You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
File changed: public/bower_components/firebase/firebase-debug.jsReplace deprecated Buffer constructor with Buffer.alloc/Buffer.from Replaced usages of new Buffer with Buffer.alloc or Buffer.from where needed to avoid using the deprecated constructor.Fix vulnerability by hardcoding regular expression Hardcoded the regular expression to prevent possible ReDoS vulnerability by eliminating user-supplied input.Fix vulnerability by using a hardcoded regular expression Replaced the RegExp constructor with a hardcoded regular expression to prevent ReDoS vulnerability.Fix security vulnerability by hardcoding regular expression Hardcoded the regular expression in the RegExp constructor to prevent user-supplied regex and potential Regular Expression Denial of Service (ReDoS) attack.Fix vulnerability by removing call to eval function in DOMStorageWrapper Removed the call to 'fb.util.json.eval' function in the DOMStorageWrapper get method.Fix vulnerability by removing eval function call Replaced the eval function call with JSON.parse to fix the vulnerability.Fix vulnerability by removing the call to eval function Replaced the call to eval function with JSON.parse method to fix the vulnerability.Fix vulnerability by replacing dynamic RegExp constructor with hardcoded RegExp. Replaced dynamic RegExp constructor with hardcoded RegExp to prevent Regular Expression Denial of Service.
File changed: public/bower_components/file-input/gruntfile.jsFix dynamic import vulnerability by using hardcoded string literal Replaced dynamic import in the config function with a hardcoded string literal to prevent potential security vulnerabilities.
File changed public/bower_components/file-input/gruntfile.js:
The code change replaces dynamic import configurations for 'jshint' and 'karma' with hardcoded module imports using 'require'. This modification aims to enhance security by eliminating the use of dynamic imports and thereby mitigating the risk of vulnerabilities associated with dynamic module loading.
File changed public/bower_components/firebase/firebase-debug.js:
The commits include multiple security fixes such as replacing 'eval' function calls with 'JSON.parse' to prevent potential code execution vulnerabilities and substituting the deprecated 'Buffer' constructor with 'Buffer.alloc' or 'Buffer.from'. Additionally, regular expressions have been hardcoded to prevent Regular Expression Denial of Service (ReDoS) attacks. These changes aim to enhance security by avoiding deprecated methods and preventing user-supplied inputs from causing vulnerabilities.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
patched-codes
bot
force-pushed
the
patchwork-autofix-master
branch
19 times, most recently
from
Replace deprecated Buffer constructor with Buffer.alloc/Buffer.from
Replaced usages ofnew BufferwithBuffer.allocorBuffer.fromwhere needed to avoid using the deprecated constructor.Fix vulnerability by hardcoding regular expression
Hardcoded the regular expression to prevent possible ReDoS vulnerability by eliminating user-supplied input.Fix vulnerability by using a hardcoded regular expression
Replaced the RegExp constructor with a hardcoded regular expression to prevent ReDoS vulnerability.Fix security vulnerability by hardcoding regular expression
Hardcoded the regular expression in theRegExpconstructor to prevent user-supplied regex and potential Regular Expression Denial of Service (ReDoS) attack.Fix vulnerability by removing call to eval function in DOMStorageWrapper
Removed the call to 'fb.util.json.eval' function in the DOMStorageWrapper get method.Fix vulnerability by removing eval function call
Replaced the eval function call with JSON.parse to fix the vulnerability.Fix vulnerability by removing the call to eval function
Replaced the call to eval function with JSON.parse method to fix the vulnerability.Fix vulnerability by replacing dynamic RegExp constructor with hardcoded RegExp.
Replaced dynamic RegExp constructor with hardcoded RegExp to prevent Regular Expression Denial of Service.Fix dynamic import vulnerability by using hardcoded string literal
Replaced dynamic import in theconfigfunction with a hardcoded string literal to prevent potential security vulnerabilities.