Add CamoFox Browser lockfile example and verified case study#556
Open
Ayush7614 wants to merge 1 commit into
Open
Add CamoFox Browser lockfile example and verified case study#556Ayush7614 wants to merge 1 commit into
Ayush7614 wants to merge 1 commit into
Conversation
Snapshot jo-inc/camofox-browser npm lockfile (435 packages, 2 findings) with dual qs remediation narrative (within-range npm update qs + express parent upgrade), npm audit comparison, and docs wiring. Closes OWASP#539
Contributor
Author
|
cc: @sonukapoor |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
examples/camofox-browser/from jo-inc/camofox-browser at revisionce3a3b085aacba73eb8de6c51733c19fb13bfae4(package.json+package-lock.json).qs) with two fix command groups showcasing v1.19.1 within-range vs parent-upgrade remediation:npm update qs—qs@6.15.1viaexpress→body-parser(range already permits6.15.2+)npm install express@4.22.2—qs@6.14.2via directexpress@4.22.1npm audit: 2 moderate entries — totals align with CVE Lite deduplicated view.[Unreleased],examples/readme.md, Docusaurus sidebar, and case studies index; addscamofox-browser-logo.png.Closes #539
Test plan
node dist/index.js examples/camofox-browser --verbose --allreproduces 2 findings on v1.19.1+cd examples/camofox-browser && npm auditreports 2 moderate entriescase-studies/camofox-browserpageMade with Cursor