Deploying to gh-pages from @ 2954945 🚀

eclipse-theia · Oct 31, 2024 · e49b043 · e49b043
commit e49b043
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,29 @@
+<div align='center'><br /><img src="https://raw.githubusercontent.com/eclipse-theia/security-audit/master/assets/security-header.png" width="400px"/></div>
+
+### Security Audit - 31/10/2024 at 0:05 UTC
+-- -
+
+#### Scan Summary
+
+| Moderate | High | Critical |
+|:---|:---|:---|
+| 5 | 7 | 0 |
+
+
+#### Scan Details
+
+| Security Vulnerability | Module Name | Severity | Version | Vulnerable Versions | Patched Versions | Recommendation | Path |
+|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|
+| [Uncontrolled resource consumption in braces](https://github.com/advisories/GHSA-grv7-fg5c-xmjg) | braces (dependency) | high | 3.0.2 | <3.0.3 | >=3.0.3 | Upgrade to version 3.0.3 or later | electron-mocha>mocha>chokidar>braces |
+| [ws affected by a DoS when handling a request with many HTTP headers](https://github.com/advisories/GHSA-3h5v-q93c-6h6q) | ws (dependency) | high | 8.11.0 | >=8.0.0 <8.17.1 | >=8.17.1 | Upgrade to version 8.17.1 or later | @theia/core>socket.io>engine.io>ws |
+| [Server-Side Request Forgery in axios](https://github.com/advisories/GHSA-8hc4-vh64-cxmj) | axios (dependency) | high | 1.6.7 | >=1.3.2 <=1.7.3 | >=1.7.4 | Upgrade to version 1.7.4 or later | lerna>nx>axios |
+| [body-parser vulnerable to denial of service when url encoding is enabled](https://github.com/advisories/GHSA-qwcr-r2fm-qrc7) | body-parser (dependency) | high | 1.20.2 | <1.20.3 | >=1.20.3 | Upgrade to version 1.20.3 or later | @theia/core>body-parser |
+| [path-to-regexp outputs backtracking regular expressions](https://github.com/advisories/GHSA-9wv6-86v2-598j) | path-to-regexp (dependency) | high | 6.2.1 | >=4.0.0 <6.3.0 | >=6.3.0 | Upgrade to version 6.3.0 or later | sinon>nise>path-to-regexp |
+| [DOMPurify allows tampering by prototype pollution](https://github.com/advisories/GHSA-mmhx-hmjr-r674) | dompurify (dependency) | high | 2.4.7 | <2.5.4 | >=2.5.4 | Upgrade to version 2.5.4 or later | @theia/core>dompurify |
+| [DOMpurify has a nesting-based mXSS](https://github.com/advisories/GHSA-gx9m-whjm-85jf) | dompurify (dependency) | high | 2.4.7 | <2.5.0 | >=2.5.0 | Upgrade to version 2.5.0 or later | @theia/core>dompurify |
+| [Denial of service while parsing a tar file due to lack of folders count validation](https://github.com/advisories/GHSA-f5x3-32g6-xq36) | tar (dependency) | moderate | 6.2.0 | <6.2.1 | >=6.2.1 | Upgrade to version 6.2.1 or later | lerna>@lerna/create>tar |
+| [follow-redirects' Proxy-Authorization header kept across hosts](https://github.com/advisories/GHSA-cxjh-pqwp-8mfp) | follow-redirects (dependency) | moderate | 1.15.5 | <=1.15.5 | >=1.15.6 | Upgrade to version 1.15.6 or later | lerna>nx>axios>follow-redirects |
+| [ejs lacks certain pollution protection](https://github.com/advisories/GHSA-ghr5-ch3p-vcr6) | ejs (dependency) | moderate | 3.1.9 | <3.1.10 | >=3.1.10 | Upgrade to version 3.1.10 or later | lerna>@nx/devkit>ejs |
+| [Regular Expression Denial of Service (ReDoS) in micromatch](https://github.com/advisories/GHSA-952p-6rrq-rcjv) | micromatch (dependency) | moderate | 4.0.5 | <4.0.8 | >=4.0.8 | Upgrade to version 4.0.8 or later | lerna>globby>fast-glob>micromatch |
+| [Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS](https://github.com/advisories/GHSA-4vvj-4cpr-p986) | webpack (dependency) | moderate | 5.90.3 | >=5.0.0-alpha.0 <5.94.0 | >=5.94.0 | Upgrade to version 5.94.0 or later | @theia/native-webpack-plugin>webpack |
+
diff --git a/_config.yml b/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-primer
diff --git a/_layouts/default.html b/_layouts/default.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html lang="{{ site.lang | default: "en-US" }}">
+
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    {% seo %}
+    <link rel="stylesheet" href="{{ "/assets/css/style.css?v=" | append: site.github.build_revision | relative_url }}">
+    <link rel="shortcut icon" type="image/x-icon" href="favicon.ico">
+</head>
+
+<body>
+    <div class="px-3 my-5 markdown-body">
+
+        {{ content }}
+
+    </div>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/4.1.0/anchor.min.js"
+        integrity="sha256-lZaRhKri35AyJSypXXs4o6OPFTbTmUoltBbDCbdzegg=" crossorigin="anonymous"></script>
+    <script>anchors.add();</script>
+    {% if site.google_analytics %}
+    <script>
+        (function (i, s, o, g, r, a, m) {
+        i['GoogleAnalyticsObject'] = r; i[r] = i[r] || function () {
+            (i[r].q = i[r].q || []).push(arguments)
+        }, i[r].l = 1 * new Date(); a = s.createElement(o),
+            m = s.getElementsByTagName(o)[0]; a.async = 1; a.src = g; m.parentNode.insertBefore(a, m)
+        })(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga');
+        ga('create', '{{ site.google_analytics }}', 'auto');
+        ga('send', 'pageview');
+    </script>
+    {% endif %}
+</body>
+
+</html>
diff --git a/_layouts/favicon.ico b/_layouts/favicon.ico