Handle transactions on an embedded software!
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
This issue provides visibility into Renovate updates and their statuses. Learn more
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Vulnerable Library - postcss-6.0.23.tgzTool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/postcss-functions/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - hyper-0.10.16.crateA fast and correct HTTP library.
Library home page: https://crates.io/api/v1/crates/hyper/0.10.16/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
Publish Date: 2020-12-31
URL: CVE-2020-35863
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/hyperium/hyper/releases/tag/v0.12.34
Release Date: 2020-12-31
Fix Resolution: v0.12.34
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - browserslist-4.16.1.tgzShare target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.1.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - traitobject-0.1.0.crateUnsafe helpers for working with raw trait objects.
Library home page: https://crates.io/api/v1/crates/traitobject/0.1.0/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
Publish Date: 2020-12-31
URL: CVE-2020-35881
CVSS 3 Score Details (9.8)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - glob-parent-2.0.0.tgzStrips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - mio-0.6.23.crateLightweight non-blocking IO
Library home page: https://crates.io/api/v1/crates/mio/0.6.23/download
Dependency Hierarchy:
Found in HEAD commit: 3647288a2edd1c830ab127bf57ab0a0ba7e93f4f
Found in base branch: main
Vulnerability Details
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
Publish Date: 2020-12-31
URL: CVE-2020-35922
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://rustsec.org/advisories/RUSTSEC-2020-0081.html
Release Date: 2020-12-31
Fix Resolution: 0.7.6
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - glob-parent-2.0.0.tgzStrips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: rfid_transaction/frontend/package.json
Path to vulnerable library: rfid_transaction/frontend/node_modules/glob-base/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
