Coder Social home page Coder Social logo

appvantageasia / html2pdf-service Goto Github PK

View Code? Open in Web Editor NEW
6.0 2.0 3.0 1.76 MB

simple Restful API to print out PDF from HTML using puppeter

Home Page: https://www.appvantage.co

License: MIT License

Dockerfile 28.43% TypeScript 45.62% Shell 0.55% JavaScript 25.40%
puppeter pdf html docker typescript

html2pdf-service's People

Contributors

amille44420 avatar amraln avatar mend-bolt-for-github[bot] avatar renovate-bot avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

inviajay amraln vizmo-vms

html2pdf-service's Issues

express-4.18.2.tgz: 1 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - express-4.18.2.tgz

Fast, unopinionated, minimalist web framework

Library home page: https://registry.npmjs.org/express/-/express-4.18.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (express version) Remediation Possible**
CVE-2024-29041 Medium 6.1 express-4.18.2.tgz Direct 4.19.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-29041

Vulnerable Library - express-4.18.2.tgz

Fast, unopinionated, minimalist web framework

Library home page: https://registry.npmjs.org/express/-/express-4.18.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • express-4.18.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is res.location() but this is also called from within res.redirect(). The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

Publish Date: 2024-03-25

URL: CVE-2024-29041

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rv95-896h-c2vc

Release Date: 2024-03-25

Fix Resolution: 4.19.0

Step up your Open Source Security Game with Mend here

puppeteer-21.1.1.tgz: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - puppeteer-21.1.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (puppeteer version) Remediation Possible**
CVE-2023-42282 Critical 9.8 detected in multiple dependencies Transitive 21.2.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-42282

Vulnerable Libraries - ip-1.1.8.tgz, ip-2.0.0.tgz

ip-1.1.8.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-1.1.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • puppeteer-21.1.1.tgz (Root Library)
    • browsers-1.7.0.tgz
      • proxy-agent-6.3.0.tgz
        • pac-proxy-agent-7.0.0.tgz
          • pac-resolver-7.0.0.tgz
            • ip-1.1.8.tgz (Vulnerable Library)

ip-2.0.0.tgz

[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)

Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • puppeteer-21.1.1.tgz (Root Library)
    • browsers-1.7.0.tgz
      • proxy-agent-6.3.0.tgz
        • socks-proxy-agent-8.0.1.tgz
          • socks-2.7.1.tgz
            • ip-2.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Publish Date: 2024-02-08

URL: CVE-2023-42282

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-78xj-cgh5-2h22

Release Date: 2024-02-08

Fix Resolution (ip): 1.1.9

Direct dependency fix Resolution (puppeteer): 21.2.0

Fix Resolution (ip): 1.1.9

Direct dependency fix Resolution (puppeteer): 21.2.0

Step up your Open Source Security Game with Mend here

ARM Build

Is your feature request related to a problem? Please describe.
ARM build has been setup in repository, the last PR is #173

But from what I saw in github actions itself there is some issue about it: actions/runner-images#2552,
And there is a feature request too: actions/runner-images#5631

Describe the solution you'd like
I guess dropping the github action build ARM pipeline for now? So, that it won't break the main amd image pipeline

Describe alternatives you've considered
No other solution yet

Additional context
Keeping the dockerbuild for ARM might help locally build docker on arm based (m1).

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • chore(deps): update cimg/node docker tag to v22
  • chore(deps): update dependency @commitlint/cli to v19
  • chore(deps): update dependency @commitlint/config-conventional to v19
  • chore(deps): update dependency @typescript-eslint/eslint-plugin to v7
  • chore(deps): update dependency @typescript-eslint/parser to v7
  • chore(deps): update dependency eslint to v9
  • chore(deps): update dependency husky to v9
  • chore(deps): update dependency puppeteer to v22
  • chore(deps): update dependency semantic-release to v23
  • chore(deps): update node docker tag to v22
  • chore(deps): update yarn to v4
  • 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

circleci
.circleci/config.yml
  • cimg/node 18.17.1
dockerfile
docker/chrome/Dockerfile
  • node 18.17.1-bullseye-slim
  • node 18.17.1-bullseye-slim
docker/chromium/Dockerfile
  • node 18.17.1-bullseye-slim
  • node 18.17.1-bullseye-slim
github-actions
.github/workflows/docker-publish.yml
  • actions/checkout v3
  • actions/setup-node v3
  • actions/checkout v3
  • actions/checkout v3
  • docker/setup-qemu-action v2
npm
package.json
  • compression ^1.7.4
  • express ^4.18.2
  • husky ^8.0.3
  • lodash ^4.17.21
  • morgan ^1.10.0
  • puppeteer ^21.1.1
  • @commitlint/cli ^17.7.1
  • @commitlint/config-conventional ^17.7.0
  • @octokit/rest ^20.0.1
  • @types/express ^4.17.17
  • @types/k6 ^0.46.2
  • @types/lodash ^4.14.197
  • @types/node ^20.5.7
  • @types/puppeteer ^7.0.4
  • @typescript-eslint/eslint-plugin ^6.5.0
  • @typescript-eslint/parser ^6.5.0
  • eslint ^8.48.0
  • eslint-config-airbnb-base ^15.0.0
  • eslint-config-prettier ^9.0.0
  • eslint-import-resolver-typescript ^3.6.0
  • eslint-plugin-import ^2.28.1
  • eslint-plugin-prettier ^5.0.0
  • execa ^8.0.1
  • prettier ^3.0.3
  • semantic-release ^21.1.1
  • typescript ^5.2.2
  • node >=18.2
  • yarn 3.5.1
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.