An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.
digitalcoyote/chocolatey-packages 3
Template repository for Chocolatey Automatic Package Updater Module
A user-friendly launcher for Bazel.
Bit is a modern Git CLI
digitalcoyote/BuildTaskNuGetPackageTemplate 0
A template for creating a NuGet Package that runs an exec task at build
🧔🏽 Community fork of @meetfranz. Ferdi allows you to combine your favorite messaging services into one application
Git Extensions is a standalone UI tool for managing git repositories. It also integrates with Windows Explorer and Microsoft Visual Studio (2010/2012/2013/2015/2017).
Script for installing Guacamole on Ubuntu
C# Wrapper of HIDAPI from signal11, wrapper multiplatform, used for interfaction with generic HID Devices, USB or bluetooth
issue openeddigitalcoyote/NuGetDefense
Requesting Vulnerability Source jQuery v3.5.1
Hi, I use jQuery v3.5.1 (latest stable) with Visual Studion 2019. When I scan for security vulnerabilities with NuGetDefense I get the following report:
"CVE-2016-10707 : jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit."
This is a link to the full description: https://nvd.nist.gov/vuln/detail/CVE-2016-10707
I opened a ticket in jquery support, they answered me as follows:
"You should contact the creators of the scanner to report a bug. The CVE references a version that is not the one you are running. See #3133."
Please advise how to proceed to fix this issue.
Thanks in advance!
created time in 14 hours
push eventwarmuuh/milkman
commit sha c765c3ecf4f0f59c4e2c1276a86c4d09469a0b70
added oauth token auto-refresh
push time in 15 hours
push eventwarmuuh/milkman
commit sha c2ba76dc9cbb123ee65e558cfc91392bdf9b5de3
added first oauth2 key support
commit sha 89dd21217f52862192397597a74bddf1665ad871
added password grant support
commit sha 18dec269765b8303552fc43c65e3227160889171
streamlined oauth tokens
commit sha 83d5da0144f16110223d38d3425900ff10da2b6b
changelog
push time in 20 hours
push eventwarmuuh/milkman
commit sha 18dec269765b8303552fc43c65e3227160889171
streamlined oauth tokens
push time in 20 hours
starteddigitalcoyote/NuGetDefense
started time in 20 hours
pull request commentdigitalcoyote/chocolatey-packages
@digitalcoyote good to know. The use case is legit, and for V2 it made sense. As V3 can be used on the WSL too, it should ideally bundle the executables and not the module. I'll draft something 😉
comment created time in a day
pull request commentdigitalcoyote/chocolatey-packages
A general remark on my end. It makes zero sense to use chocolatey to install a Powershell module (it might have been OK for V2, but not for V3). However, looking at what scoop does for V3, that would be perfect for chocolatey too. I'd love to take ownership of the package, or guide this direction as that fits best with the use-case of V3.
comment created time in a day
PR opened digitalcoyote/chocolatey-packages
Changes
- Allow use of v3 of oh-my-posh, by picking up new release tags format.
- Change v2 reference to
Set-Theme
to v3'sSet-PoshPrompt
.
FYI @JanDeDobbeleer, in case you spot anything else in the chocolateyinstall.ps1
that may need changing.
@digitalcoyote I imagine the oh-my-posh.nuspec
could use changing, but might leave that with you.
Background
Seems like v3 was in a pre-release/beta state until recently,
I'm a complete novice with chocolatey/powershell, but noticed that oh-my-posh
has a new major version and was wondering why it wasn't getting picked up, looks to be that the version tags are prefixed with v
now.
I was able to get the below terminal output, but couldn't figure out how to run chocolateyinstall.ps1
after it unpacked the nupkg, so couldn't test it beyond that.
<details>
<summary>My amateur attempt at running update.ps1</summary>
<p>
❯ .\update.ps1
oh-my-posh - checking updates using au version 2020.11.21
Install-PackageProvider: C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\update.ps1:15
Line |
15 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Forc …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Administrator rights are required to install packages in ''. Log
| on to the computer with an account that has Administrator rights,
| and then try again, or install in
| 'C:\Users\adehad\AppData\Local\PackageManagement\ProviderAssemblies' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
Saved Module
Remove-Item: C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\update.ps1:25
Line |
25 | Remove-Item -Path "./oh-my-posh/$version/Build" -Force -Recurse
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot find path
| 'C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh\3.106.4\Build' because it does not exist.
Remove-Item: C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\update.ps1:26
Line |
26 | Remove-Item -Path "./oh-my-posh/$version/.vscode" -Force -Recurse
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot find path
| 'C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh\3.106.4\.vscode' because it does not exist.
Remove-Item: C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\update.ps1:27
Line |
27 | Remove-Item -Path "./oh-my-posh/$version/TestsResults.xml" -Force
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot find path
| 'C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh\3.106.4\TestsResults.xml' because it does not exist.
URL check
nuspec version: 2.0.496
remote version: 3.106.4
New version is available
Automatic checksum skipped
Updating files
$Latest data:
NuspecVersion (String) 2.0.496
PackageName (String) oh-my-posh
Version (String) 3.106.4
oh-my-posh.nuspec
setting id: oh-my-posh
updating version: 2.0.496 -> 3.106.4
Attempting to build package from 'oh-my-posh.nuspec'.
Successfully created package 'C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh.3.106.4.nupkg'
Package updated
Path : C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh
Name : oh-my-posh
Updated : True
Pushed : False
RemoteVersion : 3.106.4
NuspecVersion : 2.0.496
Result : {oh-my-posh - checking updates using au version 2020.11.21, , URL
check, nuspec version: 2.0.496…}
Error :
NuspecPath : C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh.nuspec NuspecXml : #document
Ignored : False
IgnoreMessage :
StreamsPath : C:\Users\adehad\Documents\GitHub\chocolatey-packages\oh-my-posh\oh-my-posh.json
Streams :
</p> </details>
pr created time in a day
fork adehad/chocolatey-packages
Template repository for Chocolatey Automatic Package Updater Module
fork in 2 days
issue commentdigitalcoyote/NuGetDefense
Requesting Vulnerability Source `dotnet list package --vulnerable`
Will this be an extra source for finding vulnerabilities that automatically can be ran? It would be a welcome addition since we cannot really use the dotnet list command as is in a CI/CD scenario without adding string comparison scripts around it. :-)
comment created time in 2 days
push eventwarmuuh/milkman
commit sha 89dd21217f52862192397597a74bddf1665ad871
added password grant support
push time in 3 days
push eventbchavez/Bogus
commit sha b9049abf8b40203c09079741bcb328da95899f81
Add answer to StackOverflow question: https://stackoverflow.com/questions/66444118/how-to-use-bogus-faker-with-initialization-properties Re: #213
push time in 3 days
push eventbchavez/Bogus
commit sha fe28f91c7e457c2e7bd6256aafe2485043b301d7
Add answer to StackOverflow question: https://stackoverflow.com/questions/66444118/how-to-use-bogus-faker-with-initialization-properties
push time in 3 days
issue commentdigitalcoyote/chocolatey-packages
Thank you for your support!
comment created time in 4 days
push eventwarmuuh/milkman
commit sha adf4bb630f26915d2b30191607b8d0f9b61d920d
added manage keyset dialog
commit sha 16ed72e71ddd9c720b7d5664220eae23773e35ef
added plain key support
commit sha 7f5b20d5962f583d8a78719d1ef8b9073b11ec5d
Merge pull request #98 from warmuuh/feature/secrets adds separate secrets. fixes #74
push time in 4 days
issue closedwarmuuh/milkman
dont export secret environment variables
allow env-vars to be marked as secret. this leads to them not being replaced during export except if the corresponding checkmark is set ("export secrets") on sync, the variable names should be exported but no values, merging should ignore these "changes" similar for privatebin export
closed time in 4 days
warmuuhPR merged warmuuh/milkman
this adds secrets which are handled differently than normal environment variables and are not synced. base for oauth support
pr closed time in 4 days
PR opened warmuuh/milkman
this adds secrets which are handled differently than normal environment variables and are not synced. base for oauth support
pr created time in 4 days
push eventwarmuuh/milkman
commit sha 16ed72e71ddd9c720b7d5664220eae23773e35ef
added plain key support
push time in 5 days
issue closedwarmuuh/milkman
Request Collection context menu unreadable in light theme
Request Collection context menu unreadable in light theme
closed time in 5 days
warmuuhpush eventwarmuuh/milkman
commit sha 5c086b8c06a58ac63ed034e12991ea7f548a72c3
fixing context menu css. fixes #94
push time in 5 days
issue commentdigitalcoyote/chocolatey-packages
@digitalcoyote I will have a look.
comment created time in 5 days
issue openeddigitalcoyote/chocolatey-packages
Could the auto bot be updated so that the latest package of n3dr will become available on chocolatey?
created time in 6 days
starteddmjio/stripe
started time in 6 days
push eventbchavez/Bogus
commit sha e6fa4088ad17e6cd39130cd773fc138d3bd8e428
Fixes inconsistent space vs tabs on readme (#364) * Fixes inconsistent space vs tabs on readme This was creating additional nesting on the readme that was confusing. It made methods appear as nested methods of siblings. * Revert LoremPixelUrl; spacing is intended, but Port spacing is not intended. Co-authored-by: bchavez <bchavez@bitarmory.com>
push time in 6 days
PR merged bchavez/Bogus
This was creating additional nesting on the readme that was confusing. It made methods appear as nested methods of siblings.
pr closed time in 6 days
PR opened bchavez/Bogus
This was creating additional nesting on the readme that was confusing. It made methods appear as nested methods of siblings.
pr created time in 6 days
startedyesodweb/yesod
started time in 6 days