Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[skip netlify] owaspzap #1183

Merged
merged 1 commit into from
Dec 30, 2022
Merged

[skip netlify] owaspzap #1183

merged 1 commit into from
Dec 30, 2022

Conversation

tubone24
Copy link
Owner

No description provided.

@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

  • Unused dependencies

    • @popperjs/core
    • @sentry/react
    • @typescript-eslint/eslint-plugin
    • babel-loader
    • babel-polyfill
    • classnames
    • flexboxgrid
    • gatsby-legacy-polyfills
    • gatsby-plugin-flexsearch
    • gatsby-plugin-twitter
    • gatsby-react-router-scroll
    • html-minifier
    • intersection-observer
    • md5
    • preact
    • preact-render-to-string
    • react-body-classname
    • react-dom
    • rimraf
    • sass
    • typescript
    • webpack
  • Unused devdependencies

    • @babel/core
    • @babel/preset-typescript
    • @storybook/addon-a11y
    • @storybook/addon-controls
    • @storybook/addon-essentials
    • @storybook/addon-info
    • @storybook/addon-interactions
    • @storybook/addon-knobs
    • @storybook/addon-links
    • @storybook/addon-storysource
    • @storybook/addon-viewport
    • @storybook/builder-webpack5
    • @storybook/manager-webpack5
    • @textlint-rule/textlint-rule-no-duplicate-abbr
    • @types/jest
    • @types/react-test-renderer
    • @types/responselike
    • axe-core
    • babel-eslint
    • babel-plugin-transform-runtime
    • core-js
    • cross-env
    • css-loader
    • cypress
    • eslint
    • eslint-config-airbnb
    • eslint-import-resolver-webpack
    • eslint-plugin-import
    • eslint-plugin-jsx-a11y
    • eslint-plugin-react
    • gh-pages
    • husky
    • identity-obj-proxy
    • jest
    • jest-environment-jsdom
    • memlab
    • netlify-cli
    • netlify-lambda
    • nyc
    • prettier
    • react-test-renderer
    • sass-loader
    • start-server-and-test
    • stylelint
    • stylelint-config-recess-order
    • stylelint-config-recommended-scss
    • stylelint-config-standard
    • stylelint-scss
    • textlint
    • textlint-filter-rule-allowlist
    • textlint-filter-rule-comments
    • textlint-rule-aws-spellcheck
    • textlint-rule-ja-no-inappropriate-words
    • textlint-rule-no-hoso-kinshi-yogo
    • textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
    • textlint-rule-no-start-duplicated-conjunction
    • textlint-rule-preset-smarthr
    • textlint-rule-prh
    • textlint-rule-terminology
    • ts-jest
    • yaml-lint
  • Missing

    • colors

      • /github/workspace/src/styles/_hover.scss
    • @algolia/transporter

      • /github/workspace/src/components/SearchBox/index.tsx
    • @algolia/client-search

      • /github/workspace/src/components/SearchBox/index.tsx
    • qs

      • /github/workspace/scripts/benchmark.js

@coveralls
Copy link
Collaborator

Pull Request Test Coverage Report for Build 3804414178

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 82.831%

Totals Coverage Status
Change from base Build 3801571510: 0.0%
Covered Lines: 212
Relevant Lines: 245

💛 - Coveralls

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1653 dependencies for known issues, found 8 issues, 19 vulnerable paths.

Issues to fix by upgrading:

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255] in [email protected]
introduced by [email protected] > [email protected]
This issue was fixed in versions: 0.21.1
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269] in [email protected]
introduced by [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.21.3
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.2.2
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 9 other path(s)
This issue was fixed in versions: 2.2.2
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Open Redirect
Path: src/templates/index.tsx, line 131
Info: Unsanitized input from the document location flows into url, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

1 Code issues found
1 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!


Test Summary

Organization: tubone24
Project name: http://github.com/tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]


Tip

New: Share your test results in the Snyk Web UI with the option --report

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [6.6MB] (baseline) [s1] > action-on-page [8MB] (target) [s2] > revert [8MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 742--
--Retained size of leaked objects: 113.2KB--
[<synthetic>] (synthetic) @1 [8.6MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.5KB]
  --___replace (property)--->  [<closure>] (closure) @230729 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @230725 [572 bytes]
  --n (variable)--->  [u] (closure) @247099 [2.7KB]
  --context (internal)--->  [<function scope>] (object) @63565 [31.6KB]
  --i (variable)--->  [Object] (object) @248853 [31.1KB]
  --449 (element)--->  [Object] (object) @248891 [24 bytes]
  --exports (property)--->  [r] (closure) @276479 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @165431 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @63011 [1.3KB]
  --e (variable)--->  [Object] (object) @62995 [1KB]
  --1 (element)--->  [Object] (object) @44391 [76 bytes]
  --aaAutocomplete (property)--->  [h] (object) @44445 [348 bytes]
  --$node (property)--->  [U] (object) @44995 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @37429 [348 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @38901 [196 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @38877 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @38913 [196 bytes]
  --4 (element)--->  [Detached HTMLAnchorElement] (native) @38489 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38487 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38485 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38483 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38481 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38479 [1.7KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38477 [1.7KB]
  --12 (element)--->  [Detached InternalNode] (native) @302409984 [120 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @91131168 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @269822112 [56 bytes]

--Similar leaks in this run: 121--
--Retained size of leaked objects: 28.6KB--
[<synthetic>] (synthetic) @1 [8.6MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.5KB]
  --___replace (property)--->  [<closure>] (closure) @230729 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @230725 [572 bytes]
  --A (variable)--->  [qn] (closure) @246961 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @41989 [16.3KB]
  --Kn (variable)--->  [y] (object) @406689 [368 bytes]
  --props (property)--->  [Object] (object) @447233 [28 bytes]
  --children (property)--->  [Object] (object) @449527 [316 bytes]
  --props (property)--->  [Object] (object) @466909 [56 bytes]
  --children (property)--->  [Object] (object) @449981 [1.2KB]
  --__ (property)--->  [Object] (object) @468163 [1.1KB]
  --__ (property)--->  [Object] (object) @468167 [940 bytes]
  --__ (property)--->  [Object] (object) @449783 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @312467 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @312463 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @312459 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @312003 [8.5KB]
  --6 (element)--->  [Detached HTMLElement] (native) @312031 [15KB]
  --3 (element)--->  [Detached HTMLDivElement] (native) @312023 [13.4KB]
  --4 (element)--->  [Detached Text] (native) @90382144 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @90381664 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @90387584 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @90381344 [1.2KB]
  --4 (element)--->  [Detached Text] (native) @90387744 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @90387104 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @90386784 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @90385504 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @90384224 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @90383424 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @90383264 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @90392064 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @90391904 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @90391744 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @90390624 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @90391264 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @90390784 [96 bytes]
  --2 (element)--->  [Detached HTMLDivElement] (native) @90390304 [2.4KB]
  --4 (element)--->  [Detached Text] (native) @90392544 [96 bytes]
  --2 (element)--->  [Detached HTMLBRElement] (native) @90397824 [168 bytes]
  --2 (element)--->  [Detached Text] (native) @90397664 [96 bytes]
  --2 (element)--->  [Detached HTMLElement] (native) @90397344 [1.1KB]
  --1 (element)--->  [Detached HTMLEmbedElement] (native) @90397184 [984 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @48865248 [584 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @48876448 [528 bytes]
  --6 (element)--->  [Detached HTMLSlotElement] (native) @302285920 [200 bytes]

--Similar leaks in this run: 6--
--Retained size of leaked objects: 432 bytes--
[<synthetic>] (synthetic) @1 [8.6MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.5KB]
  --__twttrll (property)--->  [Array] (object) @208597 [184 bytes]
  --push (property)--->  [e] (closure) @246313 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @208581 [248 bytes]
  --n (variable)--->  [Object] (object) @246305 [13KB]
  --101 (element)--->  [Object] (object) @79255 [24 bytes]
  --exports (property)--->  [o] (closure) @79257 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @209519 [6.2KB]
  --g (variable)--->  [Detached Text] (native) @39479 [396 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @270404896 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @302708576 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @302708416 [272 bytes]
  --1 (element)--->  [Detached MutationObserverRegistration] (native) @302703776 [272 bytes]
  --1 (element)--->  [Detached MutationObserver] (native) @302708736 [192 bytes]
  --1 (element)--->  [Detached MutationObserver::Delegate] (native) @302707936 [80 bytes]
  --1 (element)--->  [Detached V8MutationCallback] (native) @302707776 [40 bytes]

@tubone24 tubone24 requested a review from coveralls December 30, 2022 02:49
@tubone24 tubone24 self-assigned this Dec 30, 2022
@tubone24 tubone24 merged commit fca794a into master Dec 30, 2022
@tubone24 tubone24 deleted the devcontainer branch December 30, 2022 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants