spotify-stats
spotify-stats copied to clipboard
wobsoriano
🎧 Your spotify profile's top artists and tracks with charts and playlist creator.
Bumps [terser](https://github.com/terser/terser) from 4.6.3 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [moment](https://github.com/moment/moment) from 2.24.0 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...
Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.0.7 to 1.1.1. Changelog Sourced from eventsource's changelog. 1.1.1 Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal) 1.1.0 Improve performance...
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...
检测到 wobsoriano/spotify-stats 一共引入了1125个开源组件,存在33个漏洞 ``` 漏洞标题:serialize-javascript 代码问题漏洞 缺陷组件:[email protected] 漏洞编号:CVE-2020-7660 漏洞描述:Verizon serialize-javascript是美国威瑞森电信(Verizon)公司的一款支持将JavaScript序列化为 JSON超集的软件包。 serialize-javascript 3.1.0之前版本中存在代码问题漏洞。远程攻击者可借助index.js文件中的‘deleteFunctions’函数利用该漏洞注入任意代码。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2020-53801 影响范围:(∞, 3.1.0) 最小修复版本:3.1.0 缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected] [email protected]>[email protected]>[email protected]>[email protected]>[email protected] ``` 另外还有33个漏洞,详细报告:https://mofeisec.com/jr?p=i2ab58
![dependasec[bot] avatar](https://avatars.githubusercontent.com/in/180093?v=4 "dependasec[bot] avatar"){kind=avatar}
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.10.0 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.11.0 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords...
Bumps [minimist](https://github.com/minimistjs/minimist), [mkdirp](https://github.com/isaacs/node-mkdirp) and [loader-fs-cache](https://github.com/viankakrisna/loader-fs-cache). These dependencies needed to be updated together. Updates `minimist` from 1.2.0 to 1.2.8 Changelog Sourced from minimist's changelog. v1.2.8 - 2023-02-09 Merged [Fix] Fix long...
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. Release notes Sourced from json5's releases. v1.0.2 Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a...
Metadata
Owner
Metadata
🎧 Your spotify profile's top artists and tracks with charts and playlist creator.