ilkeraltin / react-ssr-news Goto Github PK

View Code? Open in Web Editor NEW

239.0 239.0 87.0 3.83 MB

Server Side Rendering for React demo project

License: MIT License

JavaScript 100.00%

express javascript nodejs react reactjs ssr

react-ssr-news's People

Contributors

Stargazers

Watchers

Forkers

chewtoys nagasivanath dougmorin ankitm27 msahin12 jsphkm kristinwang lilliamharo huydeerpets itpreneur rahulteja16 usamamian1995 abhishekbhartiind imshafikul ridoansaleh lalit022 sonu-c247 stanxii medmin nerdmj arunthampi2006 alexsera reactjs-io saonam libin1991 teuddy dasarianudeep freedom9x dcpsquare rioyi cfischer jonathangoncalves akjoshi19 mlassakoski kooldandy tridungle pravendrakumar ms314006 aileen-r yusuke-ten gtiti bob2314 hadson19 tagraha maxwellkendall ankamsarav hamsterhomka doytsujin gordonlkc dragosguta straybro grangier lebatuananh csanchez11 n3ztho prossetti niteshsinghnrs brightdu alexey-yakovlev sunvodz francisrod01 learning-zones eneko7 holic5839 oksanayevtushyna wuchengyu tirthak-tatva ftakj jav7zaid whanso kayo12th shulikov-v engevix thinkerhope headshootcheng wuhui1989 levkohimins morsmodr duidae jinjinhrb redsquirrrel mbnaj helloasir megahandayani akbarramadhannnn manishjatiwal gouravmakhija18 vinodhdeva

react-ssr-news's Issues

CVE-2019-10747 (High) detected in set-value-2.0.0.tgz, set-value-0.4.3.tgz

CVE-2019-10747 - High Severity Vulnerability

Vulnerable Libraries - set-value-2.0.0.tgz, set-value-0.4.3.tgz

set-value-2.0.0.tgz

Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.

Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/set-value/package.json

Dependency Hierarchy:

lint-staged-8.1.4.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - cache-base-1.0.1.tgz
        
        ❌ set-value-2.0.0.tgz (Vulnerable Library)

set-value-0.4.3.tgz

Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.

Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/union-value/node_modules/set-value/package.json

Dependency Hierarchy:

lint-staged-8.1.4.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - cache-base-1.0.1.tgz
        
        union-value-1.0.0.tgz
        
        ❌ set-value-0.4.3.tgz (Vulnerable Library)

Found in HEAD commit: c06f0cefeedad4a52c49495f91daf3ef66e26688

Vulnerability Details

A vulnerability was found in set-value before 2.0.1 and from 3.0.0 before 3.0.1 previously reported as WS-2019-0176

Publish Date: 2019-07-24

URL: CVE-2019-10747

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jonschlinkert/set-value@95e9d99

Release Date: 2019-07-24

Fix Resolution: 2.0.1,3.0.1

Step up your Open Source Security Game with WhiteSource here

assets

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /react-ssr-news/node_modules/lodash/package.json

Dependency Hierarchy:

❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 2dfb4c39d6c0d6e6212814d5240e527fafbb039f

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

WS-2019-0032 (Medium) detected in js-yaml-3.12.2.tgz

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/js-yaml/package.json

Dependency Hierarchy:

eslint-5.6.0.tgz (Root Library)
- ❌ js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 9b3f7af2d645856f1d2cda2ee450833b2fcb5cbe

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

Text getting cut off

Describe the bug
Text getting cut off might possibly due to card body height.

To Reproduce
Steps to reproduce the behavior:

Go to hosted website
Scroll down to cards
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots

Desktop (please complete the following information):

OS: [windows]
Browser chrome
Version [94.0.4606.81]

A memory leak

I have a memory leak when running your code by the comand 'npm run dev'
Steps to reproduce:

npm run dev
start the localhost url into the browser
couple of times tap ctrl+s
wait for 2-5 minutes and here we are((

Ssr serveri yokmu

Use 2 separate createStore()'s?

I realize this is just an example project, but as anyone who might be using it as a boilerplate... might there be a more efficient way of using createStore() to consolidate it to one file?

I wanted to enable redux devtools, and spent a lot of time editing the server-side version of createStore(), wondering why it wasn't working in the browser extension... later to find out there's a separate server and client usage of it.

For what it's worth... This has been the boilerplate for my project and it's been working great so far, so definitely kudos for that.

Lastly, if you've seen a good SSR React app boilerplate that you'd recommend for future projects, please feel free to offer some ideas on that.

CVE-2019-10742 (High) detected in axios-0.18.0.tgz

CVE-2019-10742 - High Severity Vulnerability

Vulnerable Library - axios-0.18.0.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.18.0.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /react-ssr-news/node_modules/axios/package.json

Dependency Hierarchy:

❌ axios-0.18.0.tgz (Vulnerable Library)

Found in HEAD commit: 9b3f7af2d645856f1d2cda2ee450833b2fcb5cbe

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

History, localstorage

Hi, download your exaple, and now try to adapt project to SSR
But have a some problem

How i can work with history
2)How i can work with localstorage
It's need for my project. Will be apritiate for your help

CVE-2019-10746 (High) detected in mixin-deep-1.3.1.tgz

CVE-2019-10746 - High Severity Vulnerability

Vulnerable Library - mixin-deep-1.3.1.tgz

Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.

Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz

Path to dependency file: /react-ssr-news/package.json

Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/mixin-deep/package.json

Dependency Hierarchy:

lint-staged-8.1.4.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - ❌ mixin-deep-1.3.1.tgz (Vulnerable Library)

Found in HEAD commit: 2bef235713e5aed4b5291319f03263da7c686662

Vulnerability Details

mixin-deep before 1.3.2 is vulnerable to Prototype Pollution.

Publish Date: 2019-07-11

URL: CVE-2019-10746

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jonschlinkert/mixin-deep@8f464c8

Release Date: 2019-07-11

Fix Resolution: 1.3.2

Step up your Open Source Security Game with WhiteSource here

Firebase hosting, functions, serverless integration

Is your feature request related to a problem? Please describe. ✅
I'm frustrated that I've tried to implement it through Firebase but for that, Firebase is a serverless, where it cannot access the application through functions.

Describe the solution you'd like ✅
It will be great if we could deploy it on Firebase hosting and make the SSR stuff through Functions.

Describe alternatives you've considered ✅
It will be better than the solution imposed by Next.js examples, as an alternative solutions I've considered at the moment.

Additional context
Here's a link to that repo examples:
https://github.com/vercel/next.js/tree/canary/examples/with-firebase-hosting