fryuni / inox-tools Goto Github PK
View Code? Open in Web Editor NEWOxygen-free tools for Astronauts.
Home Page: https://inox-tools.vercel.app
License: MIT License
Oxygen-free tools for Astronauts.
Home Page: https://inox-tools.vercel.app
License: MIT License
From Discord conversation
PatrickJ — Today at 10:46 AM
I'm a bit new to authoring content in markdown. I wonder how you guys ensure that redirects are made when changing slugs or folders of the content? Typically CMS can handle making those redirects but it seems a bit painful and manual with markdown. Are out there any tools that make that easier? I don't believe Astro has anything built in for it, right? I was thinking about Github action that gives heads up about changed urls?
Fryuni (Luiz Ferraz) — Today at 10:56 AM
You can get the history of renames from your git history and generate the redirects configuration
Interesting idea to publish as an integration or at least as a Starlight plugin...
git diff --stat=200 --diff-filter=R <COMMIT> src/content/<collectionName>
Will give you an output like this:src/content/docs/ar/{core-concepts => basics}/astro-components.mdx src/content/docs/de/{core-concepts => basics}/astro-components.mdx src/content/docs/de/{core-concepts => basics}/astro-pages.mdx src/content/docs/de/{core-concepts => basics}/astro-syntax.mdx src/content/docs/de/{core-concepts => basics}/layouts.mdx
You can then parse that into and either make individual redirects or extract patterns to make a dynamic redirect
Page: https://inox-tools.vercel.app/sitemap-ext
Docs in source:
Line 53: sitemap(true); // opt-out
I think for opt-out we should use sitemap(false);
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Found in HEAD commit: a9cb8defe37b46081c9a24790b7aadd85305d356
CVE | Severity | CVSS | Dependency | Type | Fixed in (@inox-tools/inline-mod version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2024-23331 | High | 7.5 | vite-3.2.7.tgz | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Library home page: https://registry.npmjs.org/vite/-/vite-3.2.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: a9cb8defe37b46081c9a24790b7aadd85305d356
Found in base branch: main
Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny
can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since picomatch
defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from config.server.fs.deny
fails to block access to sensitive files. This issue has been addressed in [email protected], [email protected], [email protected], and [email protected]. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.
Publish Date: 2024-01-19
URL: CVE-2024-23331
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-c24v-8rfc-w8vw
Release Date: 2024-01-19
Fix Resolution: vite - 2.9.17,3.2.8,4.5.2,5.0.12
Step up your Open Source Security Game with Mend here
Circular array references are getting wrapped into a non-cyclical array before being exposed to other data entries.
Circular object references currently hang forever during inspection.
Barrel files in Astro cause the styles and scripts from all the re-exported components to be included in any page that uses any one of them.
// src/components/index.ts
export Foo from './Foo.astro';
export Bar from './Bar.astro';
Then on a page:
// src/pages/index.astro
---
import {Foo} from '../components';
---
<Foo/>
That index page will include the styles and client-side scripts from the Bar
component.
While this is not fixed in Astro core, it could be provided as a virtual import that dynamically (and lazily) expands into the powerset of possible imports.
For the example above:
import {Foo} from '~anyComponent';
would resolve to a module containing:
export Foo from '/src/components/Foo.astro';
import {Bar} from '~anyComponent';
would resolve to a module containing:
export Bar from '/src/components/Bar.astro';
import {Foo, Bar} from '~anyComponent';
would resolve to a module containing:
export Bar from '/src/components/Bar.astro';
export Foo from '/src/components/Bar.astro';
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Found in HEAD commit: 553f61239a69b8deddec7676598b8f92996d1a78
CVE | Severity | CVSS | Dependency | Type | Fixed in (inline-mod version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2024-23331 | High | 7.5 | vite-3.2.7.tgz | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Library home page: https://registry.npmjs.org/vite/-/vite-3.2.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 553f61239a69b8deddec7676598b8f92996d1a78
Found in base branch: main
Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny
can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since picomatch
defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from config.server.fs.deny
fails to block access to sensitive files. This issue has been addressed in [email protected], [email protected], [email protected], and [email protected]. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.
Publish Date: 2024-01-19
URL: CVE-2024-23331
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-c24v-8rfc-w8vw
Release Date: 2024-01-19
Fix Resolution: vite - 2.9.17,3.2.8,4.5.2,5.0.12
Step up your Open Source Security Game with Mend here
Imports to CJS dependencies are serialized as import to their full import path instead of the minimal lib name.
Currently all root entries in the serialized virtual module are immutable, even if they were mutable on the original code.
Example:
let count = 0;
inlineMod({
constExport: {
increment() { count++; },
decrement() { count++; },
},
});
In this case the count
won't change across invocations because it is included immutably into the virtual module.
The workaround for this is to have the mutable property inside of an object. This works:
const state = { count: 0 };
inlineMod({
constExport: {
increment() { state.count++; },
decrement() { state.count++; },
},
});
Maybe the first case could work out-of-the-box.
Add hints for the inspector to know which file a value comes from and inspect the code to enable simpler definitions
Currently a non-capturing arrow function serializes to this:
function __f0() {
return (function() {
return () => "read value";
}).apply(undefined, undefined).apply(this, arguments);
}
While it could be this:
const __f0 = () => "read value";
Arrow functions do not receive the this
parameter from the apply call, so the double apply
can be ellided. Since it is not capturing, the double function to re-create its captured scope at runtime is also unnecessary and can be removed.
// Use the getStaticPaths and prerender those paths, but also deploy the renderer
// to handle any other matching route.
// For example: `/blog/[slug].astro` could prerender all the existing posts
// but also handle dynamically any unknown slug to redirect to the closest match
// or show a custom 404 page just for the /blog/ subpath
export const prerender = 'partial';
// Prerenders the page but bundles the HTML into the SSR renderer, so it is served by the on-demand
// renderer and goes through the middleware.
export const prerender = 'bundled';
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.