-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency jszip to v3 [security] #322
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ive gpa message Signed-off-by: Suhas Hariharan <[email protected]>
Hypothetical Assignment will show a NaN if there is no value in the percentage input. This is a fix for that issue. If there is no value in the percentage field, it will be treated as a zero. Signed-off-by: Gary Kim <[email protected]>
Added function to calculate cumulative GPA(including unfinished semesters)
Tune Renovate config
Signed-Off-by: Gary Kim Bot <[email protected]>
Signed-Off-by: Gary Kim Bot <[email protected]>
chore(deps): update babel monorepo
Signed-Off-by: Gary Kim Bot <[email protected]>
Signed-Off-by: Gary Kim Bot <[email protected]>
Signed-Off-by: Gary Kim Bot <[email protected]>
This commit makes several improvements. It migrates the options page to Vue, changes the author field and copyrights to include The SAS PES Authors, deduplicates some code, and adds some missing information/fixes to the README. Signed-off-by: Gary Kim <[email protected]>
Mozilla's Webextension Polyfill throws an error when run in the unit test environment. This has been fixed by mocking the browser environment using browser-env and having a global `chrome` object. Signed-off-by: Gary Kim <[email protected]>
Migrate options to Vue and go more community driven
Signed-Off-by: Gary Kim Bot <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
…orage API Signed-off-by: Suhas Hariharan <[email protected]>
chore(deps): update dependency ava to ^3.5.1
chore(deps): update dependency webpack to ^4.42.0
…oJson method for class Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
chore(deps): update dependency vue-loader to ^15.9.1
chore(deps): update dependency eslint-plugin-vue to ^6.2.2
chore(deps): update dependency eslint-plugin-import to ^2.20.1
Signed-Off-by: Gary Kim Bot <[email protected]>
…-14.x chore(deps): update dependency eslint-config-standard to ^14.1.1
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-Off-by: Gary Kim Bot <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Added function to save grades to local storage and load grades from storage
Fix an issue in HypoAssignment
Signed-off-by: fillnye <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Fixed issues due to PowerSchool UI update and fixed category weighting bug
Signed-off-by: Suhas Hariharan <[email protected]>
fix: ignore queries for home page
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
Signed-off-by: Suhas Hariharan <[email protected]>
…ve-calculation Fix percentages not showing and cumulative GPA double including finished semester
Signed-off-by: Suhas Hariharan <[email protected]>
garykim-dev-renovate
bot
added
the
dependencies
Pull requests that update a dependency file
label
Sep 8, 2022
Signed-off-by: Gary Kim Bot <[email protected]>
garykim-dev-renovate
bot
changed the title
chore(deps): update dependency jszip to v2.7.0 [security]
chore(deps): update dependency jszip to v3 [security]
Feb 1, 2023
garykim-dev-renovate
bot
force-pushed
the
renovate/npm-jszip-vulnerability
branch
from
February 1, 2023 19:02
d510175
to
9e11d1a
Compare
garykim-dev-renovate
bot
changed the title
chore(deps): update dependency jszip to v3 [security]
chore(deps): update dependency jszip to v3 [security] - autoclosed
Sep 27, 2023
garykim-dev-renovate
bot
deleted the
renovate/npm-jszip-vulnerability
branch
September 27, 2023 02:01
garykim-dev-renovate
bot
changed the title
chore(deps): update dependency jszip to v3 [security] - autoclosed
chore(deps): update dependency jszip to v3 [security]
Sep 27, 2023
garykim-dev-renovate
bot
restored the
renovate/npm-jszip-vulnerability
branch
September 27, 2023 03:01
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^2.6.1
->^3.0.0
GitHub Vulnerability Alerts
CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g
__proto__
,toString
, etc) results in a returned object with a modified prototype instance.CVE-2022-48285
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
Release Notes
Stuk/jszip
v3.8.0
Compare Source
loadAsync
, to avoid "zip slip" attacks. The original filename is available on each zip entry asunsafeOriginalName
. See the documentation. Many thanks to McCaulay Hudson for reporting.v3.7.1
Compare Source
dist
files.dist
files. Thanks to Evan W for reporting.v3.7.0
Compare Source
.files
property of a zip object, for examplezip.files.toString()
. This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.v3.6.0
Compare Source
v3.5.0
Compare Source
v3.4.0
Compare Source
v3.3.0
Compare Source
v3.2.2
Compare Source
v3.2.1
Compare Source
v3.2.0
Compare Source
v3.1.5
Compare Source
v3.1.4
Compare Source
generate*
with a lot of files (see #449).v3.1.3
Compare Source
v3.1.2
Compare Source
process.platform
ingenerate*
methods (see #335).v3.1.1
Compare Source
v3.1.0
Compare Source
v3.0.0
Compare Source
This release changes a lot of methods, please see the upgrade guide.
generate()
with async methods (see #195).file()
andgenerateAsync()
).file()
andloadAsync()
(see #275).support.nodestream
.type
is now mandatory ingenerateAsync()
.true
).base64
andarray
as possible output type.v2.7.0
Compare Source
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.