GHSA-97m3-w2cp-4xx6
Symfony
GHSA-97m3-w2cp-4xx6 | Symfony | |
---|---|---|
13 | 163 | |
- | 29,625 | |
- | 0.4% | |
- | 10.0 | |
- | about 21 hours ago | |
PHP | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GHSA-97m3-w2cp-4xx6
-
Selecting the Right Dependencies: A Comprehensive Practical Guide
How safe is it to use? It may sound like fiction, but yes, dependencies can be dangerous. For example, an interesting feature was added to a library with 500k downloads: it tries to replace all files on the computer with ❤️ if your IP address falls within a specific range.
- Embedded Malicious Code in node-ipc
- Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
-
With the recent scandal over the 'node-ipc' package, is Composer also vulnerable like this? Is there any security measure in the Composer to prevent this type of attack?
Source: CVE-2022-23812
- CVE-2022-23812 - mbedded Malicious Code in node-ipc - The package node-ipc versions 10.1.1 and 10.1.2 are vulnerable to embedded malicious code that was introduced by the maintainer. The malicious code was intended to overwrite arbitrary files on Russian systems
- My entire PC got wiped Do not download
- NPM supply chain attack - Wipes your disk if you have a Russian/Byelorussian IP
-
Ukraine Invasion Megathread #3
I have not audited the malicious code myself, so you might be right, I'm going by the CVE reports that say it does this to arbitrary files.
Symfony
-
Integration tests on Symfony with Testcontainers
Today Symfony Framework is one of most mature and stable frameworks in PHP universe and it have various good implemented solutions, as integration tests for example. But, personally I always thought that although is easy to do integration tests itself, to provide external dependencies for test It wasn't always so easy, as databases for example.
- Testes de Integração no Symfony com Testcontainers
-
Symfony 7 vs. .NET Core 8 - Templating
There is one global variable (an AppValriable) accessible in every template, which can give us info about the current request, user, or environment:
-
Creating a React component using Symfony UX
I have been using Angular to build my front-ends for much time and I wanted to try another framework. I usually read a lot of posts and articles about React and I decided to start learning it. As I am a Symfony lover, I decided to start my learning trying to integrate a React component by using the symfony/ux-react component. In this post, I will explain the steps I've followed to achieve it.
-
How to Send Emails with Email API: Practical Examples in Popular Languages and Frameworks
However, it’s recommended to use Symfony for its fast performance, ease of use, flexibility, and strong community support.
-
Why we chose Elixir
Some time ago, I worked with a team to rebuild a company's internal web application, which was based on a very outdated version of Symfony, and was no longer salvageable for several reasons.
-
Creating your own security attribute with Symfony
Symfony security has a great feature to check authorization named Voters. Voters are services which allows you to check user authorization in the way you need. In this article, I would like to share with you another way to define custom authorization checking: Create our custom security attribute Let’s imagine we store user roles out of the User class (the one which implements the Symfony UserInterface) and we have a controller on which we only want to allow ROLE_SUPERUSER users.
-
Modern PHP Development in 2024
Symfony
-
How to start a Symfony 7 application with Docker without having PHP locally installed on your machine
services: .... app: build: context: . dockerfile: Dockerfile hostname: app restart: unless-stopped container_name: symfony-app # A custom name to be used in build scripts depends_on: - db # requires the database service to be available ports: - "9980:80" # the service will be available in my browser at http://localhost:9980 volumes: - .:/var/www/project # all files in current directory will also be available in the container, allowing you to update the source code with your IDE - ./000-default.conf:/etc/apache2/sites-available/000-default.conf:ro # Override the default apache vhost file to ensure that the symfony application is served by default # the contents of 000-default.conf is obtained from https://symfony.com/doc/current/setup/web_server_configuration.html, with modifications applied to match folder locations
- Criando uma API simples com PHP puro
What are some alternatives?
es5-ext - ECMAScript extensions (with respect to upcoming ECMAScript features)
PHPMailer - The classic email sending library for PHP
peacenotwar - Attempts to determine if the computer its running on has an IP originating from Russia or Belarus. If it is then depending on the version of the malware either attempts to delete all files on the computer, or creates a text file on the computers desktop protesting the war in ukraine.
Swoole - 🚀 Coroutine-based concurrency library for PHP
node-ipc - A nodejs module for local and remote Inter Process Communication (IPC), Neural Networking, and able to facilitate machine learning.
Slim Framework - Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.
Spiral Framework - High-Performance PHP Framework
ProxiTok - Open source alternative frontend for TikTok made using PHP
tesseract-ocr-for-php - A wrapper to work with Tesseract OCR inside PHP.
Laravel - Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things.
HTML Purifier - Standards compliant HTML filter written in PHP
Phalcon - High performance, full-stack PHP framework delivered as a C extension.