Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

csp #1189

Merged
merged 3 commits into from
Dec 31, 2022
Merged

csp #1189

merged 3 commits into from
Dec 31, 2022

Conversation

tubone24
Copy link
Owner

No description provided.

@github-actions github-actions bot added the src label Dec 31, 2022
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1653 dependencies for known issues, found 8 issues, 19 vulnerable paths.

Issues to fix by upgrading:

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255] in [email protected]
introduced by [email protected] > [email protected]
This issue was fixed in versions: 0.21.1
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269] in [email protected]
introduced by [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.21.3
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.2.2
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 9 other path(s)
This issue was fixed in versions: 2.2.2
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Open Redirect
Path: src/templates/index.tsx, line 131
Info: Unsanitized input from the document location flows into url, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

1 Code issues found
1 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: http://github.com/tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [6.9MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [8.3MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 749--
--Retained size of leaked objects: 113.2KB--
[<synthetic>] (synthetic) @1 [8.9MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.6KB]
  --___navigate (property)--->  [<closure>] (closure) @111169 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @111157 [572 bytes]
  --n (variable)--->  [u] (closure) @115987 [2.7KB]
  --context (internal)--->  [<function scope>] (object) @111229 [31.8KB]
  --i (variable)--->  [Object] (object) @115985 [31.2KB]
  --449 (element)--->  [Object] (object) @134911 [24 bytes]
  --exports (property)--->  [r] (closure) @211545 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @211613 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @164895 [1.3KB]
  --e (variable)--->  [Object] (object) @164875 [1KB]
  --2 (element)--->  [Object] (object) @339975 [76 bytes]
  --aaAutocomplete (property)--->  [h] (object) @339979 [348 bytes]
  --$node (property)--->  [U] (object) @343411 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @332095 [348 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @332447 [7.8KB]
  --6 (element)--->  [Detached HTMLDivElement] (native) @332163 [196 bytes]
  --3 (element)--->  [Detached HTMLHRElement] (native) @332157 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @332155 [608 bytes]
  --3 (element)--->  [Detached HTMLParagraphElement] (native) @332151 [640 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @332139 [3.3KB]
  --12 (element)--->  [Detached InternalNode] (native) @311492160 [120 bytes]
  --1 (element)--->  [Detached ElementIntersectionObserverData] (native) @274126560 [64 bytes]

--Similar leaks in this run: 116--
--Retained size of leaked objects: 28.6KB--
[<synthetic>] (synthetic) @1 [8.9MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.6KB]
  --___navigate (property)--->  [<closure>] (closure) @111169 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @111157 [572 bytes]
  --A (variable)--->  [qn] (closure) @116453 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @116043 [16.3KB]
  --Kn (variable)--->  [y] (object) @439923 [368 bytes]
  --props (property)--->  [Object] (object) @445663 [28 bytes]
  --children (property)--->  [Object] (object) @445385 [316 bytes]
  --props (property)--->  [Object] (object) @445651 [56 bytes]
  --children (property)--->  [Object] (object) @442999 [1.2KB]
  --__ (property)--->  [Object] (object) @443015 [1.1KB]
  --__ (property)--->  [Object] (object) @443033 [940 bytes]
  --__ (property)--->  [Object] (object) @443047 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @332451 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @332445 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @332443 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @332137 [8.5KB]
  --3 (element)--->  [Detached HTMLAnchorElement] (native) @332133 [1.3KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @332127 [1.3KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @332121 [1.3KB]
  --12 (element)--->  [Detached InternalNode] (native) @312106272 [56 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @274122720 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @93202752 [56 bytes]

--Similar leaks in this run: 7--
--Retained size of leaked objects: 928 bytes--
[<synthetic>] (synthetic) @1 [8.9MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [73.6KB]
  --__twttrll (property)--->  [Array] (object) @80787 [184 bytes]
  --push (property)--->  [e] (closure) @130603 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @80771 [248 bytes]
  --n (variable)--->  [Object] (object) @130153 [13KB]
  --101 (element)--->  [Object] (object) @131117 [24 bytes]
  --exports (property)--->  [o] (closure) @130465 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @81807 [6.2KB]
  --g (variable)--->  [Detached Text] (native) @40141 [396 bytes]
  --3 (element)--->  [Detached InternalNode] (native) @64618496 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @311581024 [272 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @311576224 [272 bytes]
  --1 (element)--->  [Detached MutationObserverRegistration] (native) @311581184 [272 bytes]
  --1 (element)--->  [Detached MutationObserver] (native) @94215840 [192 bytes]
  --1 (element)--->  [Detached MutationObserver::Delegate] (native) @94216000 [80 bytes]
  --1 (element)--->  [Detached V8MutationCallback] (native) @311580544 [40 bytes]

@github-actions
Copy link
Contributor

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/63b055dc8de82e34143d9f9e
Website Draft URL: https://63b055dc8de82e34143d9f9e--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@github-actions
Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/63b0561b8de82e34143da01c
Website Draft URL: https://63b0561b8de82e34143da01c--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@coveralls
Copy link
Collaborator

coveralls commented Dec 31, 2022
edited
Loading

Pull Request Test Coverage Report for Build 3813013639

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 82.831%
Totals Coverage Status
Change from base Build 3812452956: 0.0%
Covered Lines: 212
Relevant Lines: 245
💛 - Coveralls

@github-actions
Copy link
Contributor

Lighthouse Score

Desktop

performance: 86
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 54
accessibility: 100
best-practices: 92
seo: 93
pwa: 100

@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1653 dependencies for known issues, found 8 issues, 19 vulnerable paths.

Issues to fix by upgrading:

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255] in [email protected]
introduced by [email protected] > [email protected]
This issue was fixed in versions: 0.21.1
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269] in [email protected]
introduced by [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.21.3
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.2.2
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 9 other path(s)
This issue was fixed in versions: 2.2.2
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Open Redirect
Path: src/templates/index.tsx, line 131
Info: Unsanitized input from the document location flows into url, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

1 Code issues found
1 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: http://github.com/tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

@github-actions
Copy link
Contributor

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/63b06acf07bec94439d34d65
Website Draft URL: https://63b06acf07bec94439d34d65--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [6.5MB] (baseline) [s1] > action-on-page [7.9MB] (target) [s2] > revert [7.9MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 589--
--Retained size of leaked objects: 105.4KB--
[<synthetic>] (synthetic) @1 [8.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [58.6KB]
  --___push (property)--->  [<closure>] (closure) @208579 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @179701 [572 bytes]
  --n (variable)--->  [u] (closure) @179741 [2.7KB]
  --context (internal)--->  [<function scope>] (object) @131813 [31.9KB]
  --i (variable)--->  [Object] (object) @179809 [31.3KB]
  --449 (element)--->  [Object] (object) @196829 [24 bytes]
  --exports (property)--->  [r] (closure) @196831 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @152685 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @131243 [1.3KB]
  --e (variable)--->  [Object] (object) @131223 [1KB]
  --1 (element)--->  [Object] (object) @131225 [76 bytes]
  --aaAutocomplete (property)--->  [h] (object) @269401 [348 bytes]
  --$node (property)--->  [U] (object) @266563 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @37437 [348 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @38927 [196 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @38903 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @38939 [196 bytes]
  --3 (element)--->  [Detached HTMLAnchorElement] (native) @38483 [1.3KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @38485 [1.7KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @38487 [1.7KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @38489 [1.7KB]
  --11 (element)--->  [Detached HTMLAnchorElement] (native) @38491 [1.7KB]
  --8 (element)--->  [Detached Text] (native) @38597 [156 bytes]
  --5 (element)--->  [Detached InternalNode] (native) @266325856 [32 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @266636256 [32 bytes]
  --1 (element)--->  [Detached NodeList] (native) @266636096 [32 bytes]

--Similar leaks in this run: 122--
--Retained size of leaked objects: 28.6KB--
[<synthetic>] (synthetic) @1 [8.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [58.6KB]
  --___push (property)--->  [<closure>] (closure) @208579 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @179701 [572 bytes]
  --A (variable)--->  [qn] (closure) @179795 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @132633 [16.3KB]
  --Kn (variable)--->  [y] (object) @410857 [368 bytes]
  --props (property)--->  [Object] (object) @422445 [28 bytes]
  --children (property)--->  [Object] (object) @459481 [316 bytes]
  --props (property)--->  [Object] (object) @459483 [56 bytes]
  --children (property)--->  [Object] (object) @415299 [1.2KB]
  --__ (property)--->  [Object] (object) @415319 [1.1KB]
  --__ (property)--->  [Object] (object) @415345 [940 bytes]
  --__ (property)--->  [Object] (object) @415375 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @312859 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @312857 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @312855 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @312891 [8.5KB]
  --3 (element)--->  [Detached HTMLAnchorElement] (native) @312889 [1.3KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @312883 [1.3KB]
  --12 (element)--->  [Detached InternalNode] (native) @92846624 [56 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @92862944 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @266195424 [56 bytes]

--Similar leaks in this run: 5--
--Retained size of leaked objects: 328 bytes--
[<synthetic>] (synthetic) @1 [8.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9827 [58.6KB]
  --__twttrll (property)--->  [Array] (object) @58609 [184 bytes]
  --push (property)--->  [e] (closure) @186859 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @58589 [248 bytes]
  --n (variable)--->  [Object] (object) @161859 [13KB]
  --162 (element)--->  [Object] (object) @187495 [1KB]
  --exports (property)--->  [<closure>] (closure) @188469 [984 bytes]
  --context (internal)--->  [<function scope>] (object) @188537 [916 bytes]
  --d (variable)--->  [Detached HTMLAnchorElement] (native) @39615 [228 bytes]
  --3 (element)--->  [Detached DOMTokenList] (native) @266894592 [56 bytes]

@github-actions
Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/63b06b40b9047842c83e6f70
Website Draft URL: https://63b06b40b9047842c83e6f70--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@github-actions
Copy link
Contributor

Lighthouse Score

Desktop

performance: 88
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 60
accessibility: 100
best-practices: 92
seo: 93
pwa: 100

@tubone24 tubone24 merged commit 6a90960 into master Dec 31, 2022
@tubone24 tubone24 deleted the csp branch December 31, 2022 17:05
@github-actions
Copy link
Contributor

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies 
- @popperjs/core
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript
- webpack
Unused devdependencies 
- @babel/core
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-eslint
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- cypress
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-hoso-kinshi-yogo
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint
Missing 
- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

@github-actions
Copy link
Contributor

Snyk vulnerability report

OSS packages

Tested 1653 dependencies for known issues, found 8 issues, 19 vulnerable paths.

Issues to fix by upgrading:

Upgrade [email protected] to [email protected] to fix
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526] in [email protected]
introduced by [email protected] > [email protected]

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in [email protected]
introduced by [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255] in [email protected]
introduced by [email protected] > [email protected]
This issue was fixed in versions: 0.21.1
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269] in [email protected]
introduced by [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.21.3
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 0.2.2
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in [email protected]
introduced by [email protected]
No upgrade or patch available
✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in [email protected]
introduced by [email protected] > [email protected] > [email protected] and 9 other path(s)
This issue was fixed in versions: 2.2.2
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in [email protected]
introduced by [email protected] > [email protected] > [email protected]
No upgrade or patch available

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Open Redirect
Path: src/templates/index.tsx, line 131
Info: Unsanitized input from the document location flows into url, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

1 Code issues found
1 [Medium]

IaC

Snyk Infrastructure as Code

  • Snyk testing Infrastructure as Code configuration issues.
    ✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: http://github.com/tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

@github-actions
Copy link
Contributor

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/63b06cd5af32d147de52f420
Website Draft URL: https://63b06cd5af32d147de52f420--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@github-actions
Copy link
Contributor

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/63b06d2c40215046b014c047
Website Draft URL: https://63b06d2c40215046b014c047--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

@github-actions
Copy link
Contributor

Memlab leaks report

page-load [6.5MB] (baseline) [s1] > action-on-page [7.8MB] (target) [s2] > revert [7.9MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 714--
--Retained size of leaked objects: 112.1KB--
[<synthetic>] (synthetic) @1 [8.5MB]
  --3 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [58.4KB]
  --___push (property)--->  [<closure>] (closure) @64685 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @226579 [572 bytes]
  --n (variable)--->  [u] (closure) @207995 [2.7KB]
  --context (internal)--->  [<function scope>] (object) @53081 [31.8KB]
  --i (variable)--->  [Object] (object) @230873 [31.2KB]
  --449 (element)--->  [Object] (object) @207785 [24 bytes]
  --exports (property)--->  [r] (closure) @207787 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @158079 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @52507 [1.3KB]
  --e (variable)--->  [Object] (object) @52487 [1KB]
  --2 (element)--->  [Object] (object) @323481 [76 bytes]
  --aaAutocomplete (property)--->  [h] (object) @355299 [348 bytes]
  --$node (property)--->  [U] (object) @359983 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @311009 [348 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @310569 [7.8KB]
  --6 (element)--->  [Detached HTMLDivElement] (native) @310535 [196 bytes]
  --4 (element)--->  [Detached HTMLHRElement] (native) @310571 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @310683 [196 bytes]
  --6 (element)--->  [Detached HTMLHRElement] (native) @310685 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @310767 [196 bytes]
  --4 (element)--->  [Detached HTMLAnchorElement] (native) @310695 [1.4KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @310705 [1.4KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @310715 [1.4KB]
  --10 (element)--->  [Detached HTMLAnchorElement] (native) @310725 [1.4KB]
  --12 (element)--->  [Detached InternalNode] (native) @267428288 [120 bytes]
  --1 (element)--->  [Detached ElementIntersectionObserverData] (native) @267736480 [64 bytes]

--Similar leaks in this run: 115--
--Retained size of leaked objects: 28.6KB--
[<synthetic>] (synthetic) @1 [8.5MB]
  --3 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [58.4KB]
  --___push (property)--->  [<closure>] (closure) @64685 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @226579 [572 bytes]
  --A (variable)--->  [qn] (closure) @213453 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @56843 [16.3KB]
  --Kn (variable)--->  [y] (object) @431049 [368 bytes]
  --props (property)--->  [Object] (object) @431039 [28 bytes]
  --children (property)--->  [Object] (object) @431041 [316 bytes]
  --props (property)--->  [Object] (object) @465621 [56 bytes]
  --children (property)--->  [Object] (object) @454261 [1.2KB]
  --__ (property)--->  [Object] (object) @454275 [1.1KB]
  --__ (property)--->  [Object] (object) @454293 [940 bytes]
  --__ (property)--->  [Object] (object) @454311 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @310897 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @310895 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @310893 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @311049 [8.5KB]
  --6 (element)--->  [Detached HTMLElement] (native) @311067 [15KB]
  --3 (element)--->  [Detached HTMLDivElement] (native) @311065 [13.4KB]
  --3 (element)--->  [Detached Text] (native) @19623424 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @19609344 [264 bytes]
  --5 (element)--->  [Detached Text] (native) @19608384 [96 bytes]
  --3 (element)--->  [Detached HTMLImageElement] (native) @19617824 [272 bytes]
  --4 (element)--->  [Detached Text] (native) @300361728 [96 bytes]
  --3 (element)--->  [Detached HTMLSpanElement] (native) @19624224 [432 bytes]
  --5 (element)--->  [Detached Text] (native) @19613024 [96 bytes]
  --3 (element)--->  [Detached HTMLParagraphElement] (native) @19612384 [624 bytes]
  --5 (element)--->  [Detached Text] (native) @19607264 [96 bytes]
  --3 (element)--->  [Detached HTMLParagraphElement] (native) @19618144 [264 bytes]
  --5 (element)--->  [Detached Text] (native) @19611904 [96 bytes]
  --3 (element)--->  [Detached HTMLParagraphElement] (native) @19627424 [264 bytes]
  --5 (element)--->  [Detached Text] (native) @19623104 [96 bytes]
  --3 (element)--->  [Detached HTMLBRElement] (native) @19606144 [168 bytes]
  --3 (element)--->  [Detached Text] (native) @6920288 [96 bytes]
  --3 (element)--->  [Detached HTMLHeadingElement] (native) @6916768 [264 bytes]
  --5 (element)--->  [Detached Text] (native) @6944448 [96 bytes]
  --3 (element)--->  [Detached HTMLHeadingElement] (native) @6943648 [264 bytes]
  --6 (element)--->  [Detached InternalNode] (native) @6944608 [56 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @92604608 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @92604448 [56 bytes]

--Similar leaks in this run: 9--
--Retained size of leaked objects: 600 bytes--
[<synthetic>] (synthetic) @1 [8.5MB]
  --3 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [58.4KB]
  --__twttrll (property)--->  [Array] (object) @64567 [184 bytes]
  --push (property)--->  [e] (closure) @236785 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @144797 [248 bytes]
  --n (variable)--->  [Object] (object) @232003 [13KB]
  --102 (element)--->  [Object] (object) @234415 [24 bytes]
  --exports (property)--->  [Object] (object) @233879 [3.5KB]
  --init (property)--->  [init] (closure) @234909 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @235385 [3.1KB]
  --r (variable)--->  [Detached HTMLFormElement] (native) @37155 [1.8KB]
  --4 (element)--->  [Detached HTMLInputElement] (native) @37125 [684 bytes]
  --8 (element)--->  [Detached InternalNode] (native) @32950080 [328 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @32949920 [328 bytes]
  --4 (element)--->  [Detached V8ObservableArrayCSSStyleSheet] (native) @299863648 [120 bytes]

@github-actions
Copy link
Contributor

Lighthouse Score

Desktop

performance: 90
accessibility: 100
best-practices: 92
seo: 92
pwa: 100

Mobile

performance: 73
accessibility: 100
best-practices: 83
seo: 93
pwa: 100

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
src
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tubone24 @coveralls