web-components-benchmark
web-components-benchmark copied to clipboard
vogloblinsky
Web Components benchmark for a various Web Components technologies
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...
Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR aeb3e27 1.2.5...
Bumps [minimist](https://github.com/substack/minimist) from 0.0.8 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR aeb3e27 1.2.5...
检测到 vogloblinsky/web-components-benchmark 一共引入了1081个开源组件,存在47个漏洞 ``` 漏洞标题:safer-eval 代码注入漏洞 缺陷组件:[email protected] 漏洞编号:CVE-2019-10759 漏洞描述:safer-eval是一款运行在node和浏览器中的安全评估模块。 safer-eval 1.3.4之前版本中存在代码注入漏洞。该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞生成非法的代码段,修改网络系统或组件的预期的执行控制流。 影响范围:(∞, 1.3.4) 最小修复版本:1.3.4 缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected] ``` 另外还有47个漏洞,详细报告:https://mofeisec.com/jr?p=i5cbfc
![dependasec[bot] avatar](https://avatars.githubusercontent.com/in/180093?v=4 "dependasec[bot] avatar"){kind=avatar}
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.5.9 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.7.0 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
Metadata
Owner
Metadata
Web Components benchmark for a various Web Components technologies