hejny / ukraine Goto Github PK

In node environment this throws error on not finding a window - but for some users it can be confusing

import Ukraine from 'save-ukraine';

Ukraine.save();

CVE-2021-44906 - Medium Severity Vulnerability

Vulnerable Library - minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

• ts-jest-27.0.7.tgz (Root Library)
  • json5-2.2.0.tgz
    • ❌ minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: 00c2b0044184130f87ecdce1346d0c7f3ac46650

Found in base branch: main

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (5.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/issues/164

Release Date: 2022-03-17

Fix Resolution: minimist - 1.2.6

Step up your Open Source Security Game with WhiteSource here

https://www.forbes.com/sites/forbesstaff/2022/02/25/bitcoin-donations-to-ukrainian-army-surpass-4-million/

Because there is a <div> and only after the <a> with the rotation, it happens that the parent div covers a "transparent" part of the screen.

For instance, take this code:

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Bug</title>
</head>

<body>
    <div style="background: black; width: 200px; height: 40px;" onclick="alert('miao')"></div>
    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/umd/main.js"
        integrity="sha384-Xn1RAG80M8PZlBQh3r8fUvHY7c8RtuplSnqXOkdJyCxqRsToRwJ1m2FP7vyJo7u/"
        crossorigin="anonymous"></script>
    <script>
        Ukraine.save({
            ribbon: 'TOP_LEFT',
            hasShadow: true,
            countries: [],
        });
    </script>
</body>

</html>

You will see that if you click the black rectangle, it will not display any alert, because the ribbon's parent is obscuring it. In the image below, the covering div is with a purple boder:

A solution would be just to remove the superfluous div container and moving the first transform directly to the tag

For example message from Volodymyr Zelensky to Russian people

https://www.facebook.com/100001517469662/posts/5076389812421551/

And save it into the localstorage

https://www.youtube.com/watch?v=HOpisP7S7mg&ab_channel=SkyNews
https://www.youtube.com/watch?v=zfILFGpMQRo&ab_channel=TheTelegraph

The message "stop the war" is too vague and unclear. Also the translation reads "Stopping the war in Ukraine" and not stop the war.
According to Russian propaganda they already are stopping the war by waging the war(ill logic) so this message is about nothing. Need better targeted message.

Glory to Ukraine and happy independence day from Kherson!

Safari, 4K 27', how to fix that empty spaces?

Thank you.

For example by some GET param like ?test=Ukraine

Would you accept a PR to open this up for other conflict regions of the world?

I just do not know how to achieve this?

• By secondary geolocation or detection of UK in navigator.languages
• By asking for users' GPS if the language is Russian?
• Can I somehow be privacy-respecting (not asking external service) + without backend detecting users' IP from the frontend.