builder specific:
https://www.electron.build/auto-update.html#private-github-update-repo
๐คฑMacOS Human Interface Guidelines:
https://developer.apple.com/design/human-interface-guidelines/macos/overview/visual-index/
Build cross platform desktop apps with JavaScript, HTML, and CSS
Library home page: https://registry.npmjs.org/electron/-/electron-4.0.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/electron/package.json
Dependency Hierarchy:
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Publish Date: 2020-07-07
URL: CVE-2020-4076
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-m93v-9qjc-3g79
Release Date: 2020-07-07
Fix Resolution: 7.2.4,8.2.4,9.0.0-beta.21
Step up your Open Source Security Game with WhiteSource here
Build cross platform desktop apps with JavaScript, HTML, and CSS
Library home page: https://registry.npmjs.org/electron/-/electron-4.0.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/electron/package.json
Dependency Hierarchy:
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both contextIsolation
and contextBridge
are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Publish Date: 2020-07-07
URL: CVE-2020-4077
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-h9jc-284h-533g
Release Date: 2020-07-07
Fix Resolution: 7.2.4,8.2.4,9.0.0-beta.21
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/electron-webpack/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/yargs-parser/package.json
Dependency Hierarchy:
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: yargs/yargs-parser@63810ca
Release Date: 2020-06-05
Fix Resolution: 5.0.1;13.1.2;15.0.1;18.1.1
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/postcss-svgo/node_modules/js-yaml/package.json
Dependency Hierarchy:
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-05
URL: WS-2019-0063
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-05
Fix Resolution: js-yaml - 3.13.1
Step up your Open Source Security Game with WhiteSource here
Build cross platform desktop apps with JavaScript, HTML, and CSS
Library home page: https://registry.npmjs.org/electron/-/electron-4.0.1.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/electron/package.json
Dependency Hierarchy:
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault()
on all new-window events where the url
or options
is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Publish Date: 2020-07-07
URL: CVE-2020-4075
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-f9mq-jph6-9mhm
Release Date: 2020-07-07
Fix Resolution: 7.2.4,8.2.4,9.0.0-beta.21
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/postcss-svgo/node_modules/js-yaml/package.json
Dependency Hierarchy:
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-20
URL: WS-2019-0032
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-20
Fix Resolution: js-yaml - 3.13.0
Step up your Open Source Security Game with WhiteSource here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.7.5.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/node-forge/package.json
Dependency Hierarchy:
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Publish Date: 2020-09-01
URL: CVE-2020-7720
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
Release Date: 2020-09-13
Fix Resolution: node-forge - 0.10.0
Step up your Open Source Security Game with WhiteSource here
SockJS-node is a server counterpart of SockJS-client a JavaScript library that provides a WebSocket-like object in the browser. SockJS gives you a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication
Library home page: https://registry.npmjs.org/sockjs/-/sockjs-0.3.19.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/sockjs/package.json
Dependency Hierarchy:
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
Publish Date: 2020-07-09
URL: CVE-2020-7693
Base Score Metrics:
Type: Upgrade version
Origin: sockjs/sockjs-node#265
Release Date: 2020-07-09
Fix Resolution: sockjs - 0.3.20
Step up your Open Source Security Game with WhiteSource here
Check if a string or buffer is SVG
Library home page: https://registry.npmjs.org/is-svg/-/is-svg-2.1.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/is-svg/package.json
Dependency Hierarchy:
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
Publish Date: 2021-03-12
URL: CVE-2021-28092
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092
Release Date: 2021-03-12
Fix Resolution: v4.2.2
Step up your Open Source Security Game with WhiteSource here
Think about building a nice packaging script for faster builds and distribution
Hi, first of all I'd like to thank you for developing this. I was about to try to do the same thing so I really appreciate that you did it for me! Super useful for when I'm working on music and want to audition something in mono.
I have noticed that it can take 2-5 seconds for the setting to update after I initiate the toggle. This is acceptable but not the most convenient. I wondered if you had profiled what is taking a long time and if there could be any shortcuts to optimize the time it takes.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/lodash/package.json
Dependency Hierarchy:
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-23
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
HTTP proxying for the masses
Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.17.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/http-proxy/package.json
Dependency Hierarchy:
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
Publish Date: 2020-05-14
URL: WS-2020-0091
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1486
Release Date: 2020-05-26
Fix Resolution: http-proxy - 1.18.1
Step up your Open Source Security Game with WhiteSource here
There is github' guides regards best practices for open source:
https://opensource.guide/
And checklist to meet them:
https://github.com/jamland/mono-switch/community
Need to read it and try to accomplish.
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.7.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1
Step up your Open Source Security Game with WhiteSource here
A current packaged app is ~136Mb. Which is a way too much ๐
Think how to minify it. Some points:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/lodash/package.json
Dependency Hierarchy:
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@02906b8
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/minimist/package.json
Dependency Hierarchy:
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /mono-switch/package.json
Path to vulnerable library: mono-switch/node_modules/lodash/package.json
Dependency Hierarchy:
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.