ilkeraltin / react-ssr-news Goto Github PK
View Code? Open in Web Editor NEWServer Side Rendering for React demo project
License: MIT License
Server Side Rendering for React demo project
License: MIT License
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/set-value/package.json
Dependency Hierarchy:
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/union-value/node_modules/set-value/package.json
Dependency Hierarchy:
Found in HEAD commit: c06f0cefeedad4a52c49495f91daf3ef66e26688
A vulnerability was found in set-value before 2.0.1 and from 3.0.0 before 3.0.1 previously reported as WS-2019-0176
Publish Date: 2019-07-24
URL: CVE-2019-10747
Type: Upgrade version
Origin: jonschlinkert/set-value@95e9d99
Release Date: 2019-07-24
Fix Resolution: 2.0.1,3.0.1
Step up your Open Source Security Game with WhiteSource here
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /react-ssr-news/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 2dfb4c39d6c0d6e6212814d5240e527fafbb039f
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 9b3f7af2d645856f1d2cda2ee450833b2fcb5cbe
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-26
URL: WS-2019-0032
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-26
Fix Resolution: 3.13.0
Step up your Open Source Security Game with WhiteSource here
Describe the bug
Text getting cut off might possibly due to card body height.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Desktop (please complete the following information):
I have a memory leak when running your code by the comand 'npm run dev'
Steps to reproduce:
I realize this is just an example project, but as anyone who might be using it as a boilerplate... might there be a more efficient way of using createStore()
to consolidate it to one file?
I wanted to enable redux devtools, and spent a lot of time editing the server-side version of createStore()
, wondering why it wasn't working in the browser extension... later to find out there's a separate server and client usage of it.
For what it's worth... This has been the boilerplate for my project and it's been working great so far, so definitely kudos for that.
Lastly, if you've seen a good SSR React app boilerplate that you'd recommend for future projects, please feel free to offer some ideas on that.
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.18.0.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /react-ssr-news/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 9b3f7af2d645856f1d2cda2ee450833b2fcb5cbe
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Publish Date: 2019-05-07
URL: CVE-2019-10742
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Hi, download your exaple, and now try to adapt project to SSR
But have a some problem
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/mixin-deep/package.json
Dependency Hierarchy:
Found in HEAD commit: 2bef235713e5aed4b5291319f03263da7c686662
mixin-deep before 1.3.2 is vulnerable to Prototype Pollution.
Publish Date: 2019-07-11
URL: CVE-2019-10746
Type: Upgrade version
Origin: jonschlinkert/mixin-deep@8f464c8
Release Date: 2019-07-11
Fix Resolution: 1.3.2
Step up your Open Source Security Game with WhiteSource here
Is your feature request related to a problem? Please describe. ✅
I'm frustrated that I've tried to implement it through Firebase but for that, Firebase is a serverless, where it cannot access the application through functions.
Describe the solution you'd like ✅
It will be great if we could deploy it on Firebase hosting and make the SSR stuff through Functions.
Describe alternatives you've considered ✅
It will be better than the solution imposed by Next.js examples, as an alternative solutions I've considered at the moment.
Additional context
Here's a link to that repo examples:
https://github.com/vercel/next.js/tree/canary/examples/with-firebase-hosting
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz
Path to dependency file: /react-ssr-news/package.json
Path to vulnerable library: /tmp/git/react-ssr-news/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 9b3f7af2d645856f1d2cda2ee450833b2fcb5cbe
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-30
URL: WS-2019-0063
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-30
Fix Resolution: 3.13.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.