Coder Social home page Coder Social logo

scriptex / vik-varna-alerts Goto Github PK

View Code? Open in Web Editor NEW
2.0 2.0 0.0 376 KB

Email and web notifications for planned repairs from ViK-Varna

Home Page: https://vik-varna-alerts.atanas.info/

License: MIT License

TypeScript 86.82% JavaScript 13.18%
cron email-alert web-alert

vik-varna-alerts's Introduction

ViK Varna Alerts

Github Build Send email

Codacy Badge Codebeat Badge CodeFactor Badge DeepScan grade Analytics

Email and web notifications for planned repairs from ViK-Varna

About

ViK Varna (ВиК-Варна) is the local water supplier for Varna region in Bulgaria. They post notifications about planned repairs on their website but it is not possible to subscribe to those notifications and receive them immediately - instead one should check their website frequently.

The code in this repository serves as a middleware between the website and the user - it sends hourly notifications on email which contain the latest news related to planned repairs and outages.

The way the code is structured allows for integration with any other website which has a dedicated page for this purpose.

Usage

In order to use this repository, one must clone it and adjust the repository secrets found under settings/secrets/actions in the repository and add their own configuration:

# The email address of the recipient of the notifications
EMAIL_TO="[email protected]"

# The email address of the sender of the notifications
EMAIL_FROM="[email protected]"

# The web address (URL) of the page that contains the notifications
ALERTS_PAGE="https://website.notifications/deep/link/"

# The subject in the email
EMAIL_SUBJECT="Planned outages and repairs"

# The CSS selector for the HTML element which contains the notifications
DATE_SELECTOR='.item-date-selector'

# The CSS selector for the HTML element which contains the notifications
ALERTS_SELECTOR=".alerts-selector"

# A CSS class name for a single notification element
CHILD_CLASSNAME='alert-item'

# API key for Brevo (formerly known as Sendinblue)
SENDINBLUE_API_KEY="abc-123"

Available ways to use the code in this repository

The code is deployed via Vercel and is running as serverless lambda functions which can be accessed here:

When forked and correctly set up, this repository creates a CRON job which sends an email at 0 (zero) o'clock each hour between 5:00 and 14:00 UTC.

One can adjust this by modifying the parameters in the action configuration

Visitor stats

GitHub stars GitHub forks GitHub watchers GitHub followers

Code stats

GitHub code size in bytes GitHub repo size GitHub language count GitHub top language GitHub last commit

LICENSE

MIT

Connect with me:

                     
Support and sponsor my work:

vik-varna-alerts's People

Contributors

dependabot[bot] avatar renovate[bot] avatar scriptex avatar

Stargazers

avatar avatar

Watchers

avatar avatar

vik-varna-alerts's Issues

CVE-2023-26136 (Critical) detected in tough-cookie-2.5.0.tgz

CVE-2023-26136 - Critical Severity Vulnerability

Vulnerable Library - tough-cookie-2.5.0.tgz

RFC6265 Cookies and Cookie Jar for node.js

Library home page: https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/tough-cookie/package.json

Dependency Hierarchy:

  • client-3.3.1.tgz (Root Library)
    • request-2.88.2.tgz
      • tough-cookie-2.5.0.tgz (Vulnerable Library)

Found in HEAD commit: a3325d7430b3d4509b5787fec50b7daee5f6de54

Found in base branch: main

Vulnerability Details

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Publish Date: 2023-07-01

URL: CVE-2023-26136

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-26136

Release Date: 2023-07-01

Fix Resolution: tough-cookie - 4.1.3

Step up your Open Source Security Game with Mend here

CVE-2023-28155 (Medium) detected in request-2.88.2.tgz

CVE-2023-28155 - Medium Severity Vulnerability

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

  • client-3.3.1.tgz (Root Library)
    • request-2.88.2.tgz (Vulnerable Library)

Found in HEAD commit: a3325d7430b3d4509b5787fec50b7daee5f6de54

Found in base branch: main

Vulnerability Details

** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2023-03-16

URL: CVE-2023-28155

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.