osweekends / agenda Goto Github PK
View Code? Open in Web Editor NEW🎉 Agenda del evento 🎊
Home Page: https://agenda.osweekends.com/
License: GNU General Public License v3.0
🎉 Agenda del evento 🎊
Home Page: https://agenda.osweekends.com/
License: GNU General Public License v3.0
Allow support for more than one track. At the moment it only shows 1 track.
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 9422a373579f33d6596599252232dd75006ea929
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-23
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
Cuando hay URLs muy largas o palabras muy largas, no se baja a la siguiente linea y hace scroll vertical.
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/extract-zip/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/cypress/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/agenda/node_modules/sockjs/examples/multiplex/index.html
Path to vulnerable library: /agenda/node_modules/sockjs/examples/multiplex/index.html,/agenda/node_modules/vm-browserify/example/run/index.html,/agenda/node_modules/sockjs/examples/echo/index.html,/agenda/node_modules/sockjs/examples/hapi/html/index.html,/agenda/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 47e65511c6989f4018b7f66aecff388f4ac6b002
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Titulo: Solution+Software Engineering: Trucos para usar nuestro arte en soluciones viables
Descripción: La teoría nos dice que desarrollo de software es una ingeniería. La práctica nos revela que hay mucho de nuestra industria que es muy dificil poner en papel. Como por ejemplo: ¿Como sabes que la solución que estamos implementando es la correcta? Esta charla se enfoca en la labor creativa antes de la solución y como construir un solución efectiva y flexible a los problemas que queremos arreglar para nosotros, otros o el mundo.
Nivel Técnico: Principiante
Autor: Andrés Vidal, Arquitecto de Software en Bnext
Timing: 45
Redes: https://www.linkedin.com/in/andrespvidal/
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/test-exclude/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 58eab17c9d706cc22b2b4ed406cc5732428b394c
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/agenda/node_modules/sockjs/examples/multiplex/index.html
Path to vulnerable library: /agenda/node_modules/sockjs/examples/multiplex/index.html,/agenda/node_modules/vm-browserify/example/run/index.html,/agenda/node_modules/sockjs/examples/echo/index.html,/agenda/node_modules/sockjs/examples/hapi/html/index.html,/agenda/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 47e65511c6989f4018b7f66aecff388f4ac6b002
JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.
Publish Date: 2016-11-27
URL: WS-2016-0090
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-04-08
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Publish Date: 2020-06-04
URL: CVE-2020-13822
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/copy-webpack-plugin/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: 9408bf2726a748bec6913eb953e97d8569f118e3
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1
Step up your Open Source Security Game with WhiteSource here
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
path: /tmp/git/osw-schedule/node_modules/jest-runtime/node_modules/braces/package.json
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Dependency Hierarchy:
Found in HEAD commit: 252eaf2918ad0846a3281db12f5be88edacdc0e4
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-02-21
URL: WS-2019-0019
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Add support for multiple timezones, based on the user location
Buscar la forma de mostrar una row
para los patrocinadores (en caso de que los haya) , por ejemplo, en el segundo bloque.
Otra opción es ponerlos al final de la página.
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/copy-webpack-plugin/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: bb81493e83bc2fee5b8c0f341173f048ff8df6dd
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-01
Fix Resolution: serialize-javascript - 3.1.0
Step up your Open Source Security Game with WhiteSource here
Add correct font (OpenSans)
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/agenda/node_modules/sockjs/examples/multiplex/index.html
Path to vulnerable library: /agenda/node_modules/sockjs/examples/multiplex/index.html,/agenda/node_modules/vm-browserify/example/run/index.html,/agenda/node_modules/sockjs/examples/echo/index.html,/agenda/node_modules/sockjs/examples/hapi/html/index.html,/agenda/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 47e65511c6989f4018b7f66aecff388f4ac6b002
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/agenda/node_modules/sockjs/examples/hapi/html/index.html
Path to vulnerable library: /agenda/node_modules/sockjs/examples/hapi/html/index.html,/agenda/node_modules/sockjs/examples/echo/index.html,/agenda/node_modules/sockjs/examples/multiplex/index.html,/agenda/node_modules/sockjs/examples/express-3.x/index.html
Dependency Hierarchy:
Found in HEAD commit: 58eab17c9d706cc22b2b4ed406cc5732428b394c
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Publish Date: 2019-10-23
URL: CVE-2015-9521
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-10-23
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
Create some cool effect if the twitch user osweekends
is live and add some link to the streaming
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in HEAD commit: 9422a373579f33d6596599252232dd75006ea929
All versions of package node-forge are vulnerable to Prototype Pollution via the util.setPath function.
Publish Date: 2020-07-21
URL: CVE-2020-7720
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Subir diseño para la nueva versión de la agenda
¿Qué opinas de agregarle a la agenda un modo noche? 👥👀
Si el evento es físico: mostrar mapa
Si el evento es virtual: mostrar url
tiny util for getting and setting deep object props safely
Library home page: https://registry.npmjs.org/property-expr/-/property-expr-1.5.1.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/property-expr/package.json
Dependency Hierarchy:
Found in HEAD commit: 9422a373579f33d6596599252232dd75006ea929
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
Publish Date: 2020-08-18
URL: CVE-2020-7707
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7707
Release Date: 2020-07-21
Fix Resolution: property-expr - 2.0.3
Step up your Open Source Security Game with WhiteSource here
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Path to dependency file: agenda/package.json
Path to vulnerable library: agenda/node_modules/jest/node_modules/braces/package.json
Dependency Hierarchy:
Found in HEAD commit: 57b4226d6db4bc20525b3e0704aee61cc8861e18
Braces before 1.4.2 and 2.17.2 is vulnerable to ReDoS. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.
Publish Date: 2020-07-21
URL: CVE-2018-1109
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1547272
Release Date: 2020-07-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/ajv/package.json
Dependency Hierarchy:
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz
Path to dependency file: /tmp/ws-scm/agenda/package.json
Path to vulnerable library: /tmp/ws-scm/agenda/node_modules/@vue/cli-plugin-eslint/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 9422a373579f33d6596599252232dd75006ea929
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.