Dice
Dice copied to clipboard
bihell
一个前端后端分离的个人内容管理(CMS)系统。包含权限、博客、导航等模块。采用Nuxt、Vue2/3和SpringBoot3框架开发。
Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) Commits See full diff in compare...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.76 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布,BUG修复 这又是一个bug...
Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 6.0.0 to 6.0.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.18 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...
1、Any file upload vulnerability in the following code can cause RCE  2、Follow up the code、Files are directly uploaded to the server without filtering 
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.3.2. Changelog Sourced from nanoid's changelog. 3.3.2 Fixed enhanced-resolve support. 3.3.1 Reduced package size. 3.3 Added size argument to function from customAlphabet (by Stefan Sundin)....
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.6 to 2.6.7. Release notes Sourced from node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th...
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.26.0 to 1.27.0. Release notes Sourced from prismjs's releases. v1.27.0 Release 1.27.0 Changelog Sourced from prismjs's changelog. 1.27.0 (2022-02-17) New components UO Razor Script (#3309) 3f8cc5a0 Updated...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.6 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...