Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade open from 7.0.4 to 8.0.2 #15

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade open from 7.0.4 to 8.0.2 #15

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade open from 7.0.4 to 8.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released 25 days ago, on 2021-03-03.
Release notes
Package name: open from open GitHub release notes
Commit messages
Package name: open

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@mistaken-pull-closer
Copy link

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

@pull-dog
Copy link

pull-dog bot commented Mar 28, 2021

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

  • docker-compose.yml
What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands
  • @pull-dog up to reprovision or provision the server.
  • @pull-dog down to delete the provisioned server.
Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
831256c0-8f68-11eb-8863-75aaf597fbc0

@mistaken-pull-closer mistaken-pull-closer bot added the invalid This doesn't seem right label Mar 28, 2021
@guardrails
Copy link

guardrails bot commented Mar 28, 2021

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 274 | Considered vulnerability: 0

Hard-Coded Secrets (10)

quasar/docs/src/components/DocApi.vue

Line 75 in 4052daa

ApiRows(:which="tab", :apiKey="category", :api="filteredApi[tab]")

quasar/docs/src/examples/QInput/InputTypes.vue

Line 39 in 4052daa

password: '',

quasar/docs/src/layouts/layout-search-mixin.js

Line 28 in 4052daa

xhr.setRequestHeader('X-Meili-API-Key', 'a7c3283824a29d1b0e8042f0266690670b00f7c81d92021b80117563577d2106')

quasar/extras/fontawesome-v5/fontawesome-v5.css

Line 4260 in 4052daa

.fa-user-secret:before {

quasar/extras/line-awesome/line-awesome.css

Line 4085 in 4052daa

.la-user-secret:before {

quasar/extras/mdi-v3/mdi-v3.css

Line 13180 in 4052daa

.mdi-textbox-password:before {

quasar/extras/mdi-v4/mdi-v4.css

Line 17901 in 4052daa

.mdi-textbox-password::before {

quasar/extras/mdi-v5/mdi-v5.css

Line 16237 in 4052daa

.mdi-onepassword::before {

quasar/ui/dev/src/pages/form/field-focus-unfocus.vue

Line 279 in 4052daa

password: '',

quasar/ui/dev/src/pages/form/input.vue

Line 441 in 4052daa

<q-icon slot="append" :name="password ? 'visibility_off' : 'visibility'" @click="password = !password" class="cursor-pointer" />

More info on how to fix Hard-Coded Secrets in General.

Insecure File Management (142)

quasar/app/lib/app-extension/Extension.js

Line 35 in 4052daa

if (overwritePrompt === true && fs.existsSync(targetPath)) {

quasar/app/lib/app-extension/Extension.js

Line 52 in 4052daa

const rawContent = fs.readFileSync(sourcePath, 'utf-8')

quasar/app/lib/app-extension/Extension.js

Line 54 in 4052daa

fs.writeFileSync(targetPath, template(scope), 'utf-8')

quasar/app/lib/app-extension/Extension.js

Line 80 in 4052daa

if (overwrite !== 'overwriteAll' && fs.existsSync(targetPath)) {

quasar/app/lib/app-extension/InstallAPI.js

Line 150 in 4052daa

if (!fs.existsSync(source)) {

quasar/app/lib/app-extension/InstallAPI.js

Line 156 in 4052daa

if (fs.lstatSync(source).isDirectory()) {

quasar/app/lib/app-extension/InstallAPI.js

Line 180 in 4052daa

fs.writeFileSync(

quasar/app/lib/app-extension/InstallAPI.js

Line 214 in 4052daa

const data = merge(fs.existsSync(filePath) ? require(filePath) : {}, newData)

quasar/app/lib/app-extension/InstallAPI.js

Line 216 in 4052daa

fs.writeFileSync(

quasar/app/lib/app-extension/InstallAPI.js

Line 243 in 4052daa

if (!fs.existsSync(source)) {

quasar/app/lib/app-extension/InstallAPI.js

Line 248 in 4052daa

if (!fs.lstatSync(source).isDirectory()) {

quasar/app/lib/app-extension/InstallAPI.js

Line 275 in 4052daa

if (!fs.existsSync(sourcePath)) {

quasar/app/lib/app-extension/InstallAPI.js

Line 280 in 4052daa

if (fs.lstatSync(sourcePath).isDirectory()) {

quasar/app/lib/app-extension/extension-json.js

Line 10 in 4052daa

if (!fs.existsSync(extensionPath)) {

quasar/app/lib/app-extension/extension-json.js

Line 84 in 4052daa

fs.writeFileSync(

quasar/app/lib/app-paths.js

Line 8 in 4052daa

if (fs.existsSync(join(dir, 'quasar.conf.js'))) {

quasar/app/lib/artifacts.js

Line 10 in 4052daa

return fs.existsSync(filePath)

quasar/app/lib/artifacts.js

Line 21 in 4052daa

fs.writeFileSync(filePath, JSON.stringify(content), 'utf-8')

quasar/app/lib/artifacts.js

Line 70 in 4052daa

if (fs.existsSync(distFolder)) {

quasar/app/lib/bex/index.js

Line 20 in 4052daa

this.watcher = compiler.watch({}, (err, stats) => {

quasar/app/lib/capacitor/capacitor-config.js

Line 85 in 4052daa

fs.writeFileSync(file.path, file.content, 'utf8')

quasar/app/lib/capacitor/capacitor-config.js

Line 139 in 4052daa

fs.writeFileSync(capPkgPath, JSON.stringify(capPkg, null, 2), 'utf-8')

quasar/app/lib/capacitor/capacitor-config.js

Line 161 in 4052daa

if (fs.existsSync(file)) {

quasar/app/lib/capacitor/capacitor-config.js

Line 211 in 4052daa

const originalContent = fs.readFileSync(file, 'utf-8')

quasar/app/lib/capacitor/capacitor-config.js

Line 227 in 4052daa

fs.writeFileSync(file, newContent, 'utf-8')

quasar/app/lib/capacitor/capacitor-config.js

Line 235 in 4052daa

const originalContent = fs.readFileSync(file, 'utf-8')

quasar/app/lib/capacitor/capacitor-config.js

Line 240 in 4052daa

fs.writeFileSync(file, newContent, 'utf-8')

quasar/app/lib/capacitor/capacitor-config.js

Line 264 in 4052daa

if (fs.existsSync(mainActivityPath)) {

quasar/app/lib/capacitor/capacitor-config.js

Line 265 in 4052daa

let mainActivity = fs.readFileSync(mainActivityPath, 'utf8')

quasar/app/lib/capacitor/capacitor-config.js

Line 285 in 4052daa

if (!fs.existsSync(enableHttpsSelfSignedPath)) {

quasar/app/lib/capacitor/capacitor-config.js

Line 288 in 4052daa

fs.writeFileSync(

quasar/app/lib/capacitor/capacitor-config.js

Line 299 in 4052daa

if (fs.existsSync(enableHttpsSelfSignedPath)) {

quasar/app/lib/capacitor/capacitor-config.js

Line 300 in 4052daa

fs.unlinkSync(enableHttpsSelfSignedPath)

quasar/app/lib/capacitor/capacitor-config.js

Line 304 in 4052daa

fs.writeFileSync(mainActivityPath, mainActivity, 'utf-8')

quasar/app/lib/capacitor/ensure-consistency.js

Line 14 in 4052daa

if (!fs.existsSync(www)) {

quasar/app/lib/capacitor/ensure-consistency.js

Line 23 in 4052daa

if (fs.existsSync(appPaths.resolve.capacitor('node_modules'))) {

quasar/app/lib/cordova/cordova-config.js

Line 42 in 4052daa

const doc = et.parse(fs.readFileSync(filePath, 'utf-8'))

quasar/app/lib/cordova/cordova-config.js

Line 85 in 4052daa

const doc = et.parse(fs.readFileSync(filePath, 'utf-8'))

quasar/app/lib/cordova/cordova-config.js

Line 106 in 4052daa

fs.writeFileSync(filePath, content, 'utf8')

quasar/app/lib/cordova/cordova-config.js

Line 110 in 4052daa

fs.writeFileSync(file.path, file.content, 'utf8')

quasar/app/lib/cordova/cordova-config.js

Line 120 in 4052daa

if (!fs.existsSync(appDelegatePath)) {

quasar/app/lib/cordova/cordova-config.js

Line 139 in 4052daa

tamperedFile.originalContent = fs.readFileSync(appDelegatePath, 'utf-8')

quasar/app/lib/cordova/cordova-config.js

Line 166 in 4052daa

if (fs.existsSync(wkWebViewEnginePath)) {

quasar/app/lib/cordova/cordova-config.js

Line 172 in 4052daa

tamperedFile.originalContent = fs.readFileSync(wkWebViewEnginePath, 'utf-8')

quasar/app/lib/cordova/ensure-consistency.js

Line 14 in 4052daa

if (!fs.existsSync(www)) {

quasar/app/lib/cordova/ensure-consistency.js

Line 23 in 4052daa

if (fs.existsSync(appPaths.resolve.cordova('node_modules'))) {

quasar/app/lib/dev-server.js

Line 154 in 4052daa

return getIndexHtml(fs.readFileSync(templatePath, 'utf-8'), cfg)

quasar/app/lib/dev-server.js

Line 158 in 4052daa

const htmlWatcher = chokidar.watch(templatePath).on('change', () => {

quasar/app/lib/dev-server.js

Line 204 in 4052daa

const serverCompilerWatcher = serverCompiler.watch({}, () => {})

quasar/app/lib/electron/bundler.js

Line 70 in 4052daa

if (fs.existsSync(appPaths.resolve.electron('icons/linux-256x256.png'))) {

quasar/app/lib/electron/index.js

Line 40 in 4052daa

this.watcher = compiler.watch({}, async (err, stats) => {

quasar/app/lib/electron/index.js

Line 70 in 4052daa

if (fs.existsSync(preloadFile)) {

quasar/app/lib/electron/index.js

Line 72 in 4052daa

this.preloadWatcher = chokidar

quasar/app/lib/generator.js

Line 31 in 4052daa

const content = fs.readFileSync(

quasar/app/lib/generator.js

Line 51 in 4052daa

template: compileTemplate(fs.readFileSync(ssrFile, 'utf-8')),

quasar/app/lib/generator.js

Line 65 in 4052daa

if (!fs.existsSync(quasarFolder)) {

quasar/app/lib/generator.js

Line 66 in 4052daa

fs.mkdirSync(quasarFolder)

quasar/app/lib/generator.js

Line 68 in 4052daa

else if (!fs.lstatSync(quasarFolder).isDirectory()) {

quasar/app/lib/generator.js

Line 71 in 4052daa

fs.mkdirSync(quasarFolder)

quasar/app/lib/generator.js

Line 79 in 4052daa

fs.writeFileSync(file.dest, file.template(templateData), 'utf-8')

quasar/app/lib/generator.js

Line 86 in 4052daa

fs.utimes(file.dest, then, then, function (err) { if (err) throw err })

quasar/app/lib/helpers/app-files-validations.js

Line 13 in 4052daa

content = fs.readFileSync(file, 'utf-8')

quasar/app/lib/helpers/app-files-validations.js

Line 23 in 4052daa

content = fs.readFileSync(file, 'utf-8')

quasar/app/lib/helpers/css-variables.js

Line 10 in 4052daa

styl: fs.existsSync(appPaths.resolve.src('css/quasar.variables.styl')),

quasar/app/lib/helpers/css-variables.js

Line 11 in 4052daa

scss: fs.existsSync(appPaths.resolve.src('css/quasar.variables.scss')),

quasar/app/lib/helpers/css-variables.js

Line 12 in 4052daa

sass: fs.existsSync(appPaths.resolve.src('css/quasar.variables.sass'))

quasar/app/lib/helpers/fix-android-cleartext.js

Line 11 in 4052daa

if (fs.existsSync(androidManifestPath)) {

quasar/app/lib/helpers/fix-android-cleartext.js

Line 13 in 4052daa

let androidManifest = fs.readFileSync(androidManifestPath, 'utf8')

quasar/app/lib/helpers/fix-android-cleartext.js

Line 21 in 4052daa

fs.writeFileSync(androidManifestPath, androidManifest, 'utf-8')

quasar/app/lib/helpers/get-api.js

Line 53 in 4052daa

if (!fs.existsSync(file)) {

quasar/app/lib/helpers/node-packager.js

Line 17 in 4052daa

if (fs.existsSync(appPaths.resolve.app('yarn.lock'))) {

quasar/app/lib/helpers/node-packager.js

Line 21 in 4052daa

if (fs.existsSync(appPaths.resolve.app('package-lock.json'))) {

quasar/app/lib/helpers/open-ide.js

Line 10 in 4052daa

const root = fs.readdirSync(folder)

quasar/app/lib/helpers/open-ide.js

Line 54 in 4052daa

if (fs.existsSync(studioPath)) {

quasar/app/lib/helpers/open-ide.js

Line 87 in 4052daa

if (bin.windowsAndroidStudio && fs.existsSync(bin.windowsAndroidStudio)) {

quasar/app/lib/helpers/open-ide.js

Line 92 in 4052daa

if (fs.existsSync(studioPath)) {

quasar/app/lib/helpers/open-ide.js

Line 103 in 4052daa

if (fs.existsSync(asPath)) {

quasar/app/lib/helpers/types-feature-flags.js

Line 41 in 4052daa

if (isFeatureInstalled && !fs.existsSync(destFlagPath)) {

quasar/app/lib/mode/mode-bex.js

Line 9 in 4052daa

return fs.existsSync(appPaths.bexDir)

quasar/app/lib/mode/mode-capacitor.js

Line 12 in 4052daa

return fs.existsSync(appPaths.capacitorDir)

quasar/app/lib/mode/mode-capacitor.js

Line 61 in 4052daa

const content = fs.readFileSync(appPaths.resolve.cli('templates/capacitor/' + filePath))

quasar/app/lib/mode/mode-capacitor.js

Line 63 in 4052daa

fs.writeFileSync(dest, compileTemplate(content)(scope), 'utf-8')

quasar/app/lib/mode/mode-capacitor.js

Line 97 in 4052daa

return fs.existsSync(appPaths.resolve.capacitor(target))

quasar/app/lib/mode/mode-cordova.js

Line 10 in 4052daa

return fs.existsSync(appPaths.cordovaDir)

quasar/app/lib/mode/mode-cordova.js

Line 78 in 4052daa

return fs.existsSync(appPaths.resolve.cordova(`platforms/${target}`))

quasar/app/lib/mode/mode-electron.js

Line 19 in 4052daa

return fs.existsSync(appPaths.electronDir)

quasar/app/lib/mode/mode-pwa.js

Line 15 in 4052daa

return fs.existsSync(appPaths.pwaDir)

quasar/app/lib/mode/mode-ssr.js

Line 9 in 4052daa

return fs.existsSync(appPaths.ssrDir)

quasar/app/lib/quasar-conf-file.js

Line 101 in 4052daa

chokidar

quasar/app/lib/quasar-conf-file.js

Line 136 in 4052daa

chokidar

quasar/app/lib/quasar-conf-file.js

Line 161 in 4052daa

if (fs.existsSync(this.filename)) {

quasar/app/lib/quasar-conf-file.js

Line 548 in 4052daa

fs.existsSync(storePath) ||

quasar/app/lib/quasar-conf-file.js

Line 549 in 4052daa

fs.existsSync(storePath + '.js') ||

quasar/app/lib/quasar-conf-file.js

Line 550 in 4052daa

fs.existsSync(storePath + '.ts')

quasar/app/lib/ssr/ssr-extension.js

Line 11 in 4052daa

if (!fs.existsSync(ssrExtensionFile)) {

quasar/app/lib/webpack/bex/plugin.bex-packager.js

Line 27 in 4052daa

if (fse.existsSync(manifestFilePath)) {

quasar/app/lib/webpack/bex/plugin.bex-packager.js

Line 28 in 4052daa

const manifestFileData = fse.readFileSync(manifestFilePath)

quasar/app/lib/webpack/bex/plugin.bex-packager.js

Line 39 in 4052daa

fse.writeFileSync(manifestFilePath, newValue, 'utf-8')

quasar/app/lib/webpack/bex/plugin.bex-packager.js

Line 57 in 4052daa

let output = fse.createWriteStream(path.join(dest, fileName + '.zip'))

quasar/app/lib/webpack/loader.auto-import-client.js

Line 78 in 4052daa

const file = this.fs.readFileSync(this.resource, 'utf-8').toString()

quasar/app/lib/webpack/loader.auto-import-server.js

Line 69 in 4052daa

const file = this.fs.readFileSync(this.resource, 'utf-8').toString()

quasar/app/lib/webpack/ssr/plugin.ssr-prod-artifacts.js

Line 18 in 4052daa

const htmlTemplate = getIndexHtml(fs.readFileSync(htmlFile, 'utf-8'), this.cfg)

quasar/app/templates/electron/main-process/electron-main.js

Line 5 in 4052daa

require('fs').unlinkSync(require('path').join(app.getPath('userData'), 'DevTools Extensions'))

quasar/cli/lib/node-packager.js

Line 17 in 4052daa

if (fs.existsSync(join(root, 'yarn.lock'))) {

quasar/cli/lib/node-packager.js

Line 21 in 4052daa

if (fs.existsSync(join(root, 'package-lock.json'))) {

quasar/docs/build/search.js

Line 28 in 4052daa

if (!fs.existsSync(dir)) {

quasar/docs/build/search.js

Line 29 in 4052daa

fs.mkdirSync(dir)

quasar/docs/build/search.js

Line 82 in 4052daa

return fs.readFileSync(page, {

quasar/docs/build/search.js

Line 298 in 4052daa

fs.writeFileSync(fileName, content, () => {})

quasar/docs/src/components/ApiRows.js

Line 136 in 4052daa

this.getDiv(h, 6, 'External link', prop.link)

quasar/ui/build/build.api.js

Line 19 in 4052daa

if (!fs.existsSync(mixinFile)) {

quasar/ui/build/build.api.js

Line 505 in 4052daa

const definition = fs.readFileSync(file.replace('.json', '.js'), {

quasar/ui/build/build.lang-index.js

Line 32 in 4052daa

const content = fs.readFileSync(file, 'utf-8')

quasar/ui/build/build.lang-index.js

Line 45 in 4052daa

oldLangJson = fs.readFileSync(langFile, 'utf-8')

quasar/ui/build/build.svg-icon-sets.js

Line 121 in 4052daa

const original = fs.readFileSync(resolve(`icon-set/${type.name}.js`), 'utf-8')

quasar/ui/build/build.svg-icon-sets.js

Line 154 in 4052daa

oldContent = fs.readFileSync(iconFile, 'utf-8')

quasar/ui/build/build.svg-icon-sets.js

Line 159 in 4052daa

? buildUtils.writeFile(iconFile, content, 'utf-8')

quasar/ui/build/build.types.js

Line 184 in 4052daa

fs.readdirSync(dir)

quasar/ui/build/build.types.js

Line 188 in 4052daa

const stats = fs.lstatSync(fullPath)

quasar/ui/build/build.types.js

Line 192 in 4052daa

fs.readFileSync(fullPath)

quasar/ui/build/build.types.js

Line 197 in 4052daa

if (!fs.existsSync(p)) {

quasar/ui/build/build.types.js

Line 198 in 4052daa

fs.mkdirSync(p)

quasar/ui/build/build.utils.js

Line 49 in 4052daa

if (!fs.existsSync(dir)) {

quasar/ui/build/build.utils.js

Line 50 in 4052daa

fs.mkdirSync(dir)

quasar/ui/build/build.utils.js

Line 113 in 4052daa

fs.writeFile(dest, code, err => {

quasar/ui/build/build.utils.js

Line 130 in 4052daa

return fs.readFileSync(file, 'utf-8')

quasar/ui/build/build.web-types.js

Line 156 in 4052daa

if (!fs.existsSync(webTypesPath)) {

quasar/ui/build/build.web-types.js

Line 157 in 4052daa

fs.mkdirSync(webTypesPath)

quasar/ui/build/script.build.css.js

Line 31 in 4052daa

.then(code => buildUtils.writeFile(dest, code))

quasar/ui/build/script.build.css.js

Line 52 in 4052daa

const deps = stylus(buildUtils.readFile(src))

quasar/ui/build/script.build.css.js

Line 75 in 4052daa

if (styl) { return buildUtils.writeFile(`dist/quasar${name}.styl`, code) }

quasar/ui/build/script.build.css.js

Line 93 in 4052daa

return buildUtils.writeFile(`dist/quasar${name}${ext}.css`, code, true)

quasar/ui/build/script.build.css.js

Line 95 in 4052daa

.then(code => buildUtils.writeFile(`dist/quasar${name}${ext}.min.css`, code.css, true))

quasar/ui/build/script.build.css.js

Line 105 in 4052daa

code += buildUtils.readFile(file) + '\n'

quasar/ui/build/script.build.javascript.js

Line 126 in 4052daa

const files = fs.readdirSync(resolve(type))

quasar/ui/build/script.build.javascript.js

Line 206 in 4052daa

? buildUtils.writeFile(config.rollup.output.file, code)

quasar/ui/build/script.build.javascript.js

Line 224 in 4052daa

return buildUtils.writeFile(

quasar/ui/build/script.test-umd.js

Line 11 in 4052daa

if (!fs.existsSync(src)) {

quasar/ui/build/script.test-umd.js

Line 17 in 4052daa

fs.symlinkSync(src, dest, 'dir')

quasar/ui/dev/upload-server/server.js

Line 13 in 4052daa

if (!fs.existsSync(folder)) {

quasar/ui/dev/upload-server/server.js

Line 14 in 4052daa

fs.mkdirSync(folder)

quasar/ui/src/components/uploader/uploader-xhr-mixin.js

Line 217 in 4052daa

xhr.open(

More info on how to fix Insecure File Management in Javascript.

Insecure Use of Dangerous Function (72)

quasar/app/lib/app-extension/Extension.js

Line 320 in 4052daa

return require(script)

quasar/app/lib/app-extension/InstallAPI.js

Line 164 in 4052daa

extPkg = require(source)

quasar/app/lib/app-extension/InstallAPI.js

Line 178 in 4052daa

const pkg = merge(require(filePath), extPkg)

quasar/app/lib/app-extension/InstallAPI.js

Line 214 in 4052daa

const data = merge(fs.existsSync(filePath) ? require(filePath) : {}, newData)

quasar/app/lib/app-extension/extension-json.js

Line 16 in 4052daa

this.extensions = require(extensionPath)

quasar/app/lib/artifacts.js

Line 15 in 4052daa

? require(filePath)

quasar/app/lib/capacitor/capacitor-config.js

Line 54 in 4052daa

this.pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/capacitor/capacitor-config.js

Line 62 in 4052daa

const capJson = require(capJsonPath)

quasar/app/lib/capacitor/capacitor-config.js

Line 130 in 4052daa

const capPkg = require(capPkgPath)

quasar/app/lib/cordova/cordova-config.js

Line 43 in 4052daa

this.pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/electron/bundler.js

Line 33 in 4052daa

const appPkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/helpers/get-api.js

Line 6 in 4052daa

const api = require(

quasar/app/lib/helpers/get-api.js

Line 60 in 4052daa

api: require(file),

quasar/app/lib/helpers/get-devland-file.js

Line 5 in 4052daa

return require(

quasar/app/lib/helpers/get-package-json.js

Line 9 in 4052daa

return require(

quasar/app/lib/helpers/get-package-major-version.js

Line 14 in 4052daa

const pkg = require(

quasar/app/lib/helpers/get-package.js

Line 5 in 4052daa

return require(

quasar/app/lib/helpers/open-ide.js

Line 4 in 4052daa

const { execSync } = require('child_process')

quasar/app/lib/mode/index.js

Line 8 in 4052daa

const QuasarMode = require(`./mode-${mode}`)

quasar/app/lib/mode/mode-capacitor.js

Line 22 in 4052daa

const pkg = require(pkgPath)

quasar/app/lib/mode/mode-cordova.js

Line 19 in 4052daa

const pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/quasar-conf-file.js

Line 96 in 4052daa

this.pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/quasar-conf-file.js

Line 163 in 4052daa

quasarConfigFunction = require(this.filename)

quasar/app/lib/ssr/ssr-extension.js

Line 41 in 4052daa

return require(ssrExtensionFile)

quasar/app/lib/webpack/bex/renderer.js

Line 57 in 4052daa

name: require(appPaths.resolve.app('package.json')).name

quasar/app/lib/webpack/electron/main.js

Line 11 in 4052daa

const { dependencies:appDeps = {} } = require(appPaths.resolve.app('package.json'))

quasar/app/lib/webpack/electron/main.js

Line 12 in 4052daa

const { dependencies:cliDeps = {} } = require(appPaths.resolve.cli('package.json'))

quasar/app/lib/webpack/electron/plugin.electron-package-json.js

Line 11 in 4052daa

const pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/webpack/inject.style-rules.js

Line 7 in 4052daa

const postCssConfig = require(appPaths.resolve.app('.postcssrc.js'))

quasar/app/lib/webpack/pwa/index.js

Line 16 in 4052daa

const pkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/webpack/ssr/plugin.ssr-prod-artifacts.js

Line 28 in 4052daa

const appPkg = require(appPaths.resolve.app('package.json'))

quasar/app/lib/webpack/ssr/plugin.ssr-prod-artifacts.js

Line 29 in 4052daa

const cliPkg = require(appPaths.resolve.cli('package.json'))

quasar/app/lib/webpack/ssr/webserver.js

Line 10 in 4052daa

const { dependencies:appDeps = {} } = require(appPaths.resolve.app('package.json'))

quasar/app/lib/webpack/ssr/webserver.js

Line 11 in 4052daa

const { dependencies:cliDeps = {} } = require(appPaths.resolve.cli('package.json'))

quasar/cli/lib/get-package-json.js

Line 4 in 4052daa

return require(

quasar/cli/lib/git-user.js

Line 3 in 4052daa

const exec = require('child_process').execSync

quasar/cli/lib/options.js

Line 47 in 4052daa

const req = require(path.resolve(js))

quasar/extras/build/index.js

Line 2 in 4052daa

const run = parallel ? require('child_process').fork : require

quasar/extras/build/utils/index.js

Line 209 in 4052daa

: 'v' + require(resolve(__dirname, `../../node_modules/${versionOrPackageName}/package.json`)).version

quasar/icongenie/lib/mount/mount-cordova.js

Line 130 in 4052daa

const pkg = require(pkgPath)

quasar/icongenie/lib/utils/get-profile-content.js

Line 10 in 4052daa

return require(file)

quasar/ui/build/build.api.js

Line 11 in 4052daa

extendApi = require(resolvePath('src/api.extends.json')),

quasar/ui/build/build.api.js

Line 24 in 4052daa

const content = require(mixinFile)

quasar/ui/build/build.api.js

Line 364 in 4052daa

let api = require(file)

quasar/ui/src/mixins/mask.js

Line 199 in 4052daa

const m = extractMatcher[i].exec(str)

quasar/ui/src/plugins/Platform.js

Line 15 in 4052daa

const match = /(edge|edga|edgios)\/([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 16 in 4052daa

/(opr)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 17 in 4052daa

/(vivaldi)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 18 in 4052daa

/(chrome|crios)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 19 in 4052daa

/(iemobile)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 20 in 4052daa

/(version)(applewebkit)[\/]([\w.]+).*(safari)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 21 in 4052daa

/(webkit)[\/]([\w.]+).*(version)[\/]([\w.]+).*(safari)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 22 in 4052daa

/(firefox|fxios)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 23 in 4052daa

/(webkit)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 24 in 4052daa

/(opera)(?:.*version|)[\/]([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 25 in 4052daa

/(msie) ([\w.]+)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 26 in 4052daa

(userAgent.indexOf('trident') >= 0 && /(rv)(?::| )([\w.]+)/.exec(userAgent)) ||

quasar/ui/src/plugins/Platform.js

Line 27 in 4052daa

(userAgent.indexOf('compatible') < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(userAgent)) ||

quasar/ui/src/plugins/Platform.js

Line 39 in 4052daa

return /(ipad)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 40 in 4052daa

/(ipod)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 41 in 4052daa

/(windows phone)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 42 in 4052daa

/(iphone)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 43 in 4052daa

/(kindle)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 44 in 4052daa

/(silk)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 45 in 4052daa

/(android)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 46 in 4052daa

/(win)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 47 in 4052daa

/(mac)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 48 in 4052daa

/(linux)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 49 in 4052daa

/(cros)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 50 in 4052daa

/(playbook)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 51 in 4052daa

/(bb)/.exec(userAgent) ||

quasar/ui/src/plugins/Platform.js

Line 52 in 4052daa

/(blackberry)/.exec(userAgent) ||

More info on how to fix Insecure Use of Dangerous Function in Javascript.

Insecure Use of Regular Expressions (41)

quasar/app/lib/quasar-conf-file.js

Line 53 in 4052daa

const match = publicPath.match(/^(https?\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/)

quasar/app/lib/quasar-conf-file.js

Line 336 in 4052daa

? new RegExp(cfg.vendor.add.filter(v => v).join('|'))

quasar/app/lib/quasar-conf-file.js

Line 340 in 4052daa

? new RegExp(cfg.vendor.remove.filter(v => v).join('|'))

quasar/app/lib/quasar-conf-file.js

Line 699 in 4052daa

test: new RegExp('\\.(' + ext.join('|') + ')$'),

quasar/app/lib/webpack/create-chain.js

Line 25 in 4052daa

return new RegExp(deps.join('|'))

quasar/app/lib/webpack/create-chain.js

Line 178 in 4052daa

.test(/\.(png|jpe?g|gif|svg|webp|avif)(\?.*)?$/)

quasar/app/lib/webpack/create-chain.js

Line 188 in 4052daa

.test(/\.(woff2?|eot|ttf|otf)(\?.*)?$/)

quasar/app/lib/webpack/create-chain.js

Line 198 in 4052daa

.test(/\.(mp4|webm|ogg|mp3|wav|flac|aac)(\?.*)?$/)

quasar/app/lib/webpack/loader.auto-import-client.js

Line 9 in 4052daa

'?kebab': new RegExp(data.regex.kebabComponents || data.regex.components, 'g'),

quasar/app/lib/webpack/loader.auto-import-client.js

Line 10 in 4052daa

'?pascal': new RegExp(data.regex.pascalComponents || data.regex.components, 'g'),

quasar/app/lib/webpack/loader.auto-import-client.js

Line 11 in 4052daa

'?combined': new RegExp(data.regex.components, 'g')

quasar/app/lib/webpack/loader.auto-import-client.js

Line 15 in 4052daa

const funcCompRegex = new RegExp(

quasar/app/lib/webpack/loader.auto-import-client.js

Line 19 in 4052daa

const dirRegex = new RegExp(data.regex.directives, 'g')

quasar/app/lib/webpack/loader.auto-import-server.js

Line 8 in 4052daa

'?kebab': new RegExp(data.regex.kebabComponents || data.regex.components, 'g'),

quasar/app/lib/webpack/loader.auto-import-server.js

Line 9 in 4052daa

'?pascal': new RegExp(data.regex.pascalComponents || data.regex.components, 'g'),

quasar/app/lib/webpack/loader.auto-import-server.js

Line 10 in 4052daa

'?combined': new RegExp(data.regex.components, 'g')

quasar/app/lib/webpack/loader.auto-import-server.js

Line 14 in 4052daa

const funcCompRegex = new RegExp(

quasar/app/lib/webpack/loader.auto-import-server.js

Line 18 in 4052daa

const dirRegex = new RegExp(data.regex.directives, 'g')

quasar/icongenie/lib/modes/quasar-app-v1/capacitor.js

Line 1 in 4052daa

const iosIconRegex = /AppIcon-(\d+\.?\d?)x?(\d+\.?\d?)?@?(\d+)?x?-?\d?\.png/

quasar/icongenie/lib/modes/quasar-app-v1/cordova.js

Line 1 in 4052daa

const iosIconRegex = /icon-(\d+\.?\d?)@?(\d+)?x?\.png/

quasar/icongenie/lib/modes/quasar-app-v2/capacitor.js

Line 1 in 4052daa

const iosIconRegex = /AppIcon-(\d+\.?\d?)x?(\d+\.?\d?)?@?(\d+)?x?-?\d?\.png/

quasar/icongenie/lib/modes/quasar-app-v2/cordova.js

Line 1 in 4052daa

const iosIconRegex = /icon-(\d+\.?\d?)@?(\d+)?x?\.png/

quasar/icongenie/lib/utils/validate-profile-object.js

Line 61 in 4052daa

const colorPattern = Joi.string().pattern(new RegExp(`^${requireHash ? '#' : ''}[0-9A-Fa-f]{3}([0-9A-Fa-f]{3})?$`))

quasar/ui/build/build.api.js

Line 314 in 4052daa

const SEMANTIC_REGEX = /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/

quasar/ui/src/components/select/QSelect.js

Line 757 in 4052daa

const searchRe = new RegExp('^' + this.searchBuffer.split('').map(l => reEscapeList.indexOf(l) > -1 ? '\\' + l : l).join('.*'), 'i')

quasar/ui/src/directives/TouchRepeat.js

Line 19 in 4052daa

keyRegex = new RegExp(`^([\\d+]+|${Object.keys(keyCodes).join('|')})$`, 'i')

quasar/ui/src/ie-compat/ie.js

Line 224 in 4052daa

new RegExp('(\\s|^)'.concat(className, '(\\s|$)'), 'g'),

quasar/ui/src/mixins/composition.js

Line 2 in 4052daa

const isChinese = /[\u4e00-\u9fff\u3400-\u4dbf\u{20000}-\u{2a6df}\u{2a700}-\u{2b73f}\u{2b740}-\u{2b81f}\u{2b820}-\u{2ceaf}\uf900-\ufaff\u3300-\u33ff\ufe30-\ufe4f\uf900-\ufaff\u{2f800}-\u{2fa1f}]/u

quasar/ui/src/mixins/mask.js

Line 28 in 4052daa

TOKENS[key].regex = new RegExp(TOKENS[key].pattern)

quasar/ui/src/mixins/mask.js

Line 32 in 4052daa

tokenRegexMask = new RegExp('\\\\([^.*+?^${}()|([\\]])|([.*+?^${}()|[\\]])|([' + KEYS.join('') + '])|(.)', 'g'),

quasar/ui/src/mixins/mask.js

Line 165 in 4052daa

unmaskMatcher = new RegExp(

quasar/ui/src/mixins/mask.js

Line 174 in 4052daa

return new RegExp('^' + fillCharEscaped + '*' + re)

quasar/ui/src/mixins/mask.js

Line 177 in 4052daa

return new RegExp(

quasar/ui/src/mixins/mask.js

Line 184 in 4052daa

return new RegExp('^' + re)

quasar/ui/src/utils/colors.js

Line 1 in 4052daa

const reRGBA = /^rgb(a)?\((\d{1,3}),(\d{1,3}),(\d{1,3}),?([01]?\.?\d*?)?\)$/

quasar/ui/src/utils/date.js

Line 148 in 4052daa

const res = { map, regex: new RegExp('^' + regexText) }

quasar/ui/src/utils/patterns.js

Line 4 in 4052daa

hex = /^#[0-9a-fA-F]{3}([0-9a-fA-F]{3})?$/,

quasar/ui/src/utils/patterns.js

Line 5 in 4052daa

hexa = /^#[0-9a-fA-F]{4}([0-9a-fA-F]{4})?$/,

quasar/ui/src/utils/patterns.js

Line 7 in 4052daa

rgb = /^rgb\(((0|[1-9][\d]?|1[\d]{0,2}|2[\d]?|2[0-4][\d]|25[0-5]),){2}(0|[1-9][\d]?|1[\d]{0,2}|2[\d]?|2[0-4][\d]|25[0-5])\)$/,

quasar/ui/src/utils/patterns.js

Line 8 in 4052daa

rgba = /^rgba\(((0|[1-9][\d]?|1[\d]{0,2}|2[\d]?|2[0-4][\d]|25[0-5]),){2}(0|[1-9][\d]?|1[\d]{0,2}|2[\d]?|2[0-4][\d]|25[0-5]),(0|0\.[0-9]+[1-9]|0\.[1-9]+|1)\)$/

quasar/ui/src/utils/web-storage.js

Line 46 in 4052daa

return new RegExp(source)

More info on how to fix Insecure Use of Regular Expressions in Javascript.

Information Disclosure (6)

quasar/app/lib/ssr/template.prod-webserver.js

Line 16 in 4052daa

const settings = <%= opts %>

quasar/app/templates/entry/app.js

Line 13 in 4052daa

<% if (__vueDevtools !== false) { %>

quasar/app/templates/entry/client-entry.js

Line 12 in 4052daa

<% if (__supportsIE) { %>

quasar/app/templates/entry/client-prefetch.js

Line 12 in 4052daa

<% if (__loadingBar) { %>

quasar/app/templates/entry/import-quasar.js

Line 12 in 4052daa

<%

quasar/app/templates/entry/server-entry.js

Line 12 in 4052daa

<% extras.length > 0 && extras.filter(asset => asset).forEach(asset => { %>

More info on how to fix Information Disclosure in Javascript.

Insecure Use of Crypto (2)

quasar/ui/src/mixins/mask.js

Line 141 in 4052daa

if (token !== void 0) {

quasar/ui/src/plugins/Notify.js

Line 333 in 4052daa

if (Api !== void 0) {

More info on how to fix Insecure Use of Crypto in Javascript.

Insecure Configuration (1)

quasar/cli/lib/generate.js

Line 44 in 4052daa

noEscape: true

More info on how to fix Insecure Configuration in Javascript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot