tarnish
tarnish copied to clipboard
mandatoryprogrammer
A Chrome extension static analysis tool to help aide in security reviews.
This PR adds code to parse MV3 intricacies in manifest.json files. It's a rough edit and needs more work. The permissions.json file was updated with more permissions like identity and...
It seems that tarnish downloads plugins from the webstore directly, but can it be used for an unpublished extension from a filesystem without any hard code tweaking? It can be...
Bumps [json5](https://github.com/json5/json5) to 2.2.3 and updates ancestor dependency [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core). These dependencies need to be updated together. Updates `json5` from 0.5.1 to 2.2.3 Release notes Sourced from json5's releases. v2.2.3 Fix:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [certifi](https://github.com/certifi/python-certifi) from 2018.4.16 to 2022.12.7. Commits 9e9e840 2022.12.07 b81bdb2 2022.09.24 939a28f 2022.09.14 aca828a 2022.06.15.2 de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ... b8eb5e9 2022.06.15.1...
Bumps [certifi](https://github.com/certifi/python-certifi) from 2018.4.16 to 2022.12.7. Commits 9e9e840 2022.12.07 b81bdb2 2022.09.24 939a28f 2022.09.14 aca828a 2022.06.15.2 de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ... b8eb5e9 2022.06.15.1...
Bumps [certifi](https://github.com/certifi/python-certifi) from 2018.4.16 to 2022.12.7. Commits 9e9e840 2022.12.07 b81bdb2 2022.09.24 939a28f 2022.09.14 aca828a 2022.06.15.2 de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ... b8eb5e9 2022.06.15.1...
Bumps [qs](https://github.com/ljharb/qs), [qs](https://github.com/ljharb/qs), [qs](https://github.com/ljharb/qs), [qs](https://github.com/ljharb/qs) and [body-parser](https://github.com/expressjs/body-parser). These dependencies needed to be updated together. Updates `qs` from 6.4.0 to 6.5.3 Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__...
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...
Bumps [engine.io](https://github.com/socketio/engine.io) to 6.2.1 and updates ancestor dependency [karma](https://github.com/karma-runner/karma). These dependencies need to be updated together. Updates `engine.io` from 3.1.4 to 6.2.1 Release notes Sourced from engine.io's releases. 6.2.1 :warning:...
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) to 4.2.1 and updates ancestor dependency [karma](https://github.com/karma-runner/karma). These dependencies need to be updated together. Updates `socket.io-parser` from 3.1.2 to 4.2.1 Release notes Sourced from socket.io-parser's releases. 4.2.1 Bug...
Metadata
Owner
Metadata
A Chrome extension static analysis tool to help aide in security reviews.