From 2e4e49e0db9667d54342fca96fc747ad8b474b78 Mon Sep 17 00:00:00 2001 From: Eugene Fox Date: Tue, 4 Jul 2023 11:02:26 +0300 Subject: [PATCH] Patch 2.2.6 (#184) * Bump webpack from 5.85.0 to 5.88.1 (#183) Bumps [webpack](https://github.com/webpack/webpack) from 5.85.0 to 5.88.1. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.85.0...v5.88.1) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump typescript from 5.0.4 to 5.1.6 (#182) Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.0.4 to 5.1.6. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/commits) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sass from 1.60.0 to 1.63.6 (#180) Bumps [sass](https://github.com/sass/dart-sass) from 1.60.0 to 1.63.6. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.60.0...1.63.6) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eugene Fox * Bump @types/webextension-polyfill from 0.10.0 to 0.10.1 (#179) Bumps [@types/webextension-polyfill](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/webextension-polyfill) from 0.10.0 to 0.10.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/webextension-polyfill) --- updated-dependencies: - dependency-name: "@types/webextension-polyfill" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @types/react from 18.2.0 to 18.2.14 (#181) Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.2.0 to 18.2.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * - Updated package.json version - Updated README.md and release template * Updated release template * Fixed CVE-2022-25883 (#185) * Update pull_request_template.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/pull_request_template.md | 27 +++++++-- .github/release_description_template.md | 29 ++++----- README.md | 39 +++++++++++++ package.json | 15 ++--- yarn.lock | 78 +++++++++++-------------- 5 files changed, 112 insertions(+), 76 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 44e1fb8..cb95627 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,14 +1,29 @@ ## Description -> Put short description of the pull request here + -fixes: #issue_number +Resolves: #issue_number + + + + + + + diff --git a/.github/release_description_template.md b/.github/release_description_template.md index 2c29b5e..28f20e5 100644 --- a/.github/release_description_template.md +++ b/.github/release_description_template.md @@ -1,22 +1,13 @@ +> ## 🚀 Patch Tuesday update +> This release is a part of our new initiative! +From now on we are starting to roll out updates on every first Tuesday of the month, which will include bugfixes, security and dependency updates to keep the project's security and stability up to date! +--> ## What's new -- + -## Installation -### From extension webstore (recommended) -- [Google Chrome Webstore](https://chrome.google.com/webstore/detail/jnjobgjobffgmgfnkpkjfjkkfhfikmfl) -- [Microsoft Edge Add-ons Webstore](https://microsoftedge.microsoft.com/addons/detail/manimdhobjbkfpeeehlhhneookiokpbj) -- [Firefox Add-ons](https://addons.mozilla.org/en-US/firefox/addon/easy-password-generator/) -- [GitHub Releases](https://github.com/xfox111/PasswordGeneratorExtension/releases/latest) +### Fixed security issues in this update +- [CWE-20](https://cwe.mitre.org/data/definitions/20.html) +- CVE-2022-25883 +--> -Note that version published on these webstores can differ from this release -### Sideloading (for testing purposes only) -1. Download attached archive and unpack it -2. Enable Developers mode on your browser extensions page -3. Click "Load unpacked" button and navigate to the extension root folder (contains `manifest.json`) -4. Done! - -*On Firefox you should open manifest file instead of extension's folder - -**Note:** If you delete extension folder it will disappear from your browser - -_Sideloaded extensions don't replace officially installed ones_ \ No newline at end of file +Refer to [Download section of README.md](https://github.com/XFox111/PasswordGeneratorExtension#download) for instructions and download links diff --git a/README.md b/README.md index 1886e2a..55e4620 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,45 @@ Extension for web browsers which helps you to easily generate strong passwords i - [Firefox Add-ons](https://addons.mozilla.org/en-US/firefox/addon/easy-password-generator/) - [GitHub Releases](https://github.com/xfox111/PasswordGeneratorExtension/releases/latest) +### Sideloading (for testing purposes only) + +
+ Click to expand + +--- + +
+ Chromium-based browsers (Edge, Chrome, etc.) + +> 1. Go to [Releases](https://github.com/XFox111/PasswordGeneratorExtension/releases) and select a release to download +> 2. Download attached archive for Chromium and unpack it +> 3. Go to "chrome://extensions" +> 4. Enable "Developer mode" +> 5. Click the "Load unpacked" button and navigate to the extension's root folder (contains `manifest.json`) +> 6. Done! + +
+ +
+ Firefox + +> 1. Go to [Releases](https://github.com/XFox111/PasswordGeneratorExtension/releases) and select a release to download +> 2. Download attached archive for Firefox and unpack it +> 3. Go to "about:debugging#/runtime/this-firefox" +> 4. Click the "Load Temporary Add-on..." button and select `manifest.josn` file in the root folder +> 5. Done! + +> **Important!** +This will _replace_ officialy installed version if you have one. +If you want to sideload it without replacing to run both versions at the same time - before loading add-on, open `manifest.json` in a text editor and change `id` key (it's `passwordgenerator@xfox111.net` by default) to something else + +
+ +> **Note:** If you delete the extension folder it will disappear from your browser +--- + +
+ ## Contributing [![GitHub issues](https://img.shields.io/github/issues/xfox111/PasswordGeneratorExtension)](https://github.com/xfox111/PasswordGeneratorExtension/issues) [![CI](https://github.com/XFox111/PasswordGeneratorExtension/actions/workflows/cd_pipeline.yaml/badge.svg)](https://github.com/XFox111/PasswordGeneratorExtension/actions/workflows/cd_pipeline.yaml) diff --git a/package.json b/package.json index 07d1d6b..00a6a22 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "password-generator", - "version": "2.2.5", + "version": "2.2.6", "private": true, "dependencies": { "@craco/craco": "^7.1.0", @@ -9,8 +9,8 @@ "react": "^18.2.0", "react-device-detect": "^2.2.3", "react-dom": "^18.2.0", - "sass": "^1.60.0", - "typescript": "^5.0.4", + "sass": "^1.63.6", + "typescript": "^5.1.6", "webextension-polyfill": "^0.10.0" }, "devDependencies": { @@ -20,12 +20,12 @@ "@testing-library/user-event": "^14.4.3", "@types/jest": "^29.5.2", "@types/node": "^20.2.5", - "@types/react": "^18.2.0", + "@types/react": "^18.2.14", "@types/react-dom": "^18.2.4", - "@types/webextension-polyfill": "^0.10.0", + "@types/webextension-polyfill": "^0.10.1", "html-webpack-plugin": "^5.5.1", "react-scripts": "5.0.1", - "webpack": "^5.85.0" + "webpack": "^5.88.1" }, "scripts": { "start": "craco start", @@ -55,6 +55,7 @@ "json5": "1.0.2", "loader-utils": "2.0.4", "minimatch": "3.0.5", - "nth-check": "2.0.1" + "nth-check": "2.0.1", + "semver": "^7.5.2" } } diff --git a/yarn.lock b/yarn.lock index 143c959..7ad304b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2860,10 +2860,10 @@ dependencies: "@types/react" "*" -"@types/react@*", "@types/react@^18.2.0": - version "18.2.0" - resolved "https://registry.yarnpkg.com/@types/react/-/react-18.2.0.tgz#15cda145354accfc09a18d2f2305f9fc099ada21" - integrity sha512-0FLj93y5USLHdnhIhABk83rm8XEGA7kH3cr+YUlvxoUGp1xNt/DINUMvqPxLyOQMzLmZe8i4RTHbvb8MC7NmrA== +"@types/react@*", "@types/react@^18.2.14": + version "18.2.14" + resolved "https://registry.yarnpkg.com/@types/react/-/react-18.2.14.tgz#fa7a6fecf1ce35ca94e74874f70c56ce88f7a127" + integrity sha512-A0zjq+QN/O0Kpe30hA1GidzyFjatVvrpIvWLxD+xv67Vt91TWWgco9IvrJBkeyHm1trGaFS/FSGqPlhyeZRm0g== dependencies: "@types/prop-types" "*" "@types/scheduler" "*" @@ -2925,10 +2925,10 @@ resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.2.tgz#fc25ad9943bcac11cceb8168db4f275e0e72e756" integrity sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg== -"@types/webextension-polyfill@^0.10.0": - version "0.10.0" - resolved "https://registry.yarnpkg.com/@types/webextension-polyfill/-/webextension-polyfill-0.10.0.tgz#e87b5e2c101599779a584cdb043887ad73b37b0e" - integrity sha512-If4EcaHzYTqcbNMp/FdReVdRmLL/Te42ivnJII551bYjhX19bWem5m14FERCqdJA732OloGuxCRvLBvcMGsn4A== +"@types/webextension-polyfill@^0.10.1": + version "0.10.1" + resolved "https://registry.yarnpkg.com/@types/webextension-polyfill/-/webextension-polyfill-0.10.1.tgz#63698f0ef78a069d2d307be3caaee5e70c12e09d" + integrity sha512-Sdg+E2F5JUbhkE1qX15QUxpyhfMFKRGJqND9nb1C0gNN4NR7kCV31/1GvNbg6Xe+m/JElJ9/lG5kepMzjGPuQw== "@types/ws@^8.5.1": version "8.5.3" @@ -4651,10 +4651,10 @@ encodeurl@~1.0.2: resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" integrity sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w== -enhanced-resolve@^5.14.1: - version "5.14.1" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.14.1.tgz#de684b6803724477a4af5d74ccae5de52c25f6b3" - integrity sha512-Vklwq2vDKtl0y/vtwjSesgJ5MYS7Etuk5txS8VdKL4AOS1aUlD96zqIfsOSLQsdv3xgMRbtkWM8eG9XDfKUPow== +enhanced-resolve@^5.15.0: + version "5.15.0" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz#1af946c7d93603eb88e9896cee4904dc012e9c35" + integrity sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg== dependencies: graceful-fs "^4.2.4" tapable "^2.2.0" @@ -8527,10 +8527,10 @@ sass-loader@^12.3.0: klona "^2.0.4" neo-async "^2.6.2" -sass@^1.60.0: - version "1.60.0" - resolved "https://registry.yarnpkg.com/sass/-/sass-1.60.0.tgz#657f0c23a302ac494b09a5ba8497b739fb5b5a81" - integrity sha512-updbwW6fNb5gGm8qMXzVO7V4sWf7LMXnMly/JEyfbfERbVH46Fn6q02BX7/eHTdKpE7d+oTkMMQpFWNUMfFbgQ== +sass@^1.63.6: + version "1.63.6" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.63.6.tgz#481610e612902e0c31c46b46cf2dad66943283ea" + integrity sha512-MJuxGMHzaOW7ipp+1KdELtqKbfAWbH7OLIdoSMnVe3EXPMTmxTmlaZDCTsgIpPCs3w99lLo9/zDKkOrJuT5byw== dependencies: chokidar ">=3.0.0 <4.0.0" immutable "^4.0.0" @@ -8573,10 +8573,10 @@ schema-utils@^2.6.5: ajv "^6.12.4" ajv-keywords "^3.5.2" -schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.2.tgz#36c10abca6f7577aeae136c804b0c741edeadc99" - integrity sha512-pvjEHOgWc9OWA/f/DE3ohBWTD6EleVLf7iFUkoSwAxttdBhB9QUebQgxER2kWueOvRJXPHNnyrvvh9eZINB8Eg== +schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe" + integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== dependencies: "@types/json-schema" "^7.0.8" ajv "^6.12.5" @@ -8604,20 +8604,10 @@ selfsigned@^2.0.1: dependencies: node-forge "^1" -semver@7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e" - integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A== - -semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== - -semver@^7.3.2, semver@^7.3.5, semver@^7.3.7: - version "7.3.7" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.7.tgz#12c5b649afdbf9049707796e22a4028814ce523f" - integrity sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g== +semver@7.0.0, semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0, semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.5.2: + version "7.5.3" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e" + integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ== dependencies: lru-cache "^6.0.0" @@ -9355,10 +9345,10 @@ typedarray-to-buffer@^3.1.5: dependencies: is-typedarray "^1.0.0" -typescript@^5.0.4: - version "5.0.4" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.0.4.tgz#b217fd20119bd61a94d4011274e0ab369058da3b" - integrity sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw== +typescript@^5.1.6: + version "5.1.6" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.1.6.tgz#02f8ac202b6dad2c0dd5e0913745b47a37998274" + integrity sha512-zaWCozRZ6DLEWAWFrVDz1H6FVXzUSfTy5FUMWsQlU8Ym5JP9eO4xkTIROFCQvhQf61z6O/G6ugw3SgAnvvm+HA== ua-parser-js@^1.0.33: version "1.0.35" @@ -9651,10 +9641,10 @@ webpack-sources@^3.2.3: resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -webpack@^5.64.4, webpack@^5.74.0, webpack@^5.85.0: - version "5.85.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.85.0.tgz#c14a6a3a91f84d67c450225661fda8da36bc7f49" - integrity sha512-7gazTiYqwo5OSqwH1tigLDL2r3qDeP2dOKYgd+LlXpsUMqDTklg6tOghexqky0/+6QY38kb/R/uRPUleuL43zg== +webpack@^5.64.4, webpack@^5.74.0, webpack@^5.88.1: + version "5.88.1" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.88.1.tgz#21eba01e81bd5edff1968aea726e2fbfd557d3f8" + integrity sha512-FROX3TxQnC/ox4N+3xQoWZzvGXSuscxR32rbzjpXgEzWudJFEJBpdlkkob2ylrv5yzzufD1zph1OoFsLtm6stQ== dependencies: "@types/eslint-scope" "^3.7.3" "@types/estree" "^1.0.0" @@ -9665,7 +9655,7 @@ webpack@^5.64.4, webpack@^5.74.0, webpack@^5.85.0: acorn-import-assertions "^1.9.0" browserslist "^4.14.5" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.14.1" + enhanced-resolve "^5.15.0" es-module-lexer "^1.2.1" eslint-scope "5.1.1" events "^3.2.0" @@ -9675,7 +9665,7 @@ webpack@^5.64.4, webpack@^5.74.0, webpack@^5.85.0: loader-runner "^4.2.0" mime-types "^2.1.27" neo-async "^2.6.2" - schema-utils "^3.1.2" + schema-utils "^3.2.0" tapable "^2.1.1" terser-webpack-plugin "^5.3.7" watchpack "^2.4.0"