Ogp #1439

tubone24 · 2024-03-12T16:37:06Z

PR title

Status

READY/IN DEVELOPMENT/HOLD

Description

A few sentences describing the overall goals of the pull request's commits.

Related PRs

List related PRs against other branches:

branch	PR
other_pr_master	link
other_pr_develop	link

Todos

Tests
e2e Tests
Storybook
Documentation

Steps to Test or Reproduce

Outline the steps to test or reproduce the PR here.

git pull --prune
git checkout <feature_branch>
yarn test

Preview Deploy

Describe the URL of the Preview Deploy.

link

Impacted Areas in Application

List general components of the application that this PR will affect:

aaa
bbb

Screenshot

Replace FIXME_BRANCH_NAME, FIXME_PR_NUMBER in the URL below with this branch name and PR number.

Desktop

Width 1200px

Mobile

Width 400px

github-actions · 2024-03-12T16:37:36Z

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies

- @popperjs/core
- @sentry/node
- @sentry/profiling-node
- @sentry/react
- @typescript-eslint/eslint-plugin
- babel-loader
- babel-polyfill
- classnames
- flexboxgrid
- gatsby-legacy-polyfills
- gatsby-plugin-flexsearch
- gatsby-plugin-twitter
- gatsby-react-router-scroll
- html-minifier
- intersection-observer
- md5
- opentype.js
- preact
- preact-render-to-string
- react-body-classname
- react-dom
- rimraf
- sass
- typescript

Unused devdependencies

- @babel/core
- @babel/eslint-parser
- @babel/preset-typescript
- @storybook/addon-a11y
- @storybook/addon-controls
- @storybook/addon-essentials
- @storybook/addon-info
- @storybook/addon-interactions
- @storybook/addon-knobs
- @storybook/addon-links
- @storybook/addon-storysource
- @storybook/addon-viewport
- @storybook/builder-webpack5
- @storybook/manager-webpack5
- @textlint-rule/textlint-rule-no-duplicate-abbr
- @types/jest
- @types/react-test-renderer
- @types/responselike
- axe-core
- babel-plugin-transform-runtime
- core-js
- cross-env
- css-loader
- eslint
- eslint-config-airbnb
- eslint-import-resolver-webpack
- eslint-plugin-import
- eslint-plugin-jsx-a11y
- eslint-plugin-react
- gh-pages
- husky
- identity-obj-proxy
- jest
- jest-environment-jsdom
- markdownlint-cli2
- memlab
- netlify-cli
- netlify-lambda
- nyc
- prettier
- react-test-renderer
- sass-loader
- start-server-and-test
- stylelint
- stylelint-config-recess-order
- stylelint-config-recommended-scss
- stylelint-config-standard
- stylelint-scss
- textlint
- textlint-filter-rule-allowlist
- textlint-filter-rule-comments
- textlint-rule-aws-spellcheck
- textlint-rule-ja-no-inappropriate-words
- textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet
- textlint-rule-no-start-duplicated-conjunction
- textlint-rule-preset-smarthr
- textlint-rule-prh
- textlint-rule-terminology
- ts-jest
- yaml-lint

Missing

- colors
  - /github/workspace/src/styles/_hover.scss

- @algolia/transporter
  - /github/workspace/src/components/SearchBox/index.tsx

- @algolia/client-search
  - /github/workspace/src/components/SearchBox/index.tsx

- qs
  - /github/workspace/scripts/benchmark.js

- https
  - /github/workspace/scripts/uploadScreenShot.ts

github-actions · 2024-03-12T16:44:26Z

Memlab leaks report

page-load [7.3MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1520--
--Retained size of leaked objects: 169.5KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB]
  --setTimeout (property)--->  [<closure>] (closure) @48435 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @113509 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @86089 [36KB]
  --n (variable)--->  [t] (closure) @112519 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @239959 [48.9KB]
  --n (variable)--->  [Object] (object) @246939 [48.8KB]
  --449 (element)--->  [Object] (object) @247379 [24 bytes]
  --exports (property)--->  [r] (closure) @138363 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @282995 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @155225 [1.5KB]
  --e (variable)--->  [Object] (object) @155227 [1KB]
  --2 (element)--->  [Object] (object) @337097 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @337101 [348 bytes]
  --$node (property)--->  [q] (object) @341011 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @333781 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334355 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334203 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @334383 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @333851 [2.5KB]
  --12 (element)--->  [Detached InternalNode] (native) @29032 [488 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @29022 [432 bytes]
  --4 (element)--->  [Detached ElementIntersectionObserverData] (native) @29018 [72 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 50.1KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6267 [62.3KB]
  --___replace (property)--->  [<closure>] (closure) @48771 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @108805 [748 bytes]
  --a (variable)--->  [Module] (object) @138317 [6.3KB]
  --get version (property)--->  [version] (closure) @212763 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @120915 [6.5KB]
  --Qn (variable)--->  [y] (object) @406161 [368 bytes]
  --props (property)--->  [Object] (object) @407761 [28 bytes]
  --children (property)--->  [Object] (object) @438091 [296 bytes]
  --props (property)--->  [Object] (object) @437515 [56 bytes]
  --children (property)--->  [Object] (object) @437519 [1.2KB]
  --__ (property)--->  [Object] (object) @464421 [1.1KB]
  --__ (property)--->  [Object] (object) @464425 [940 bytes]
  --__ (property)--->  [Object] (object) @414013 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @334243 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334241 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334239 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334237 [8KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334235 [7.2KB]
  --5 (element)--->  [Detached HTMLHeadingElement] (native) @334231 [664 bytes]
  --9 (element)--->  [Detached InternalNode] (native) @29906 [240 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @29908 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @32346 [56 bytes]

github-actions · 2024-03-12T16:44:44Z

Snyk vulnerability report

OSS packages

Tested 1738 dependencies for known issues, found 15 issues, 49 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > glob@7.2.3 > inflight@1.0.6 and 15 other path(s)

Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7
introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s)

Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-plugin-feed@4.23.1 to gatsby-plugin-feed@5.0.0 to fix
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7
introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s)

Upgrade gatsby-plugin-manifest@4.23.1 to gatsby-plugin-manifest@5.10.0 to fix
✗ Heap-based Buffer Overflow [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-SHARP-5922108] in sharp@0.30.7
introduced by gatsby-plugin-manifest@4.23.1 > sharp@0.30.7 and 3 other path(s)

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1
introduced by gatsby-transformer-remark@5.25.1
✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62
introduced by gatsby@4.25.7 > memoizee@0.4.15 > es5-ext@0.10.62 and 8 other path(s)
This issue was fixed in versions: 0.10.63
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0
introduced by @sentry/profiling-node@0.3.0 > node-gyp@9.3.1 > make-fetch-happen@10.2.1 > socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0
This issue was fixed in versions: 1.1.9, 2.0.1
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@6.0.0
introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1 and 1 other path(s)
This issue was fixed in versions: 6.0.2

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Tip: Detected multiple supported manifests (1), use --all-projects to scan all of them at once.

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

Snyk testing Infrastructure as Code configuration issues.
✔ Test completed.

Issues
No vulnerable paths were found!

Test Summary

Organization: tubone24
Project name: tubone24/blog

✔ Files without issues: 3
✗ Files with issues: 0
Ignored issues: 0
Total issues: 0 [ 0 critical, 0 high, 0 medium, 0 low ]

Tip

New: Share your test results in the Snyk Web UI with the option --report

Container

Testing test-blog...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in util-linux/libuuid1
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6

✗ Low severity vulnerability found in tar
Description: CVE-2023-39804
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423
Introduced through: tar@1.30+dfsg-6
From: tar@1.30+dfsg-6
Fixed in: 1.30+dfsg-6+deb10u1

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Validation of Integrity Check Value
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-7008
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-50868
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in shadow/passwd
Description: Improper Authentication
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in perl/perl-base
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188
Introduced through: perl/perl-base@5.28.1-6+deb10u1
From: perl/perl-base@5.28.1-6+deb10u1

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: pcre3/libpcre3@2:8.39-12
From: pcre3/libpcre3@2:8.39-12

✗ Low severity vulnerability found in pam/libpam0g
Description: CVE-2024-22365
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916
Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5
From: pam/libpam0g@1.3.1-5
From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5
From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5
and 11 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-50495
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in ncurses/libtinfo6
Description: CVE-2023-45918
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...

✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3
From: lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1

✗ Low severity vulnerability found in libtasn1-6
Description: CVE-2018-1000654
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1

✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: CVE-2019-9893
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4

✗ Low severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988
Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3
From: libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1

✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u2
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2019-1010023
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in gcc-8/libstdc++6
Description: CVE-2023-4039
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Low severity vulnerability found in e2fsprogs/libcom-err2
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482
Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3
From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3
and 5 more...

✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3

✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4

✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7deb10u10

✗ Medium severity vulnerability found in systemd/libsystemd0
Description: CVE-2022-4415
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ Medium severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u4

✗ Medium severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u11

✗ High severity vulnerability found in systemd/libsystemd0
Description: CVE-2023-26604
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7deb10u8
and 4 more...
Fixed in: 241-7deb10u9

✗ High severity vulnerability found in systemd/libsystemd0
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513
Introduced through: systemd/libsystemd0@241-7~~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~~deb10u8
From: systemd/libsystemd0@241-7deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7deb10u8
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8
and 4 more...

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196
Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3
From: ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3
and 7 more...
Fixed in: 6.1+20181013-2+deb10u5

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u10

✗ High severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u9
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9
Fixed in: 3.6.7-4+deb10u12

✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2
From: glibc/libc-bin@2.28-10+deb10u2
From: glibc/libc6@2.28-10+deb10u2

✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...

✗ Critical severity vulnerability found in zlib/zlib1g
Description: Integer Overflow or Wraparound
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964
Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2
From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2

✗ Critical severity vulnerability found in libtasn1-6
Description: Off-by-one Error
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3
Fixed in: 4.13-3+deb10u1

✗ Critical severity vulnerability found in db5.3/libdb5.3
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169
Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118
From: db5.3/libdb5.3@5.3.28+dfsg1-0.5
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5

------------ Detected 34 vulnerabilities for node@18.12.1 ------------

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Improper Certificate Validation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Information Exposure
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969357
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Low severity vulnerability found in node
Description: Permissive Cross-domain Policy with Untrusted Domains
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ Medium severity vulnerability found in node
Description: Timing Attack
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: HTTP Request Smuggling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Inconsistency Between Implementation and Documented Design
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Over-read
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Insecure Randomness
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Buffer Underwrite (Buffer Underflow)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Privilege Escalation
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ Medium severity vulnerability found in node
Description: Improper Access Control
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Access Restriction Bypass
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ Medium severity vulnerability found in node
Description: Improper Verification of Cryptographic Signature
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.18.2

✗ Medium severity vulnerability found in node
Description: Observable Timing Discrepancy
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Insecure Permissions
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Access of Resource Using Incompatible Type ('Type Confusion')
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.14.1

✗ High severity vulnerability found in node
Description: Prototype Pollution
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Denial of Service (DoS)
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.16.1

✗ High severity vulnerability found in node
Description: Arbitrary Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.17.1

✗ High severity vulnerability found in node
Description: Allocation of Resources Without Limits or Throttling
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

✗ High severity vulnerability found in node
Description: Code Injection
Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332
Introduced through: node@18.12.1
From: node@18.12.1
Fixed in: 18.19.1, 20.11.1, 21.6.2

Organization: tubone24
Package manager: deb
Project name: docker-image|test-blog
Docker image: test-blog
Platform: linux/amd64
Base image: node:18.12.1-buster-slim
Licenses: enabled

Tested 85 dependencies for known issues, found 117 issues.

Base Image Vulnerabilities Severity
node:18.12.1-buster-slim 117 3 critical, 17 high, 23 medium, 74 low

Recommendations for base image upgrade:

Minor upgrades
Base Image Vulnerabilities Severity
node:18.19.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low

Major upgrades
Base Image Vulnerabilities Severity
node:20.11.1-buster-slim 75 2 critical, 4 high, 1 medium, 68 low

Alternative image types
Base Image Vulnerabilities Severity
node:21.6.2-bookworm-slim 35 1 critical, 1 high, 0 medium, 33 low
node:21.7.1-bullseye-slim 66 1 critical, 1 high, 0 medium, 64 low
node:20.11.0-slim 43 1 critical, 5 high, 3 medium, 34 low
node:lts-bookworm 179 1 critical, 6 high, 7 medium, 165 low

Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection

github-actions · 2024-03-12T16:45:02Z

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f0864ff79971114a2e73c4
Website Draft URL: https://65f0864ff79971114a2e73c4--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions · 2024-03-12T16:45:18Z

Bundle Analyzer URL

https://65f0864ff79971114a2e73c4--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions · 2024-03-12T16:45:27Z

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/65f086a090c57b123879633a
Website Draft URL: https://65f086a090c57b123879633a--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions · 2024-03-15T17:28:04Z

Bundle Analyzer URL

https://65f484effed07700a3163be2--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions · 2024-03-15T17:28:20Z

Memlab leaks report

page-load [7.4MB] (baseline) [s1] > action-on-page [8.3MB] (target) [s2] > revert [9.3MB] (final) [s3]  
------2 clusters------

--Similar leaks in this run: 1634--
--Retained size of leaked objects: 176.4KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.1KB]
  --setTimeout (property)--->  [<closure>] (closure) @48509 [72 bytes]
  --context (internal)--->  [<function scope>] (object) @264685 [20 bytes]
  --previous (internal)--->  [<function scope>] (object) @87657 [36KB]
  --n (variable)--->  [t] (closure) @174075 [1.3KB]
  --context (internal)--->  [<function scope>] (object) @183675 [43.5KB]
  --n (variable)--->  [Object] (object) @186941 [43.4KB]
  --449 (element)--->  [Object] (object) @187383 [24 bytes]
  --exports (property)--->  [r] (closure) @224681 [2.7KB]
  --hasData (property)--->  [<closure>] (closure) @158683 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @158677 [1.5KB]
  --e (variable)--->  [Object] (object) @225197 [1KB]
  --2 (element)--->  [Object] (object) @361041 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @369525 [348 bytes]
  --$node (property)--->  [q] (object) @369831 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @333935 [676 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334593 [5.7KB]
  --7 (element)--->  [Detached HTMLDivElement] (native) @334225 [444 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @334621 [444 bytes]
  --6 (element)--->  [Detached HTMLAnchorElement] (native) @334009 [2.5KB]
  --15 (element)--->  [Detached InternalNode] (native) @36906 [336 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @37224 [112 bytes]
  --1 (element)--->  [Detached InternalNode] (native) @39258 [112 bytes]
  --1 (element)--->  [Detached EventListener] (native) @38622 [112 bytes]

--Similar leaks in this run: 479--
--Retained size of leaked objects: 50.1KB--
[<synthetic>] (synthetic) @1 [10.5MB]
  --2 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @6269 [62.1KB]
  --___replace (property)--->  [<closure>] (closure) @48845 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @182045 [748 bytes]
  --a (variable)--->  [Module] (object) @174077 [6.3KB]
  --get version (property)--->  [version] (closure) @232591 [80 bytes]
  --context (internal)--->  [<function scope>] (object) @122225 [6.5KB]
  --Qn (variable)--->  [y] (object) @413879 [368 bytes]
  --props (property)--->  [Object] (object) @434159 [28 bytes]
  --children (property)--->  [Object] (object) @445947 [296 bytes]
  --props (property)--->  [Object] (object) @446743 [56 bytes]
  --children (property)--->  [Object] (object) @434109 [1.2KB]
  --__ (property)--->  [Object] (object) @461169 [1.1KB]
  --__ (property)--->  [Object] (object) @461173 [940 bytes]
  --__ (property)--->  [Object] (object) @421053 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @334265 [468 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334263 [384 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @334261 [384 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @333975 [15KB]
  --8 (element)--->  [Detached HTMLElement] (native) @333993 [25.4KB]
  --5 (element)--->  [Detached HTMLDivElement] (native) @333991 [22.1KB]
  --6 (element)--->  [Detached Text] (native) @333425 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @333421 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @333417 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333385 [2.5KB]
  --8 (element)--->  [Detached Text] (native) @333381 [220 bytes]
  --6 (element)--->  [Detached HTMLHeadingElement] (native) @333373 [664 bytes]
  --8 (element)--->  [Detached Text] (native) @333369 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333361 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @333357 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333349 [576 bytes]
  --8 (element)--->  [Detached Text] (native) @333345 [220 bytes]
  --6 (element)--->  [Detached HTMLImageElement] (native) @333341 [764 bytes]
  --7 (element)--->  [Detached Text] (native) @333337 [220 bytes]
  --6 (element)--->  [Detached HTMLParagraphElement] (native) @333329 [576 bytes]
  --10 (element)--->  [Detached InternalNode] (native) @31828 [152 bytes]
  --2 (element)--->  [Detached InternalNode] (native) @31806 [56 bytes]
  --1 (element)--->  [Detached NodeList] (native) @31808 [56 bytes]

github-actions · 2024-03-15T17:28:46Z

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...

Netlify Build
────────────────────────────────────────────────────────────────

❯ Version
@netlify/build 29.36.1

❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f48546846e7c0305a424d7
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false

❯ Current directory
/home/runner/work/blog/blog

❯ Config file
/home/runner/work/blog/blog/netlify.toml

❯ Context
dev

Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f48546846e7c0305a424d7
Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f48546846e7c0305a424d7
Website draft URL: https://65f48546846e7c0305a424d7--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

github-actions · 2024-03-15T17:29:35Z

Lighthouse Score

Desktop

performance: 91
accessibility: 100
best-practices: 100
seo: 92
pwa: 100

Mobile

performance: 81
accessibility: 100
best-practices: 96
seo: 93
pwa: 100

github-actions · 2024-03-15T17:31:35Z

Snyk vulnerability report

OSS packages

Tested 1785 dependencies for known issues, found 13 issues, 31 vulnerable paths.

Issues to fix by upgrading:

Upgrade @sentry/profiling-node@0.3.0 to @sentry/profiling-node@1.3.0 to fix
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by gatsby-plugin-offline@5.23.1 > glob@7.2.3 > inflight@1.0.6 and 8 other path(s)

Upgrade gatsby@4.25.7 to gatsby@5.0.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903] in gatsby-cli@4.25.0
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-legacy-polyfills@2.23.0 to gatsby-legacy-polyfills@3.10.0 to fix
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.0.0
introduced by gatsby-legacy-polyfills@2.23.0 > core-js-compat@3.9.0 > semver@7.0.0 and 1 other path(s)

Upgrade gatsby-transformer-remark@5.25.1 to gatsby-transformer-remark@6.10.0 to fix
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-5671901] in gatsby-transformer-remark@5.25.1
introduced by gatsby-transformer-remark@5.25.1
✗ Information Exposure (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334] in sanitize-html@2.10.0
introduced by gatsby-transformer-remark@5.25.1 > sanitize-html@2.10.0

Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by gatsby@4.25.7 > gatsby-cli@4.25.0 > pretty-error@2.1.2 > renderkid@2.0.7 > strip-ansi@3.0.1 > ansi-regex@2.1.1
This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
✗ Cross-site Request Forgery (CSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.0
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6124857] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.3
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788] in axios@0.27.2
introduced by @raae/gatsby-remark-oembed@0.3.3 > axios@0.27.2 and 2 other path(s)
This issue was fixed in versions: 1.6.4
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610] in follow-redirects@1.15.5
introduced by axios@1.6.5 > follow-redirects@1.15.5 and 3 other path(s)
This issue was fixed in versions: 1.15.6
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181] in html-minifier@4.0.0
introduced by html-minifier@4.0.0
No upgrade or patch available
✗ Command Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054] in lodash.template@4.5.0
introduced by gatsby-plugin-offline@5.23.1 > workbox-build@4.3.1 > lodash.template@4.5.0
No upgrade or patch available
✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607] in serialize-javascript@5.0.1
introduced by gatsby@4.25.7 > css-minimizer-webpack-plugin@2.0.0 > serialize-javascript@5.0.1
This issue was fixed in versions: 6.0.2

Organization: tubone24
Package manager: yarn
Target file: yarn.lock
Project name: blog
Open source: no
Project path: .
Licenses: enabled

Application

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 23
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 25
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✗ [Medium] Path Traversal
Path: scripts/benchmark.js, line 41
Info: Unsanitized input from a command line argument flows into fs.writeFileSync, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files.

✔ Test completed

Organization: tubone24
Test type: Static code analysis
Project path: .

Summary:

3 Code issues found
3 [Medium]

IaC

Snyk Infrastructure as Code

Snyk testing Infrastructure as Code configuration issues.
✔ Test completed.