René's URL Explorer Experiment

Title: Security issues · Issue #1150 · NativeScript/nativescript-dev-webpack · GitHub

Open Graph Title: Security issues · Issue #1150 · NativeScript/nativescript-dev-webpack

X Title: Security issues · Issue #1150 · NativeScript/nativescript-dev-webpack

Description: Issue Hi :) I have the below added security issues with nativescript-dev-webpack. Environment "dependencies": { "nativescript-dev-webpack": "1.5.1" } npm audit security report Run npm update terser-webpack-plugin --depth 3 to resolve 2 v...

Open Graph Description: Issue Hi :) I have the below added security issues with nativescript-dev-webpack. Environment "dependencies": { "nativescript-dev-webpack": "1.5.1" } npm audit security report Run npm update terser...

X Description: Issue Hi :) I have the below added security issues with nativescript-dev-webpack. Environment "dependencies": { "nativescript-dev-webpack": "1.5.1" } npm audit securit...

Opengraph URL: https://github.com/NativeScript/nativescript-dev-webpack/issues/1150

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Hey, it has json ld scripts:

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Security issues","articleBody":"## Issue\r\nHi :)\r\n\r\nI have the below added security issues with nativescript-dev-webpack.\r\n\r\n## Environment\r\n\r\n  \"dependencies\": {\r\n    \"nativescript-dev-webpack\": \"1.5.1\"\r\n }\r\n\r\n\r\n## npm audit security report\r\n\r\nRun  npm update terser-webpack-plugin --depth 3  to resolve 2 vulnerabilities\r\n\r\n  Moderate        Cross-Site Scripting                                          \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e webpack \u003e terser-webpack-plugin \u003e  \r\n                  serialize-javascript                                          \r\n*\r\n  More info       https://npmjs.com/advisories/1426                             \r\n\r\n\r\n  High            Remote Code Execution                                         \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e webpack \u003e terser-webpack-plugin \u003e  \r\n                  serialize-javascript                                          \r\n\r\n  More info       https://npmjs.com/advisories/1548                             \r\n\r\n\r\n                                 Manual Review                                  \r\n             Some vulnerabilities require your attention to resolve             \r\n                                                                                \r\n          Visit https://go.npm.me/audit-guide for additional guidance           \r\n\r\n\r\n  Moderate        Out-of-bounds Read                                            \r\n\r\n  Package         atob                                                          \r\n\r\n  Patched in      \u003e=2.1.0                                                       \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e css \u003e source-map-resolve \u003e atob    \r\n\r\n  More info       https://npmjs.com/advisories/646                              \r\n\r\n\r\n  Moderate        Cross-Site Scripting                                          \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Patched in      \u003e=2.1.1                                                       \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e copy-webpack-plugin \u003e              \r\n                  serialize-javascript                                          \r\n\r\n  More info       https://npmjs.com/advisories/1426                             \r\n\r\n\r\n  Moderate        Cross-Site Scripting                                          \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Patched in      \u003e=2.1.1                                                       \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e terser-webpack-plugin \u003e            \r\n                  serialize-javascript                                          \r\n\r\n  More info       https://npmjs.com/advisories/1426                             \r\n\r\n\r\n  High            Remote Code Execution                                         \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Patched in      \u003e=3.1.0                                                       \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e copy-webpack-plugin \u003e              \r\n                  serialize-javascript                                          \r\n\r\n  More info       https://npmjs.com/advisories/1548                             \r\n\r\n\r\n  High            Remote Code Execution                                         \r\n\r\n  Package         serialize-javascript                                          \r\n\r\n  Patched in      \u003e=3.1.0                                                       \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e terser-webpack-plugin \u003e            \r\n                  serialize-javascript                                          \r\n\r\n  More info       https://npmjs.com/advisories/1548                             \r\n\r\n\r\n  Low             Prototype Pollution                                           \r\n\r\n  Package         yargs-parser                                                  \r\n\r\n  Patched in      \u003e=13.1.2 \u003c14.0.0 || \u003e=15.0.1 \u003c16.0.0 || \u003e=18.1.2              \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e webpack-cli \u003e yargs \u003e              \r\n                  yargs-parser                                                  \r\n\r\n  More info       https://npmjs.com/advisories/1500                             \r\n\r\n\r\n  High            Prototype Pollution                                           \r\n\r\n  Package         object-path                                                   \r\n\r\n  Patched in      \u003e=0.11.5                                                      \r\n\r\n  Dependency of   nativescript-dev-webpack [dev]                                \r\n\r\n  Path            nativescript-dev-webpack \u003e resolve-url-loader \u003e\r\n                  adjust-sourcemap-loader \u003e object-path\r\n\r\n  More info       https://npmjs.com/advisories/1573**\r\n","author":{"url":"https://github.com/senner007","@type":"Person","name":"senner007"},"datePublished":"2020-12-07T09:41:49.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/1150/nativescript-dev-webpack/issues/1150"}

route-pattern	/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controller	voltron_issues_fragments
route-action	issue_layout
fetch-nonce	v2:38976a5e-c8b9-459c-e3d8-dbee4a45bfd8
current-catalog-service-hash	81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-id	A28A:E7822:8D6E263:B671C90:69760737
html-safe-nonce	63e7650df9ff8cbc47637bc9f9d22d11fb2a5ae0314f4b6b6e004095c5b4aeaf
visitor-payload	eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBMjhBOkU3ODIyOjhENkUyNjM6QjY3MUM5MDo2OTc2MDczNyIsInZpc2l0b3JfaWQiOiIzMjc3NjM2NTYyMDc3NDg0ODU1IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac	942234f5789e7440e8d0279ab31da02aa1dd5ec8c4350bae4f93d03e1ac1fb98
hovercard-subject-tag	issue:758344070
github-keyboard-shortcuts	repository,issues,copilot
google-site-verification	Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-url	https://collector.github.com/github/collect
analytics-location	///voltron/issues_fragments/issue_layout
fb:app_id	1401488693436528
apple-itunes-app	app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/NativeScript/nativescript-dev-webpack/1150/issue_layout
twitter:image	https://opengraph.githubassets.com/5eac25bd6700e7274465459e729ce55484bbffce113a1a986e42bd56b3296dcc/NativeScript/nativescript-dev-webpack/issues/1150
twitter:card	summary_large_image
og:image	https://opengraph.githubassets.com/5eac25bd6700e7274465459e729ce55484bbffce113a1a986e42bd56b3296dcc/NativeScript/nativescript-dev-webpack/issues/1150
og:image:alt	Issue Hi :) I have the below added security issues with nativescript-dev-webpack. Environment "dependencies": { "nativescript-dev-webpack": "1.5.1" } npm audit security report Run npm update terser...
og:image:width	1200
og:image:height	600
og:site_name	GitHub
og:type	object
og:author:username	senner007
hostname	github.com
expected-hostname	github.com
None	c6814b4cc7afd45cd6e64525d0cff0e76dd802f315a5b0e55a7abda1d1d070d0
turbo-cache-control	no-preview
go-import	github.com/NativeScript/nativescript-dev-webpack git https://github.com/NativeScript/nativescript-dev-webpack.git
octolytics-dimension-user_id	7392261
octolytics-dimension-user_login	NativeScript
octolytics-dimension-repository_id	54984270
octolytics-dimension-repository_nwo	NativeScript/nativescript-dev-webpack
octolytics-dimension-repository_public	true
octolytics-dimension-repository_is_fork	false
octolytics-dimension-repository_network_root_id	54984270
octolytics-dimension-repository_network_root_nwo	NativeScript/nativescript-dev-webpack
turbo-body-classes	logged-out env-production page-responsive
disable-turbo	false
browser-stats-url	https://api.github.com/_private/browser/stats
browser-errors-url	https://api.github.com/_private/browser/errors
release	4ea235bfed58ef16c8a5642b3ac64b74f10c9f52
ui-target	canary-2
theme-color	#1e2327
color-scheme	light dark

Links:

Skip to content	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150#start-of-content
	https://patch-diff.githubusercontent.com/
Sign in	https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FNativeScript%2Fnativescript-dev-webpack%2Fissues%2F1150
GitHub CopilotWrite better code with AI	https://github.com/features/copilot
GitHub SparkBuild and deploy intelligent apps	https://github.com/features/spark
GitHub ModelsManage and compare prompts	https://github.com/features/models
MCP RegistryNewIntegrate external tools	https://github.com/mcp
ActionsAutomate any workflow	https://github.com/features/actions
CodespacesInstant dev environments	https://github.com/features/codespaces
IssuesPlan and track work	https://github.com/features/issues
Code ReviewManage code changes	https://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilities	https://github.com/security/advanced-security
Code securitySecure your code as you build	https://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they start	https://github.com/security/advanced-security/secret-protection
Why GitHub	https://github.com/why-github
Documentation	https://docs.github.com
Blog	https://github.blog
Changelog	https://github.blog/changelog
Marketplace	https://github.com/marketplace
View all features	https://github.com/features
Enterprises	https://github.com/enterprise
Small and medium teams	https://github.com/team
Startups	https://github.com/enterprise/startups
Nonprofits	https://github.com/solutions/industry/nonprofits
App Modernization	https://github.com/solutions/use-case/app-modernization
DevSecOps	https://github.com/solutions/use-case/devsecops
DevOps	https://github.com/solutions/use-case/devops
CI/CD	https://github.com/solutions/use-case/ci-cd
View all use cases	https://github.com/solutions/use-case
Healthcare	https://github.com/solutions/industry/healthcare
Financial services	https://github.com/solutions/industry/financial-services
Manufacturing	https://github.com/solutions/industry/manufacturing
Government	https://github.com/solutions/industry/government
View all industries	https://github.com/solutions/industry
View all solutions	https://github.com/solutions
AI	https://github.com/resources/articles?topic=ai
Software Development	https://github.com/resources/articles?topic=software-development
DevOps	https://github.com/resources/articles?topic=devops
Security	https://github.com/resources/articles?topic=security
View all topics	https://github.com/resources/articles
Customer stories	https://github.com/customer-stories
Events & webinars	https://github.com/resources/events
Ebooks & reports	https://github.com/resources/whitepapers
Business insights	https://github.com/solutions/executive-insights
GitHub Skills	https://skills.github.com
Documentation	https://docs.github.com
Customer support	https://support.github.com
Community forum	https://github.com/orgs/community/discussions
Trust center	https://github.com/trust-center
Partners	https://github.com/partners
GitHub SponsorsFund open source developers	https://github.com/sponsors
Security Lab	https://securitylab.github.com
Maintainer Community	https://maintainers.github.com
Accelerator	https://github.com/accelerator
Archive Program	https://archiveprogram.github.com
Topics	https://github.com/topics
Trending	https://github.com/trending
Collections	https://github.com/collections
Enterprise platformAI-powered developer platform	https://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security features	https://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI features	https://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 support	https://github.com/premium-support
Pricing	https://github.com/pricing
Search syntax tips	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentation	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in	https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FNativeScript%2Fnativescript-dev-webpack%2Fissues%2F1150
Sign up	https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=NativeScript%2Fnativescript-dev-webpack
Reload	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150
Reload	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150
Reload	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150
NativeScript	https://patch-diff.githubusercontent.com/NativeScript
nativescript-dev-webpack	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack
Please reload this page	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150
Notifications	https://patch-diff.githubusercontent.com/login?return_to=%2FNativeScript%2Fnativescript-dev-webpack
Fork 40	https://patch-diff.githubusercontent.com/login?return_to=%2FNativeScript%2Fnativescript-dev-webpack
Star 97	https://patch-diff.githubusercontent.com/login?return_to=%2FNativeScript%2Fnativescript-dev-webpack
Code	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack
Issues 82	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues
Pull requests 3	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/pulls
Actions	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/actions
Security 0	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/security
Insights	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/pulse
Code	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack
Issues	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues
Pull requests	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/pulls
Actions	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/actions
Security	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/security
Insights	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/pulse
Security issues	https://patch-diff.githubusercontent.com/NativeScript/nativescript-dev-webpack/issues/1150#top
	https://github.com/senner007
	https://github.com/senner007
senner007	https://github.com/senner007
on Dec 7, 2020	https://github.com/NativeScript/nativescript-dev-webpack/issues/1150#issue-758344070
https://npmjs.com/advisories/1426	https://npmjs.com/advisories/1426
https://npmjs.com/advisories/1548	https://npmjs.com/advisories/1548
https://npmjs.com/advisories/646	https://npmjs.com/advisories/646
https://npmjs.com/advisories/1426	https://npmjs.com/advisories/1426
https://npmjs.com/advisories/1426	https://npmjs.com/advisories/1426
https://npmjs.com/advisories/1548	https://npmjs.com/advisories/1548
https://npmjs.com/advisories/1548	https://npmjs.com/advisories/1548
https://npmjs.com/advisories/1500	https://npmjs.com/advisories/1500
https://npmjs.com/advisories/1573	https://npmjs.com/advisories/1573
	https://github.com
Terms	https://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacy	https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Security	https://github.com/security
Status	https://www.githubstatus.com/
Community	https://github.community/
Docs	https://docs.github.com/
Contact	https://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.