pustovitdmytro / logger-decorator Goto Github PK
View Code? Open in Web Editor NEWprovides a unified and simple approach for class and function logging
License: MIT License
provides a unified and simple approach for class and function logging
License: MIT License
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Cross-Site Scripting via Improper Input Validation (parser differential) in parse-url before 8.0.0.
Through this vulnerability, an attacker is capable to execute malicious JS codes.
Publish Date: 2022-07-02
URL: WS-2022-0239
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5fa3115f-5c97-4928-874c-3cc6302e154e
Release Date: 2022-07-02
Fix Resolution: parse-url - 8.0.0
Step up your Open Source Security Game with Mend here
Is your feature request related to a problem? Please describe.
Prevent multiple logs of the same error
Describe the solution you'd like
API: something like:
{
logErrors: 'top-only'
}
Automated semver compliant package publishing
Library home page: https://registry.npmjs.org/semantic-release/-/semantic-release-19.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/semantic-release/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI
. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with encodeURI
when included in a URL are already masked properly.
Publish Date: 2022-06-09
URL: CVE-2022-31051
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-x2pg-mjhr-2m5x
Release Date: 2022-06-09
Fix Resolution: 19.0.3
Step up your Open Source Security Game with Mend here
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Publish Date: 2022-06-27
URL: CVE-2022-2216
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1/
Release Date: 2022-06-27
Fix Resolution: parse-url - 6.0.1
Step up your Open Source Security Game with Mend here
Issue Description
Hi. I tried the decorator (Class Logger to be exact) but the thing we noticed was that our benchmarks deteriorated. http_req_duration
went from 6ms to 35.15ms (a huge jump).
We are interested in intercepting only errors. So, we have a custom logger like this:
const logger = {
info: function () {
return;
},
verbose: function () {
return;
},
error: console.error
};
import { Decorator } from 'logger-decorator';
export const log = new Decorator({
name: 'myapp',
logger: logger,
timestamp: true
});
Where we log only errors. No other custom code has been used and we just decorate the classes with @log()
but this still leads to a huge impact on the benchmark. Any ideas on how we can solve this? Thanks 🙂
Please follow the general troubleshooting steps first:
There is minimal impact to the benchmarks after adding the decorators.
Adding the decorator leads to a 29ms jump in the benchmarks.
Output here
✓ no_errors
✓ expected_result
checks.........................: 100.00% ✓ 92154 ✗ 0
data_received..................: 16 MB 266 kB/s
data_sent......................: 22 MB 361 kB/s
http_req_blocked...............: avg=2.4µs min=1.19µs med=2.06µs max=236.84µs p(90)=3.33µs p(95)=3.93µs
http_req_connecting............: avg=15ns min=0s med=0s max=177.64µs p(90)=0s p(95)=0s
✓ http_req_duration..............: avg=6.35ms min=1.22ms med=4.55ms max=212.13ms p(90)=9.54ms p(95)=11.09ms
{ expected_response:true }...: avg=6.35ms min=1.22ms med=4.55ms max=212.13ms p(90)=9.54ms p(95)=11.09ms
http_req_failed................: 0.00% ✓ 0 ✗ 46077
http_req_receiving.............: avg=46.83µs min=18.26µs med=44.07µs max=8.95ms p(90)=58.28µs p(95)=64.29µs
http_req_sending...............: avg=20.62µs min=8.65µs med=19.18µs max=2.56ms p(90)=29.51µs p(95)=32.91µs
http_req_tls_handshaking.......: avg=0s min=0s med=0s max=0s p(90)=0s p(95)=0s
http_req_waiting...............: avg=6.28ms min=1.12ms med=4.48ms max=212.07ms p(90)=9.46ms p(95)=11ms
http_reqs......................: 46077 767.837431/s
iteration_duration.............: avg=6.5ms min=1.41ms med=4.69ms max=212.27ms p(90)=9.7ms p(95)=11.25ms
iterations.....................: 46077 767.837431/s
vus............................: 5 min=5 max=5
vus_max........................: 5 min=5 max=5
✓ no_errors
✓ expected_result
checks.........................: 100.00% ✓ 17010 ✗ 0
data_received..................: 3.0 MB 49 kB/s
data_sent......................: 4.0 MB 67 kB/s
http_req_blocked...............: avg=2.54µs min=1.19µs med=2.14µs max=200.64µs p(90)=3.59µs p(95)=4.16µs
http_req_connecting............: avg=83ns min=0s med=0s max=158.51µs p(90)=0s p(95)=0s
✗ http_req_duration..............: avg=35.15ms min=6.56ms med=19.37ms max=294.24ms p(90)=64.41ms p(95)=111.89ms
{ expected_response:true }...: avg=35.15ms min=6.56ms med=19.37ms max=294.24ms p(90)=64.41ms p(95)=111.89ms
http_req_failed................: 0.00% ✓ 0 ✗ 8505
http_req_receiving.............: avg=46.58µs min=18.3µs med=44.49µs max=265.25µs p(90)=63.11µs p(95)=70.55µs
http_req_sending...............: avg=20.69µs min=8.97µs med=19.59µs max=124.37µs p(90)=29.77µs p(95)=33.1µs
http_req_tls_handshaking.......: avg=0s min=0s med=0s max=0s p(90)=0s p(95)=0s
http_req_waiting...............: avg=35.08ms min=6.48ms med=19.32ms max=294.15ms p(90)=64.33ms p(95)=111.81ms
http_reqs......................: 8505 141.472685/s
iteration_duration.............: avg=35.3ms min=6.75ms med=19.52ms max=294.42ms p(90)=64.58ms p(95)=112.07ms
iterations.....................: 8505 141.472685/s
vus............................: 5 min=5 max=5
vus_max........................: 5 min=5 max=5
Environment:
Regular expression for matching semver versions
Library home page: https://registry.npmjs.org/semver-regex/-/semver-regex-3.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/semver-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Publish Date: 2022-06-02
URL: CVE-2021-43307
Base Score Metrics:
Type: Upgrade version
Origin: https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Release Date: 2022-06-02
Fix Resolution (semver-regex): 3.1.4
Direct dependency fix Resolution (semantic-release): 19.0.3
Step up your Open Source Security Game with Mend here
dublicates
=> duplicates
A light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: e6d60e02478ae9edf53af928379f1a378559d64c
Found in base branch: master
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Publish Date: 2022-01-16
URL: CVE-2022-0235
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r683-j2x4-v87g
Release Date: 2022-01-16
Fix Resolution: node-fetch - 2.6.7,3.1.1
Step up your Open Source Security Game with WhiteSource here
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.21.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.
Publish Date: 2022-05-03
URL: CVE-2022-1214
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/ef7b4ab6-a3f6-4268-a21a-e7104d344607/
Release Date: 2022-05-03
Fix Resolution: axios - v0.26.0
Step up your Open Source Security Game with WhiteSource here
Parses a link header and returns paging information for each contained link.
Library home page: https://registry.npmjs.org/parse-link-header/-/parse-link-header-1.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-link-header/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
Publish Date: 2021-12-24
URL: CVE-2021-23490
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23490
Release Date: 2021-12-24
Fix Resolution: parse-link-header - 2.0.0
Step up your Open Source Security Game with WhiteSource here
Simple JSON Addressing.
Library home page: https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/jsonpointer/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
Publish Date: 2021-11-03
URL: CVE-2021-23807
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23807
Release Date: 2021-11-03
Fix Resolution: jsonpointer - 5.0.0
Step up your Open Source Security Game with WhiteSource here
This issue provides visibility into Lalaps updates and their statuses.
decode-uri-component vulnerable to Denial of Service (DoS)
Library: decode-uri-component
Affected versions: <=0.2.0
Severity: low
Root Libraries:
danger
minimatch ReDoS vulnerability
Library: minimatch
Affected versions: <3.0.5
Severity: high
✔️ #112
Root Libraries:
mocha
#112Last Updated: 01 Dec 2022, at 01:22 UTC
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Publish Date: 2022-06-27
URL: CVE-2022-2218
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5/
Release Date: 2022-06-27
Fix Resolution: parse-url - 6.0.1
Step up your Open Source Security Game with Mend here
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/string-width/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution (ansi-regex): 5.0.1
Direct dependency fix Resolution (semantic-release): 19.0.3
Fix Resolution (ansi-regex): 3.0.1
Direct dependency fix Resolution (semantic-release): 19.0.3
Step up your Open Source Security Game with Mend here
JSON Schema validation and specifications
Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/json-schema/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Publish Date: 2021-11-13
URL: CVE-2021-3918
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918
Release Date: 2021-11-13
Fix Resolution: json-schema - 0.4.0
Step up your Open Source Security Game with WhiteSource here
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
File Protocol Spoofing in parse-url before 8.0.0 can lead to attacks, such as XSS, Arbitrary Read/Write File, and Remote Code Execution.
Publish Date: 2022-06-30
URL: WS-2022-0238
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/52060edb-e426-431b-a0d0-e70407e44f18/
Release Date: 2022-06-30
Fix Resolution: parse-url - 8.0.0
Step up your Open Source Security Game with Mend here
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Publish Date: 2022-06-27
URL: CVE-2022-0722
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226
Release Date: 2022-06-27
Fix Resolution: parse-url - 6.0.1
Step up your Open Source Security Game with Mend here
a package manager for JavaScript
Library home page: https://registry.npmjs.org/npm/-/npm-8.4.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. --workspaces
, --workspace=<name>
). Anyone who has run npm pack
or npm publish
inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.
Publish Date: 2022-06-13
URL: CVE-2022-29244
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hj9c-8jmm-8c52
Release Date: 2022-06-13
Fix Resolution (npm): 8.11.0
Direct dependency fix Resolution (semantic-release): 19.0.3
Step up your Open Source Security Game with Mend here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Warning
These dependencies are deprecated:
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@babel/cli
, @babel/core
, @babel/node
, @babel/plugin-proposal-decorators
, @babel/preset-env
, @babel/runtime
, eslint
, eslint-plugin-mocha
, eslint-plugin-no-secrets
, eslint-plugin-node
, eslint-plugin-promise
, eslint-plugin-sonarjs
, lockfile-lint
)@commitlint/cli
, @commitlint/lint
, babel-plugin-module-resolver
, chai
, conventional-changelog-eslint
, danger
, eslint
, eslint-plugin-markdown
, eslint-plugin-no-secrets
, eslint-plugin-regexp
, eslint-plugin-security
, eslint-plugin-sonarjs
, eslint-plugin-unicorn
, fs-extra
, husky
, jscpd
, mocha
, nyc
, semantic-release
, uuid
)These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
.github/workflows/codeql.yml
actions/checkout v3
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
.github/workflows/npt.yml
actions/checkout v2
actions/setup-node v2
actions/setup-node v2
package.json
myrmidon 1.10.0
@babel/cli ^7.23.9
@babel/core ^7.23.9
@babel/node ^7.23.9
@babel/plugin-proposal-class-properties ^7.18.6
@babel/plugin-proposal-decorators ^7.23.9
@babel/plugin-proposal-object-rest-spread ^7.20.7
@babel/plugin-proposal-optional-chaining ^7.21.0
@babel/polyfill ^7.12.1
@babel/preset-env ^7.23.9
@babel/runtime ^7.23.9
@commitlint/cli ^16.3.0
@commitlint/lint ^16.2.4
@semantic-release/changelog ^6.0.3
@semantic-release/git ^10.0.1
babel-plugin-module-resolver ^4.1.0
chai ^4.4.1
chance ^1.1.11
conventional-changelog-eslint ^3.0.9
coveralls ^3.1.1
danger ^10.9.0
eslint ^8.56.0
eslint-config-incredible ^2.4.4
eslint-plugin-censor ^1.5.3
eslint-plugin-import ^2.29.1
eslint-plugin-markdown ^2.2.1
eslint-plugin-mocha ^10.2.0
eslint-plugin-no-secrets ^0.8.9
eslint-plugin-node ^11.1.0
eslint-plugin-promise ^6.1.1
eslint-plugin-regexp ^1.15.0
eslint-plugin-scanjs-rules ^0.2.1
eslint-plugin-security ^1.7.1
eslint-plugin-sonarjs ^0.23.0
eslint-plugin-unicorn 42.0.0
fs-extra ^10.1.0
husky ^7.0.4
jscpd ^3.5.10
lockfile-lint ^4.13.1
mocha ^9.2.2
mocha-junit-reporter ^2.2.1
node-package-tester ^1.3.6
nyc ^15.1.0
semantic-release ^19.0.5
semantic-release-telegram ^1.6.2
test-console ^2.0.0
uuid ^8.3.2
node >=10
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cj88-88mr-972w
Release Date: 2021-06-22
Fix Resolution (glob-parent): 6.0.1
Direct dependency fix Resolution (@babel/cli): 7.17.3
Step up your Open Source Security Game with Mend here
Parse paths (local paths, urls: ssh/git/etc)
Library home page: https://registry.npmjs.org/parse-path/-/parse-path-4.0.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-path/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
Publish Date: 2022-06-28
URL: CVE-2022-0624
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0624
Release Date: 2022-06-28
Fix Resolution: parse-path - 5.0.0
Step up your Open Source Security Game with Mend here
Issue Description
To Reproduce
Steps to reproduce the behavior:
@Controller('user') // Route '/user' does not get mapped
@log()
export class UserController {...}
@log()
@Controller('client') // Route '/client' does not get mapped
export class ClientController {...}
@Controller('groups')
export class GroupsController {
@Get() // Route '/groups/' mapped successfully
@log()
async get() {...}
@log()
@get('client') // Route '/groups/client' does not get mapped
async getClientGroups() {...}
}
Environment:
Allow to log errors only
API will follow next convention:
const decorator = new Decorator({
logger,
timestamp : true,
errorsOnly: true
});
This should help in resolving some performance issues #45
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Regular Expression Denial of Service (ReDoS) in ionicabizau/parse-url before 8.0.0.
It allows cause a denial of service when calling function parse-url
Publish Date: 2022-07-04
URL: WS-2022-0237
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Please follow the general troubleshooting steps first:
Describe the solution you'd like
I would actually like two features:
{
logger: {
error: {
before: data => {},
after: data => {}
}
}
}
So that @log could record both before and after the function is executed
Edit
Maybe it should be a different property entirely, so it can be appended to an existing logger decorator without the need to pass the 'after' function again.
And additionally, I have cloned the repository and made a small fix to two issues, if possible, I'd like to push a branch and make a pull request
Example:
@log({
name: 'appname',
logger: {
info: {
before: data => console.log(data.method + ' started', data),
after: data => console.log(data.method + ' ended', data)
}
},
time: true
})
test = () => console.log('testing')
test started {
application: "appname" // Fixed on my branch 👍
<loggerdata, no result/error>
}
testing
test ended {
application: "appname"
<loggerdata>
time: <execution time> // e.g. 27ms
}
Thank you :)
Issue Description
@log({ name: 'test' })
Should be logged as
{
application: 'test', // Does not show in v1.8.0
...
}
Environment:
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 809d80347ac56e09ea88b61bf099a476fb1e1dcc
Found in base branch: master
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Publish Date: 2022-06-27
URL: CVE-2022-2217
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b/
Release Date: 2022-06-27
Fix Resolution: parse-url - 6.0.1
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.