I was able to confirm that os.Create() will happily follow symlinks.

Although standard tools like tar will not likely allow you to add two files with the same name to an archive file, it's certainly easy enough to do in code. This means that we need to add an additional check before writing to a destination to make sure that it's not a symlink outside of the destination.

The vulnerability only exists if OverwriteExisting is also turned on.

What file is affected?

filecompressor.go: ```go // DecompressFile reads the source file and decompresses it to destination. func (fc FileCompressor) DecompressFile(source, destination string) error { if fc.Decompressor == nil { return fmt.Errorf("no decompressor specified") }

if !fc.OverwriteExisting && fileExists(destination) {
    return fmt.Errorf("file exists: %s", destination)
}

// TODO needs check here

in, err := os.Open(source)
if err != nil {
    return err
}
defer in.Close()

out, err := os.Create(destination)
if err != nil {
    return err
}
defer out.Close()

return fc.Decompress(in, out)

} ```

Possible solution

If the destination exists we should always check if it's a symlink first:

```go if fileExists(destination) { // TODO check if destination is a symlink with an outside target // should be a simple os.Lstat()

    if !fc.OverwriteExisting {
        return fmt.Errorf("file exists: %s", destination)
    }
}

```

Also, we could block ALL symilnks that have a target outside of the destination directory.

I think the former approach is the best for now, as some archives may link outside of the destination directory for legitimate reasons.

Please link to any related issues, pull requests, and/or discussion

This is related to

• https://github.com/mholt/archiver/pull/203
• https://github.com/mholt/archiver/pull/169
• https://github.com/mholt/archiver/pull/70
• https://github.com/snyk/zip-slip-vulnerability/issues/41

Recently we had a PR that was necessary, but had some code style issues that we'd like to fix:

The PR in question: https://github.com/mholt/archiver/pull/231/files

What would you like to have changed?

There are a few ways I think could work really well:

1. Follow the style of os.IsNotFound
   • Let's add function something like IsIllegalPath in archiver.go
   • Let's replace lines like strings.Contains(err.Error(), "illegal file path") with IsIllegalPath
2. Follow the style of csv.ParseError
   • Let's add a struct IllegalPathError to archiver.go
   • Let's replace things like fmt.Errorf("illegal file path: %s", filename) with the use of that error
3. Let's do both!

Why is this feature a useful, necessary, and/or important addition to this project?

We just want to make the code more durable and maintainable.

Current Behavior A lack of formatting on the individual blog pages has them not looking as much like articles as they could be.

Desired Behavior Add color to the left and right margins or some other styling to the blog post page layout to offset the text from the page.

Screenshot

See How to create a contribution file

Move the instructions to this file from the README file;

Follow this format:

• Project name: Your project’s name is the first thing people will see upon scrolling down to your README, and is included upon creation of your README file.

• Description: A description of your project follows. A good description is clear, short, and to the point. Describe the importance of your project, and what it does.

• Table of Contents: Optionally, include a table of contents in order to allow other people to quickly navigate especially long or detailed READMEs.

• Installation: Installation is the next section in an effective README. Tell other users how to install your project locally. Optionally, include a gif to make the process even more clear for other people.

• Usage: The next section is usage, in which you instruct other people on how to use your project after they’ve installed it. This would also be a good place to include screenshots of your project in action.

Contributing: Link to a file in project root called CONTRIBUTING.md

Credits: Include a section for credits in order to highlight and link to the authors of your project.

Document the process of the web service flow in the readme as well.

• [ ] Create CONTRIBUTING.md file in the root folder
• [ ] Add How to Contribute instructions to the file

Please use markdown!

Description Just a small update in the issue, as we already have a same project page so I am redefining the issue as deleting the service mesh page. Hope its okay with the change @bartkalanski . You will have to just delete the smi page from the pages folder.

Enviroment: - OS: [e.g. Ubuntu] - Browser: [e.g. Chrome, Safari] - Version: [e.g. 22] - Device: [e.g. laptop, iPhone 8]

[Optional] To Reproduce

Steps to reproduce the behavior: 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error

[Optional] Additional Context <!-- Add any other context about the problem here. -->

Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions

• [ ] Create CONTRIBUTING.md file in the root folder
• [ ] Add How to Contribute instructions to the file

Please use markdown!

• [ ] Add Install and Run instructions to run this React-Native project generated with expo-cli

• [x] Link to practice: "https://developerexperience.io/practices/package-management"

• [x] What is this about: "Add Java Specifying dependencies (Maven or Gradle)"

How to contribute:

• Follow our Contribution guide
• How to Git and Pull Requests
• How to Markdown, Markdown interactive demo or Google Docs Addon

⚠️⚠️⚠️
This issue is for first-timers only, we'd like you to start your open-source journey from here 😄 ⚠️⚠️⚠️

As a library consumer, I would like to have a method that returns phone codes for each wilaya.
One of the use cases for this feature is with forms; in order to have a better user experience, we would like to set the phone code initials when the user select their wilaya. For example: if I fill the address block and set my city to Oran (code: 31) I would like if the phone number block is set automatically to 041.

What we want to add: - A getPhoneCodeForWilaya function that takes one parameter (wilayaCode: number) and returns the first phone code (as a wilaya, like Algiers have two phone codes: 21, 23). - A getPhoneCodesForWilaya function that takes one parameter (wilayaCode: number) and returns an array of all phoneCodes of that wilaya.

NB:

• Please read our contributing guidelines and our code of conduct
• Comment here so we know that you're on it 🐝 .
• Clone this repository, read the code and try to understand how we structured it.
• Start hacking (PS: You can check the PRs we merged and see how our smart contributors added this kind of features)
• Update documentation in the readme file
• Ask for help, here or in Slack.

Happy Hacking !

As a user, I would like to have a method which it returns a wilaya code for a given phone code.
Example: - getWilayaByPhoneCode(41) return WilayaObject{ name: 'Oran'.. }

It would be great if the method accepts full phone numbers, truncate the phone code and then return the wilaya, example:
- getWilayaByPhoneCode('0412345678')

N.B:

• Please read our contributing guidelines and our code of conduct
• Comment here so we know that you're on it 🐝 .
• Please keep it simple and clean, KISS 🥰 .
• Write tests
• Update documentation in the readme file
• It's okay to submit a PR with a function that only take a phone code (not a complete phone number).
• Keep functions small, and pure. We may reuse your code in the future ♻️ .
• Ask for help, here or in Slack.

Happy Hacking !

Clicking on a proposed name takes the user to another screen where the user can see availability of that domain

To keep things simple, as of now we can probably open some website like https://namechk.com/ and pre-fill the domain name

Donation section on landing page currently contains lorem ipsum text. Write something else in place of that.

Hi, I forgot to remove the TODO comment while sending in PR #21

Maybe a first-timers-only issue?

If you are a first-time contributor you can contribute to this project by re-designing the CONTRIBUTING.md file. Use your imagination and make it more beautiful. However, please do not remove important information from the CONTRIBUTING.md file. Feel free to add more information as you see fit.

update read me so that first timers know how to setup the pre requisites and run the docker command in order to start serving site on localhost;

Find the component under components/QuoteCard.tsx

• [ ] Take a look at https://github.com/devcer/captions-for-ig/blob/master/captions.csv to see for captions without tags or mood
• [ ] Use your common sense and think of the tags and mood to fill up those columns in the sheet.

Please take a look at the README.md for the list of moods

If you are a first-time contributor you can contribute to this project by re-designing the README.md file. Use your imagination and make it more beautiful. However, please do not remove important information from the README.md file. Feel free to add more information as you see fit.

Current State:

Maesh service mesh has officially changed its name to traefikmesh and has a new logo. The name and logo can be sourced from their site: traefikmesh

Desired State:

Swap out the name and logo with the new ones in the Service Mesh table on:

• Adapters page
• Service Meshes page

Contributor Resources - Meshery documentation site - Meshery documentation source - Instructions for contributing to documentation

Describe the bug

The Contents section in the Readme is currently incomplete

To Reproduce

Visible from the main repository page and [here]](https://github.com/dotnetnotts/dotnetnotts-web/blob/main/README.md)

Reproduces how often:

Always

Expected behaviour

There should be a link per section of the Readme in the contents

Screenshots

N/A

Hacktoberfest 2020

Hacktoberfest 2020 🎉

So, the festive season for OPEN SOURCE is back guys and we are here to help you contribute (and grab the swags :tada: ).

🗣 Hacktoberfest encourages participation in the open source community, which grows bigger every year. Complete the 2020 challenge and earn a limited edition T-shirt.

📢 Register here for Hacktoberfest and make four pull requests (PRs) between October 1st-31st to grab free SWAGS 🔥.

GOAL

To help you contribute to OPEN SOURCE REALM.

WHAT YOU NEED TO DO

• Go and open README.
• Follow the steps there :rocket: :tada:.


Hacktoberfest 2020

Hacktoberfest 2020 🎉

So, the festive season for OPEN SOURCE is back guys and we are here to help you contribute (and grab the swags 🔥 :tada: ).

🗣 Hacktoberfest encourages participation in the open source community, which grows bigger every year. Hacktoberfest is a good way to start your journey into open source.

As per the ethics of first-bit, you have to abide by just one RULE:

• This project is for contributors who have never contributed before or are still starting out in Open Source. This project is committed to help first timers get started (not for people finding ways to complete their 4 PRs as formality), and people contributing should respect this commitment while they're here. Thanks.

📢 Register here for Hacktoberfest.

GOAL

To help you contribute to OPEN SOURCE REALM.

WHAT YOU NEED TO DO

• Go and open README.
• Follow the steps there :rocket: :tada:.


Styled it as close as I could to the XD file specifications; for some reason the fonts in the XD file notes don't look the way the fonts look actually; the social media icons weren't provided

This change is  <!-- Reviewable:end -->

Add a query to fetch total confirmed, deceased and active COVID-19 cases for a given a state code.

Please check the API here.

There is not any query for getting latest data, add a query to get data for current date.

js { latest { active confirmed deaths recovered } }

Current UI is not responsive.


In the mobile view the tab shifts to the right, so margins on both sides becomes unequal.

I think once the details of a faculty are displayed, The suggestions tab can be hidden. And can be displayed again once the user starts searching. What is your suggestion @vinitshahdeo ?


The list of names displayed is not fitting in the container.


Read the text and correct some misspelling and grammar mistakes.

Some errors identified:

Current: like a product of you e-commerce Correction: like a product of your e-commerce

Current: There are 3 projects you can contribute to: Correction: There are 2 projects you can contribute to:

Map organizations in your country where you can donate money to plant trees and save the world 🌳

Hey, I am quite a newbie to programming and this is the first time I am trying to contribute to an open-source project. I have experience with working on operational tasks for 6 months in a cloud telephony company.

Environment (please complete the following information): - WebdriverIO version: [e.g. 4.13.2] - Mode: testrunner - If WDIO Testrunner, running sync/async: sync & async - Node.js version: 12 - Browser name and version: Chrome 85 - Platform name and version: Windows 10

Describe the bug I was having trouble with some tests when I realized, that my onPrepare hook was throwing an error. The test still ran as usual but since my backend wasn't running, I was getting misleading errors.

To Reproduce Add this hook to your config.

``` onPrepare: async function (config, capabilities) { throw new Error("error") }

// or

onPrepare: function (config, capabilities) { throw new Error("error") } ```

Log

... 2020-09-25T10:57:13.724Z ERROR @wdio/cli:utils: Error in hook: Error: error at Object.onPrepare (C:\Development\anvajo datalab\test\config\wdio.conf.ts:251:13) at C:\Development\anvajo datalab\node_modules\@wdio\cli\build\utils.js:95:14 at Array.map (<anonymous>) at runLauncherHook (C:\Development\anvajo datalab\node_modules\@wdio\cli\build\utils.js:93:27) at Launcher.run (C:\Development\anvajo datalab\node_modules\@wdio\cli\build\launcher.js:78:41) at processTicksAndRejections (internal/process/task_queues.js:97:5) Starting ChromeDriver 85.0.4183.87 (cd6713ebf92fa1cacc0f1a598df280093af0c5d7-refs/branch-heads/4183@{#1689}) on port 9515 ...

Expected behavior An error in onPrepare hook should abort the test.

In mobile view, the text inside the restaurant card overlaps.

Hackotoberfest 2020 🎉 🎉 🎉

https://hacktoberfest.digitalocean.com/


GOAL

The goal of this issue is to submit as many 😎 Awesome 🎉automation scripts you can which has made your life easier

RULES

• The scripts should be placed inside its own folder
• Each script can have a readme
• Script related files can be stored inside its folder
• Please name your scripts appropriately
• Scripts can be in any language
• Any level of scripts are welcome
• Please do not add binary files, PR will be rejected

Hacktoberfest 2020 🎉🎉🎉

Its that time of the year, make PR's in here for your HacktoberFest Contributions

https://hacktoberfest.digitalocean.com/ 

Goal

The entire goal of this issue is to get contributions from the open source community to curate a list of interview questions which are solved in Python(3.7 preferred)

Note

• The interview questions can be of any level
• Please do not submit duplicate questions(go through the code base and see if the problem you are submitting exists)
• All questions should have solutions written in python 3.8
• Add tests to test your algorithm inside the root test folder
• View the existing tests for implementation
• PR will be rejected if it does not follow the above rules

take updated logo from neha;

Following this issue comment https://github.com/bancodobrasil/stop-analyzing-api/issues/16#issuecomment-667519483, document the endpoint to get the next choice in the README.md

CVE-2020-15168 - Medium Severity Vulnerability

Vulnerable Library - node-fetch-1.7.3.tgz

A light-weight module that brings window.fetch to node.js and io.js

Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz

Path to dependency file: mycovidconnect/package.json

Path to vulnerable library: mycovidconnect/node_modules/node-fetch/package.json

Dependency Hierarchy: - react-google-maps-9.4.5.tgz (Root Library) - recompose-0.26.0.tgz - fbjs-0.8.17.tgz - isomorphic-fetch-2.2.1.tgz - :x: **node-fetch-1.7.3.tgz** (Vulnerable Library)

Found in HEAD commit: 3dacf50349ac32a7152cbf1b2f833e52e653fc42

Found in base branch: master

Vulnerability Details

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.

Publish Date: 2020-09-10

URL: CVE-2020-15168

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r

Release Date: 2020-07-21

Fix Resolution: 2.6.1,3.0.0-beta.9

Step up your Open Source Security Game with WhiteSource here

Vulnerabilities

DepShield reports that this application's usage of lodash:4.17.19 results in the following vulnerability(s):

• (CVSS 7.4) [CVE-2020-8203] Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.

Occurrences

lodash:4.17.19 is a transitive dependency introduced by the following direct dependency(s):

• @testing-library/jest-dom:4.2.4         └─ lodash:4.17.19

• node-sass:4.14.1         └─ gaze:1.1.3               └─ globule:1.3.2                     └─ lodash:4.17.19         └─ lodash:4.17.19         └─ sass-graph:2.2.5               └─ lodash:4.17.19

• react-google-maps:9.4.5         └─ lodash:4.17.19

• react-scripts:3.4.3         └─ @babel/core:7.9.0               └─ @babel/helper-module-transforms:7.11.0                     └─ lodash:4.17.19               └─ @babel/traverse:7.11.0                     └─ lodash:4.17.19               └─ @babel/types:7.11.0                     └─ lodash:4.17.19               └─ lodash:4.17.19         └─ @svgr/webpack:4.3.3               └─ @babel/preset-env:7.11.0                     └─ @babel/plugin-transform-classes:7.10.4                           └─ @babel/helper-define-map:7.10.5                                 └─ lodash:4.17.19                     └─ @babel/plugin-transform-sticky-regex:7.10.4                           └─ @babel/helper-regex:7.10.5                                 └─ lodash:4.17.19         └─ @typescript-eslint/parser:2.34.0               └─ @typescript-eslint/typescript-estree:2.34.0                     └─ lodash:4.17.19         └─ eslint:6.8.0               └─ inquirer:7.3.3                     └─ lodash:4.17.19               └─ lodash:4.17.19               └─ table:5.4.6                     └─ lodash:4.17.19         └─ eslint-plugin-flowtype:4.6.0               └─ lodash:4.17.19         └─ html-webpack-plugin:4.0.0-beta.11               └─ lodash:4.17.19         └─ jest-environment-jsdom-fourteen:1.0.1               └─ jsdom:14.1.0                     └─ request-promise-native:1.0.9                           └─ request-promise-core:1.1.4                                 └─ lodash:4.17.19         └─ optimize-css-assets-webpack-plugin:5.0.3               └─ last-call-webpack-plugin:3.0.0                     └─ lodash:4.17.19         └─ react-dev-utils:10.2.1               └─ inquirer:7.0.4                     └─ lodash:4.17.19         └─ webpack-dev-server:3.11.0               └─ http-proxy-middleware:0.19.1                     └─ lodash:4.17.19               └─ portfinder:1.0.28                     └─ async:2.6.3                           └─ lodash:4.17.19         └─ webpack-manifest-plugin:2.2.0               └─ lodash:4.17.19

<sub>This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.</sub>

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• react-scripts:3.4.3         └─ optimize-css-assets-webpack-plugin:5.0.3               └─ cssnano:4.1.10                     └─ cssnano-preset-default:4.0.7                           └─ postcss-merge-rules:4.0.3                                 └─ caniuse-api:3.0.0                                       └─ lodash.uniq:4.5.0

<sub>This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.</sub>

Add focusRectSizeFactor parameter for rectangle focus shape (like focusCircleRadiusFactor for circular). Default value should be 1.

The result of the crawler made by @douglasferlini in #5 is a JSON array with the overall information of the dresses os La Fiancee. Now, we need now to get the details of the dresses and generate a more detailed JSON array.

To do so, you will read the attached JSON and will make a request for the product API providing the urlPartin the following format:

Javascript const productID = <urlPart_from_json_array> await fetch("https://www.lafiancee.com.br/_api/wix-ecommerce-storefront-web/api", { "credentials": "include", "headers": { "Accept": "*/*", "Authorization": "brUTfgwc9eaqQ4m_KjbIkjnR-MRt9rGfCLGikGEPiRU.eyJpbnN0YW5jZUlkIjoiMWI0OTQ1ODItZDg5Zi00MmY2LTg0YzAtNTAxOGE3NzI1Y2MyIiwiYXBwRGVmSWQiOiIxMzgwYjcwMy1jZTgxLWZmMDUtZjExNS0zOTU3MWQ5NGRmY2QiLCJtZXRhU2l0ZUlkIjoiN2RlM2ExNjgtNDEyNC00NDljLTg4ZDYtZmViNjkzYWY3NzRjIiwic2lnbkRhdGUiOiIyMDIwLTA5LTIzVDEyOjI3OjE4LjUyOVoiLCJ2ZW5kb3JQcm9kdWN0SWQiOiJQcmVtaXVtMSIsImRlbW9Nb2RlIjpmYWxzZSwiYWlkIjoiOWE0ZjJjNDAtMTIzNC00ZGM3LTg3OWEtMjIzZDMxMzI0N2E1IiwiYmlUb2tlbiI6IjY2YWFlNGVhLTk5YmItMDY2YS0wYzE2LWFlYWUzNGRkMmI4ZSIsInNpdGVPd25lcklkIjoiZmI0Y2Y2ODQtODZkZS00N2E0LWE2NjUtZjE4ZDcxYzA3YzUxIn0", "Content-Type": "application/json; charset=utf-8", }, "body": `{"query":"query getProductBySlug($externalId: String!, $slug: String!, $withPricePerUnit: Boolean!, $withCountryCodes: Boolean!) { appSettings(externalId: $externalId) { widgetSettings } catalog { product(slug: $slug, onlyVisible: true) { id description isVisible sku ribbon price comparePrice discountedPrice formattedPrice formattedComparePrice formattedDiscountedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) pricePerUnitData @include(if: $withPricePerUnit) { baseQuantity baseMeasurementUnit } seoTitle seoDescription createVersion digitalProductFileItems { fileId fileType fileName } productItems { price comparePrice formattedPrice formattedComparePrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) optionsSelections isVisible inventory { status quantity } sku weight surcharge subscriptionPlans { list { id price formattedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) } } } name isTrackingInventory inventory { status quantity } isVisible isManageProductItems isInStock media { id url fullUrl altText thumbnailFullUrl: fullUrl(width: 50, height: 50) mediaType videoType videoFiles { url width height format quality } width height index title } customTextFields { title isMandatory inputLimit } nextOptionsSelectionId options { title optionType selections { id value description linkedMediaItems { altText url fullUrl thumbnailFullUrl: fullUrl(width: 50, height: 50) mediaType width height index title videoFiles { url width height format quality } } } } productType urlPart additionalInfo { id title description index } subscriptionPlans { list(onlyVisible: true) { id name tagline frequency duration price formattedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) } oneTimePurchase { index } } discount { mode value } currency weight seoJson } } localeData(language: "en") @include(if: $withCountryCodes) { countries { key shortKey } } }","variables":{"slug":productID,"externalId":"","withPricePerUnit":true,"withCountryCodes":false},"source":"WixStoresWebClient","operationName":"getProductBySlug"}`, "method": "POST", });

This request will return a JSON that has the product options with title and selections which will be the features.

With this enhanced JSON Array we can build the database to serve this data.

The auth route and user model is being created. For now we will be focusing on local-strategy authentication using username & passward. We are using passportjs with jsonwebtokens.

Login Controller

Once passport-local statergy validates the user this controller should just generate the jwt token and send send it as response. Also just use the user._id to create the jwt.

signup controller

validate the username is unique, then generate the jwt token and send it as response.

Adding issue templates and pull request template will enhance the workflow of the repository.

Use the new form of ISSUETEMPLATE i.e. making a folder ISSUETEMPLATE in .github and adding different types of .md files for different issues like bug.md, documentation.md and feature.md. A contributor can choose the type of templates whenever they make an issue.

Reference: https://docs.github.com/en/github/building-a-strong-community/about-issue-and-pull-request-templates

Addition of GitHub actions will help to enhance the code quality and workflow or repository. try to add ESLint and prettier Actions.

Right Now, the todoist readme stats are just in normal text format, it can be highlighed by using ``

Try to make in this format:

Currently the database connection information is get from an environment variable DATABASEURL. To be more a "go thing", we could change it to be a flag --databaseURL instead of the environment var. In some scenarios, the env would be used as the value of the flag, like `--databaseURL=DATABASEURL`, but that would not be mandatory

Add yq

https://github.com/mikefarah/yq

We want to add yq because it can make configuring config.yml files (such as alacrittys config file) much easier than writing custom code.

It's written in go, so it works consistently across Windows, Mac, and Linux.

This could be as simple as copying _example, updating the github releases info, and doing a find and replace on a few file system path names.

How to create a webi installer


Skills required

• Basic Command Line knowledge (mkdir, mv, ls, tar, unzip, variables)

Steps

1. Clone and setup the webi packages repo bash git clone git@github.com:webinstall/packages.git pushd packages/ npm install
2. Copy the example template and update with info from Official Releases: https://github.com/mikefarah/yq/releases bash rsync -av ./_example/ ./yq/
   • [ ] update yq/release.js to use the official repo
   • [ ] Learn how yq unpacks (i.e. as a single file? as a .tar.gz? as a .tar.gz with a folder named yq?)
   • [ ] find and replace to change the name
     • [ ] update yq/install.sh (see bat and jq as examples)
     • [ ] update yq/install.ps1 (see bat and jq as examples)
3. Needs an updated tagline and cheat sheet
   • [ ] update yq/README.md
     • [ ] official URL
     • [ ] tagline
     • [ ] Switch versions
     • [ ] description / summary
     • [ ] General pointers on usage (and perhaps "gotchas")

It's also okay to have multiple people work on part of this (i.e. the Cheat Sheet can be done independently from the install.sh)

Find all the places where Copyright message is written and automate Copyright year updation by replacing year written manually with {% now 'Y'%} template tag.

Also, do share screenshot in the PR showing that it is working properly.

Installed the dev tools yesterday, and i just noticed this morning that one part of the R does not have the same colour:


Here is the ascii art from Sarek, so probably not coming from a strange setting in my terminal:


Desired State: The Releases page needs the v0.4.2 release and release notes added.

The v0.4.2 release notes are here - https://github.com/layer5io/meshery/releases/tag/v0.4.2

Contributor Resources - Meshery documentation site - Meshery documentation source - Instructions for contributing to documentation

I am Vaibhav Kashera, studying at the International Institute of Information Technology, Hyderabad(IIIT-H). My past experiences include creating an android application in a team in Flutter and Firebase, which can be viewed here. I am comfortable working in C, C++, JS, Python3, Django, and Dart. I also have a fair amount of exposure to web development(bootstrap, js, Django). I would like to contribute to this repository to kick off my work in open source.

Kindly come up with an eye-catching layout for the homepage (i.e. index.html)

• Feel free to play with fonts/colors in CSS files.
• Do not make any changes to js/app.js.
• Make sure that business logic shouldn't break i.e. fetching news.
• Update CSS to have a better News card.


PS - I don't have any wireframe in my mind if you come up with one, please comment on this thread.

The News Card does not display the date published for the News article. Add date in News Card.


In current web app, users can filter the news on the basis of source but there is no way to filter the recent or popular news.

The idea is to sort the news in the following orders:

• Date published
• Relevancy to search keyword
• Popularity of source


Find the API Documentation here.

This is a really good task for beginners, you can help this awesome list by checking the repositories list.

If you find a repository that:

• Is not available anymore
• Is not being maintained anymore (11+ months of inactivity)
• Is not accepting pull requests anymore for hacktoberfest 2020
• Repositories that are "only to add your name" or something that's clearly an attempt to simply +1 your pull request count for October.

You can make a pull request removing one or more of these repositories.

Welcome to Hacktoberfest 2020! 🎉

CVE-2018-1324 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.12.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - sdk-common-27.0.1.jar - sdklib-27.0.1.jar - :x: **commons-compress-1.12.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-03-16

URL: CVE-2018-1324

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324

Release Date: 2018-03-16

Fix Resolution: 1.16

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1000180 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Publish Date: 2018-06-05

URL: CVE-2018-1000180

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180

Release Date: 2018-06-05

Fix Resolution: org.bouncycastle:bcprov-jdk15on:1.60,org.bouncycastle:bcprov-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk15on:1.60

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1000613 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

Publish Date: 2018-07-09

URL: CVE-2018-1000613

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613

Release Date: 2018-07-09

Fix Resolution: org.bouncycastle:bcprov-ext-debug-jdk15on:1.60,org.bouncycastle:bcprov-debug-jdk15on:1.60,org.bouncycastle:bcprov-debug-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk15on:1.60,org.bouncycastle:bcprov-jdk14:1.60,org.bouncycastle:bcprov-jdk15on:1.60

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11771 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.12.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - sdk-common-27.0.1.jar - sdklib-27.0.1.jar - :x: **commons-compress-1.12.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-08-16

URL: CVE-2018-11771

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771

Release Date: 2018-08-16

Fix Resolution: 1.18

Step up your Open Source Security Game with WhiteSource here

WS-2019-0379 - Medium Severity Vulnerability

Vulnerable Library - commons-codec-1.10.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.10/4b95f4897fa13f2cd904aee711aeafc0c5295cd8/commons-codec-1.10.jar

Dependency Hierarchy: - room-compiler-2.2.5.jar (Root Library) - :x: **commons-codec-1.10.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.

Publish Date: 2019-05-20

URL: WS-2019-0379

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113

Release Date: 2019-05-12

Fix Resolution: 1.13-RC1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-17359 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Publish Date: 2019-10-08

URL: CVE-2019-17359

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17359

Release Date: 2019-10-08

Fix Resolution: org.bouncycastle:bcprov-jdk15on:1.64

Step up your Open Source Security Game with WhiteSource here

CVE-2018-10237 - Medium Severity Vulnerability

Vulnerable Library - guava-23.5-jre.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.

Library home page: https://github.com/google/guava

Path to dependency file: android-mycovidconnect/data/build.gradle.kts

Path to vulnerable library: /tmp/ws-ua_20200917114631_PFMIKB/downloadResource_JKICCP/20200917115258/guava-23.5-jre.jar

Dependency Hierarchy: - room-compiler-2.2.5.jar (Root Library) - auto-common-0.10.jar - :x: **guava-23.5-jre.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Release Date: 2018-04-26

Fix Resolution: 24.1.1-jre, 24.1.1-android

Step up your Open Source Security Game with WhiteSource here


Hello :wave:

It’s that time of year again when we come together to support and celebrate the open source technologies we use and love. To help you celebrate Hacktoberfest 2020, I have opened a few issues for #CodeNewbie folks, also few are good ones to be taken by JS developers. Please check this.

Check all the issues with hacktoberfest label for this repo here.

Check out the repo below for beginner-friendly (first-timers-only) issues which are up for grabs.


I'll be adding a few more beginner-friendly issues, Star(watch) this repo.

🤗

Vinit


Description The text on the Service Mesh Interface project is center-aligned (see screenshot).

Expected Behavior This text should be left-aligned.

Screenshots

Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions


Hello :wave:

It’s that time of year again when we come together to support and celebrate the open source technologies we use and love. To help you celebrate Hacktoberfest 2020, I have opened a few issues for #CodeNewbie folks, also few are good ones to be taken by JS developers. Please check this.

Check out the repo below for beginner-friendly | first-timers-only issues which are up for grabs.


I'll be adding a few more beginner-friendly issues, follow me(@vinitshahdeo) for more updates. Star(watch) this repo.

🤗

Vinit


Description <!-- A brief description of what the current circumstance is. -->

Replace the respective zoom links for all the Layer5 meeting with the redirected links in the Readme, for example: Layer5 community meeting: https://meet.layer5.io/community The redirected links have been updated in the Layer5 community calendar and can be sourced from there.

Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions

Hi, I recently learned full stack development using MERN stack. Here is a link to the website I recently made for my college tech fest.

I want to start contributing to open source and I am also preparing for GSOC next year. Please help me out.

Thanks in advance

Hi! I am pursuing my Bachelor's degree in Software Engineering and am looking for a project to contribute to so that I can learn new things and improve my skills.

My education mainly focused on Java, C++. The other focus of my education is web applications, so I'm pretty comfortable with CSS, HTML, and currently learning Javascript.

Fixing the Title in Github Pages. In smaller screen sizes, the title doesn't show up properly.

Requirement Fix the title so that the entire name is shown. After forking this repository, head over to the branch gh-pages, commit your changes and send a PR!.

🆕🐥☝ First Timers Only.

This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

About First Timers Only.

🤔 What you will need to know.

Nothing. This issue is meant to welcome you to Open Source :) We are happy to walk you through the process.

📋 Step by Step

• [ ] 🙋 Claim this issue: Comment below.

Once claimed we add you as contributor to this repository.

• [ ] 👌 Accept our invitation to this repository. Once accepted, assign yourself to this issue

• [ ] 📝 Update the file \readme.md in the Hacktober-2020 repository (press the little pen Icon) and edit the line as shown below.

```diff @@ -1,6 +1,6 @@   - +

# First Contribution

```

• [ ] 💾 Commit your changes

• [ ] 🔀 Start a Pull Request. There are two ways how you can start a pull request:

1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.

2. You can edit files directly in your browser

• [ ] 🏁 Done Ask in comments for a review :)

🤔❓ Questions

Leave a comment below!

This issue was created by First-Timers-Bot.

Learn to contribute to open source !

Please check how to contribute section in the readme file to contribute to this repo!

Refer the comments for https://github.com/SiddharthaAnand/datastructures/issues/40

Hi! I recently finished my Bachelor's degree in Software Engineering and am looking for a project to contribute to so that I can learn new things and improve my skills.

My education mainly focused on OOP concepts and languages such as Python, Java, C++, but I've also taken a scripting class so I'm familiar with BASH and PERL. The other focus of my education was web applications, so I'm pretty comfortable with JavaScript, CSS, and HTML.

the hospitals near me will be on the top in the results page, so distances will be radially outwards, in ascending order.

Add shfmt

We want to add shfmt because...

• Prettier doesn't handle bash scripts
• shfmt does
  • also uses some existing style guidelines well (i.e. Google's bash guidelines)

This could be as simple as copying _example, updating the github releases info, and doing a find and replace on a few file system path names.

Special note

shfmt is a "bare naked" release, so it follows the special mv rule mentioned in the .sh and .ps1 comments and in the video.

How to create a webi installer


Skills required

• Basic Command Line knowledge (mkdir, mv, ls, tar, unzip, variables)

Steps

1. Clone and setup the webi packages repo bash git clone git@github.com:webinstall/packages.git pushd packages/ npm install
2. Copy the example template and update with info from Official Releases: https://github.com/mvdan/sh/releases bash rsync -av _example/ shfmt/
   • [ ] update shfmt/release.js to use the official repo
   • [ ] shfmt is a bare-naked release, so it follows the special mv rule mentioned in the tutorial video
     • see jq, gitea, and comrak as examples of this
   • [ ] find and replace to change the name
     • [ ] update shfmt/install.sh (see jq as examples)
     • [ ] update shfmt/install.ps1 (see jq as examples)
3. Needs an updated tagline and cheat sheet
   • [ ] update shfmt/README.md
     • [ ] official URL
     • [ ] tagline
     • [ ] Switch versions
     • [ ] description / summary
     • [ ] General pointers on usage (and perhaps "gotchas")

It's also okay to have multiple people work on part of this (i.e. the Cheat Sheet can be done independently from the install.sh)

Note to self (related)

Should be able to use this with vim-autofmt: - https://vimawesome.com/plugin/vim-autoformat

Browser Name and website I am not entirely sure if this issue has been raised now.

So I tried following the steps on my brave browser, but then when I was asked to open on a private browser window, I used a private window with Tor. I never got past this first page, It kept trying to verify if I am human.


Version - Brave Version 1.13.82 Chromium: 85.0.4183.83 (Official Build) (64-bit) Operating System used - macOS Operating Systems supported

Notes

• [x] Add some relevant images.

• [x] Add/Explain some steps on Contributing.

• [x] Make it more redable.

Hi! I'm new to open source contributions, would love to contribute to this project 😄 . I have experience in React, typescript, html and css.

Accidentally created an issue on the wrong account but closed it

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-24.1.2-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-22.0.1-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here