maxmilton / maxmilton.com Goto Github PK

View Code? Open in Web Editor NEW

2.0 3.0 0.0 8.47 MB

🗨 My personal blog site

Home Page: https://maxmilton.com

License: MIT License

JavaScript 16.36% TypeScript 44.79% HTML 31.78% CSS 7.07%

personal-website blog svelte sapper maxmilton

maxmilton.com's Introduction

maxmilton.com

My personal blog.

Made with

Tech highlights from the current version:

svelte JS framework
sapper web app framework
minna-ui CSS and web UI framework
postcss style preprocessor
rollup app bundler
unified/remark/rehype powering a custom markdown renderer

Licence

maxmilton.com is an MIT licensed open source project. See LICENCE.

maxmilton.com's People

Contributors

Stargazers

Watchers

maxmilton.com's Issues

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Update dependency eslint to v8

Check this box to trigger a request for Renovate to run again on this repository

CVE-2021-3807 (Medium) detected in ansi-regex-5.0.0.tgz, ansi-regex-4.1.0.tgz

CVE-2021-3807 - Medium Severity Vulnerability

Vulnerable Libraries - ansi-regex-5.0.0.tgz, ansi-regex-4.1.0.tgz

ansi-regex-5.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/ansi-regex

Dependency Hierarchy:

jest-26.6.3.tgz (Root Library)
- jest-cli-26.6.3.tgz
  - test-result-26.6.2.tgz
    - console-26.6.2.tgz
      - jest-message-util-26.6.2.tgz
        
        pretty-format-26.6.2.tgz
        
        ❌ ansi-regex-5.0.0.tgz (Vulnerable Library)

ansi-regex-4.1.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/ansi-regex

Dependency Hierarchy:

minna-tools-0.36.1-next.57.tgz (Root Library)
- rollup-plugin-purgecss-0.36.1-next.57.tgz
  - purgecss-1.4.2.tgz
    - yargs-14.2.3.tgz
      - cliui-5.0.0.tgz
        
        strip-ansi-5.2.0.tgz
        
        ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23382 (Medium) detected in postcss-6.0.23.tgz

CVE-2021-23382 - Medium Severity Vulnerability

Vulnerable Library - postcss-6.0.23.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/postcss

Dependency Hierarchy:

minna-ui-0.36.1-next.57.tgz (Root Library)
- postcss-config-0.36.1-next.57.tgz
  - postcss-use-3.0.0.tgz
    - ❌ postcss-6.0.23.tgz (Vulnerable Library)

Found in HEAD commit: 56e0f4fd3b7e6fe896c897b8556d1bcc6c07eb0c

Found in base branch: master

Vulnerability Details

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Publish Date: 2021-04-26

URL: CVE-2021-23382

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382

Release Date: 2021-04-26

Fix Resolution: postcss - 8.2.13

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3803 (Medium) detected in nth-check-1.0.2.tgz

CVE-2021-3803 - Medium Severity Vulnerability

Vulnerable Library - nth-check-1.0.2.tgz

performant nth-check parser & compiler

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/nth-check

Dependency Hierarchy:

minna-ui-0.36.1-next.57.tgz (Root Library)
- postcss-config-0.36.1-next.57.tgz
  - cssnano-4.1.11.tgz
    - cssnano-preset-default-4.0.8.tgz
      - postcss-svgo-4.0.3.tgz
        
        svgo-1.3.2.tgz
        
        css-select-2.1.0.tgz
        
        ❌ nth-check-1.0.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

nth-check is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3803

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: fb55/nth-check@v2.0.0...v2.0.1

Release Date: 2021-09-17

Fix Resolution: nth-check - v2.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7753 (High) detected in trim-0.0.1.tgz

CVE-2020-7753 - High Severity Vulnerability

Vulnerable Library - trim-0.0.1.tgz

Trim string whitespace

Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/trim

Dependency Hierarchy:

minna-tools-0.36.1-next.57.tgz (Root Library)
- eslint-config-0.36.1-next.57.tgz
  - eslint-plugin-markdown-1.0.2.tgz
    - remark-parse-5.0.0.tgz
      - ❌ trim-0.0.1.tgz (Vulnerable Library)

Found in HEAD commit: 56e0f4fd3b7e6fe896c897b8556d1bcc6c07eb0c

Found in base branch: master

Vulnerability Details

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Publish Date: 2020-10-27

URL: CVE-2020-7753

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: component/trim#8

Release Date: 2020-10-27

Fix Resolution: trim - 0.0.3

Step up your Open Source Security Game with WhiteSource here

Not all blog posts are exported

This is a known issue. There's an open PR to fix; sveltejs/sapper#869

CVE-2021-33502 (High) detected in normalize-url-3.3.0.tgz

CVE-2021-33502 - High Severity Vulnerability

Vulnerable Library - normalize-url-3.3.0.tgz

Normalize a URL

Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/normalize-url

Dependency Hierarchy:

minna-ui-0.36.1-next.57.tgz (Root Library)
- postcss-config-0.36.1-next.57.tgz
  - cssnano-4.1.11.tgz
    - cssnano-preset-default-4.0.8.tgz
      - postcss-normalize-url-4.0.1.tgz
        
        ❌ normalize-url-3.3.0.tgz (Vulnerable Library)

Found in HEAD commit: 56e0f4fd3b7e6fe896c897b8556d1bcc6c07eb0c

Found in base branch: master

Vulnerability Details

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Publish Date: 2021-05-24

URL: CVE-2021-33502

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502

Release Date: 2021-05-24

Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23368 (Medium) detected in postcss-7.0.35.tgz - autoclosed

CVE-2021-23368 - Medium Severity Vulnerability

Vulnerable Library - postcss-7.0.35.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/postcss

Dependency Hierarchy:

minna-ui-0.36.1-next.57.tgz (Root Library)
- preprocess-0.36.1-next.57.tgz
  - postcss-scss-2.1.1.tgz
    - ❌ postcss-7.0.35.tgz (Vulnerable Library)

Found in HEAD commit: 56e0f4fd3b7e6fe896c897b8556d1bcc6c07eb0c

Found in base branch: master

Vulnerability Details

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Publish Date: 2021-04-12

URL: CVE-2021-23368

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368

Release Date: 2021-04-12

Fix Resolution: postcss -8.2.10

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3777 (Medium) detected in tmpl-1.0.4.tgz

CVE-2021-3777 - Medium Severity Vulnerability

Vulnerable Library - tmpl-1.0.4.tgz

JavaScript micro templates.

Library home page: https://registry.npmjs.org/tmpl/-/tmpl-1.0.4.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/tmpl

Dependency Hierarchy:

jest-26.6.3.tgz (Root Library)
- jest-cli-26.6.3.tgz
  - jest-config-26.6.3.tgz
    - jest-jasmine2-26.6.3.tgz
      - jest-snapshot-26.6.2.tgz
        
        jest-haste-map-26.6.2.tgz
        
        walker-1.0.7.tgz
        
        makeerror-1.0.11.tgz
        
        ❌ tmpl-1.0.4.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-15

URL: CVE-2021-3777

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/daaku/nodejs-tmpl/releases/tag/v1.0.5

Release Date: 2021-09-15

Fix Resolution: tmpl - 1.0.5

Step up your Open Source Security Game with WhiteSource here

CVE-2021-33587 (High) detected in css-what-3.4.2.tgz

CVE-2021-33587 - High Severity Vulnerability

Vulnerable Library - css-what-3.4.2.tgz

a CSS selector parser

Library home page: https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz

Path to dependency file: maxmilton.com/package.json

Path to vulnerable library: maxmilton.com/node_modules/css-what

Dependency Hierarchy:

minna-ui-0.36.1-next.57.tgz (Root Library)
- postcss-config-0.36.1-next.57.tgz
  - cssnano-4.1.11.tgz
    - cssnano-preset-default-4.0.8.tgz
      - postcss-svgo-4.0.3.tgz
        
        svgo-1.3.2.tgz
        
        css-select-2.1.0.tgz
        
        ❌ css-what-3.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 56e0f4fd3b7e6fe896c897b8556d1bcc6c07eb0c

Found in base branch: master

Vulnerability Details

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

Publish Date: 2021-05-28

URL: CVE-2021-33587

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587

Release Date: 2021-05-28

Fix Resolution: css-what - 5.0.1

Step up your Open Source Security Game with WhiteSource here

maxmilton / maxmilton.com Goto Github PK

maxmilton.com's Introduction

maxmilton.com

Made with

Licence

maxmilton.com's People

Contributors

Stargazers

Watchers

maxmilton.com's Issues

Open

Ignored or Blocked

CVE-2021-3807 - Medium Severity Vulnerability

CVE-2021-23382 - Medium Severity Vulnerability

CVE-2021-3803 - Medium Severity Vulnerability

CVE-2020-7753 - High Severity Vulnerability

CVE-2021-33502 - High Severity Vulnerability

CVE-2021-23368 - Medium Severity Vulnerability

CVE-2021-3777 - Medium Severity Vulnerability

CVE-2021-33587 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org