The web app that works with rfid card reader used for embeded systems experiment project!
- Api: Rust with Rocket and PostgreSQL
- Fronted: Next.js with typescript
Handle transactions on an embedded software!
This issue provides visibility into Renovate updates and their statuses. Learn more
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/postcss-functions/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
A fast and correct HTTP library.
Library home page: https://crates.io/api/v1/crates/hyper/0.10.16/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
Publish Date: 2020-12-31
URL: CVE-2020-35863
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/hyperium/hyper/releases/tag/v0.12.34
Release Date: 2020-12-31
Fix Resolution: v0.12.34
Step up your Open Source Security Game with WhiteSource here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.1.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Unsafe helpers for working with raw trait objects.
Library home page: https://crates.io/api/v1/crates/traitobject/0.1.0/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
Publish Date: 2020-12-31
URL: CVE-2020-35881
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Lightweight non-blocking IO
Library home page: https://crates.io/api/v1/crates/mio/0.6.23/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Publish Date: 2020-12-31
URL: CVE-2020-35922
Base Score Metrics:
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0081.html
Release Date: 2020-12-31
Fix Resolution: 0.7.6
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in base branch: main
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.