From 0dd48c9916cda0a8ffd47bb309735dc33cf35d93 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Wed, 27 Dec 2023 20:00:28 +0000 Subject: [PATCH 1/6] Create techstack.yml --- techstack.yml | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..02765d7 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,102 @@ +repo_name: tarrasqueapp/example-plugin +report_id: 9d91928b48a5409d6692d62a56cdca5b +version: 0.1 +repo_type: Public +timestamp: '2023-12-27T20:00:25+00:00' +requested_by: richardsolomou +provider: github +branch: main +detected_tools_count: 8 +tools: +- name: CSS 3 + description: The latest evolution of the Cascading Style Sheets language + website_url: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS3 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/6727/css.png + detection_source: Repo Metadata +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source: Repo Metadata +- name: TypeScript + description: A superset of JavaScript that compiles to clean JavaScript output + website_url: http://www.typescriptlang.org + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1612/bynNY5dJ.jpg + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source: ".github/workflows/deploy.yaml" + last_updated_by: Richard Solomou + last_updated_on: 2023-12-02 07:59:09.000000000 Z +- name: Vite + description: Native-ESM powered web dev build tool + website_url: https://vitejs.dev/ + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: JS Build Tools / JS Task Runners + image_url: https://img.stackshare.io/service/21547/default_1aeac791cde11ff66cc0b20dcc6144eeb185c905.png + detection_source: package.json + last_updated_by: Richard Solomou + last_updated_on: 2023-12-02 07:59:09.000000000 Z +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source: package.json + last_updated_by: Richard Solomou + last_updated_on: 2023-12-02 07:59:09.000000000 Z +- name: vite + description: Native-ESM powered web dev build tool + package_url: https://www.npmjs.com/vite + version: 5.0.4 + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/package/npm/image.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin/blob/main/package.json + detection_source: package.json + last_updated_by: Richard Solomou + last_updated_on: 2023-12-02 07:59:09.000000000 Z + vulnerabilities: + - name: Vite XSS vulnerability in `server.transformIndexHtml` via URL payload + cve_id: CVE-2023-49293 + cve_url: https://github.com/advisories/GHSA-92r3-m2mg-pj97 + detected_date: Dec 6 + severity: moderate + first_patched: 5.0.5 From ca1313cc72c039f9c89cd4bbfaaa214bf2325933 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Wed, 27 Dec 2023 20:00:29 +0000 Subject: [PATCH 2/6] Create techstack.md --- techstack.md | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..4a674a1 --- /dev/null +++ b/techstack.md @@ -0,0 +1,115 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [tarrasqueapp/example-plugin](https://github.com/tarrasqueapp/example-plugin)![](https://img.stackshare.io/public_badge.svg "public") +

+|8
Tools used|12/27/23
Report generated| +|------|------| +
+ +## Languages (3) + + + + + + + + +
+ CSS 3 +
+ CSS 3 +
+ +		 + JavaScript +
+ JavaScript +
+ +		 + TypeScript +
+ TypeScript +
+ +
+ +## DevOps (4) + + + + + + + + + + +
+ Git +
+ Git +
+ +		 + GitHub Actions +
+ GitHub Actions +
+ +		 + Vite +
+ Vite +
+ +		 + npm +
+ npm +
+ +
+ + +## Open source packages (1) + +## npm (1) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[vite](https://www.npmjs.com/vite)|v5.0.4|12/02/23|Richard Solomou |N/A|[CVE-2023-49293](https://github.com/advisories/GHSA-92r3-m2mg-pj97) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) From 7cd434436095cb9577bb4d1f7d0d83c0c93f038e Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:33:53 +0000 Subject: [PATCH 3/6] Update techstack.yml --- techstack.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index 02765d7..0850ad7 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: tarrasqueapp/example-plugin report_id: 9d91928b48a5409d6692d62a56cdca5b version: 0.1 repo_type: Public -timestamp: '2023-12-27T20:00:25+00:00' +timestamp: '2024-01-05T08:39:24+00:00' requested_by: richardsolomou provider: github branch: main @@ -16,6 +16,7 @@ tools: category: Languages & Frameworks sub_category: Languages image_url: https://img.stackshare.io/service/6727/css.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin detection_source: Repo Metadata - name: JavaScript description: Lightweight, interpreted, object-oriented language with first-class @@ -26,6 +27,7 @@ tools: category: Languages & Frameworks sub_category: Languages image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/tarrasqueapp/example-plugin detection_source: Repo Metadata - name: TypeScript description: A superset of JavaScript that compiles to clean JavaScript output @@ -36,6 +38,7 @@ tools: category: Languages & Frameworks sub_category: Languages image_url: https://img.stackshare.io/service/1612/bynNY5dJ.jpg + detection_source_url: https://github.com/tarrasqueapp/example-plugin detection_source: Repo Metadata - name: Git description: Fast, scalable, distributed revision control system @@ -45,6 +48,7 @@ tools: category: Build, Test, Deploy sub_category: Version Control System image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin detection_source: Repo Metadata - name: GitHub Actions description: Automate your workflow from idea to production @@ -54,6 +58,7 @@ tools: category: Build, Test, Deploy sub_category: Continuous Integration image_url: https://img.stackshare.io/service/11563/actions.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin/blob/main/.github/workflows/deploy.yaml detection_source: ".github/workflows/deploy.yaml" last_updated_by: Richard Solomou last_updated_on: 2023-12-02 07:59:09.000000000 Z @@ -66,6 +71,7 @@ tools: category: Build, Test, Deploy sub_category: JS Build Tools / JS Task Runners image_url: https://img.stackshare.io/service/21547/default_1aeac791cde11ff66cc0b20dcc6144eeb185c905.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin/blob/main/package.json detection_source: package.json last_updated_by: Richard Solomou last_updated_on: 2023-12-02 07:59:09.000000000 Z @@ -77,6 +83,7 @@ tools: category: Build, Test, Deploy sub_category: Front End Package Manager image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source_url: https://github.com/tarrasqueapp/example-plugin/blob/main/package.json detection_source: package.json last_updated_by: Richard Solomou last_updated_on: 2023-12-02 07:59:09.000000000 Z From f2dddfc87bd595680f8555e7f44ef8e81a77660d Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 5 Jan 2024 09:33:54 +0000 Subject: [PATCH 4/6] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index 4a674a1..315ba11 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [tarrasqueapp/example-plugin](https://github.com/tarrasqueapp/example-plugin)![](https://img.stackshare.io/public_badge.svg "public")

-|8
Tools used|12/27/23
Report generated| +|8
Tools used|01/05/24
Report generated| |------|------|
From fedbd410fed996f63a746858c8b8183e1ff12468 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:23:50 +0000 Subject: [PATCH 5/6] Update techstack.yml --- techstack.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index 0850ad7..7858433 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: tarrasqueapp/example-plugin report_id: 9d91928b48a5409d6692d62a56cdca5b version: 0.1 repo_type: Public -timestamp: '2024-01-05T08:39:24+00:00' +timestamp: '2024-02-29T18:47:34+00:00' requested_by: richardsolomou provider: github branch: main @@ -101,6 +101,13 @@ tools: last_updated_by: Richard Solomou last_updated_on: 2023-12-02 07:59:09.000000000 Z vulnerabilities: + - name: Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive + filesystem + cve_id: CVE-2024-23331 + cve_url: https://github.com/advisories/GHSA-c24v-8rfc-w8vw + detected_date: Jan 20 + severity: high + first_patched: 5.0.12 - name: Vite XSS vulnerability in `server.transformIndexHtml` via URL payload cve_id: CVE-2023-49293 cve_url: https://github.com/advisories/GHSA-92r3-m2mg-pj97 From e472dd3464ce6b3d8f81ba80a2a1bc4579b0615a Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 29 Feb 2024 20:23:51 +0000 Subject: [PATCH 6/6] Update techstack.md --- techstack.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.md b/techstack.md index 315ba11..1cfb893 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [tarrasqueapp/example-plugin](https://github.com/tarrasqueapp/example-plugin)![](https://img.stackshare.io/public_badge.svg "public")

-|8
Tools used|01/05/24
Report generated| +|8
Tools used|02/29/24
Report generated| |------|------| @@ -107,7 +107,7 @@ Full tech stack [here](/techstack.md) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| -|[vite](https://www.npmjs.com/vite)|v5.0.4|12/02/23|Richard Solomou |N/A|[CVE-2023-49293](https://github.com/advisories/GHSA-92r3-m2mg-pj97) (Moderate)| +|[vite](https://www.npmjs.com/vite)|v5.0.4|12/02/23|Richard Solomou |N/A|[CVE-2024-23331](https://github.com/advisories/GHSA-c24v-8rfc-w8vw) (High)
[CVE-2023-49293](https://github.com/advisories/GHSA-92r3-m2mg-pj97) (Moderate)|