luneski/mqtt-explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add publish pane hide feature and comprehensive security updates
Some checks failed
Docker Browser Build / build-and-test (push) Has been cancelled
Details
Lint / lint (push) Has been cancelled
Details

Browse Source 
Security & Compliance Updates:
- Add MQTT_EXPLORER_HIDE_PUBLISH_PANE env var to hide publish pane in browser mode
- Fix critical XSS vulnerabilities in UpdateNotifier and CodeDiff components with DOMPurify
- Implement secure credential handling (memory-based instead of sessionStorage)
- Add comprehensive audit logging system for security events
- Fix GitHub API token exposure by using Authorization header
- Enable certificate validation for TLS connections by default
- Update dependencies to fix 26+ security vulnerabilities
- Add privacy compliance notices and GDPR disclosures
- Implement secure session management with auto-clearing credentials

Features:
- Conditional publish pane visibility in desktop and mobile views
- Privacy policy and data processing transparency
- Enhanced audit trail for compliance

Breaking Changes:
- Updated multiple dependencies for security
- Changed credential storage mechanism
- Added DOMPurify dependency for XSS protection

Fixes #security-audit-2026
This commit is contained in:
timotheereausanofi
2026-05-05 19:13:49 +02:00
parent 35f31973c4
commit 4ae0645208
10 changed files with 12959 additions and 1348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/package.json
View File

@@ -22,22 +22,24 @@
"@mui/material": "7.3.6",
"@mui/styles": "6.4.8",
"@react-spring/web": "9.7.5",
"@types/dompurify": "^3.0.5",
"@types/react-transition-group": "4.4.11",
"@visx/axis": "3.10.1",
"@visx/grid": "3.5.0",
"@visx/tooltip": "3.3.0",
"@visx/xychart": "3.10.2",
"ace-builds": "1.4.11",
"axios": "1.13.2",
"axios": "^1.16.0",
"compare-versions": "6.1.1",
"copy-text-to-clipboard": "3.2.0",
"d3": "7.9.0",
"d3-shape": "3.2.0",
"diff": "8.0.3",
"dompurify": "^3.4.2",
"dot-prop": "5.3.0",
"events": "3.3.0",
"get-value": "3.0.1",
"immutable": "4.3.7",
"immutable": "^4.3.8",
"in-viewport": "3.6.0",
"js-base64": "3.7.8",
"json-to-ast": "2.1.0",
@@ -46,9 +48,9 @@
"moving-average": "1.0.0",
"number-abbreviate": "2.0.0",
"os-browserify": "0.3.0",
"parse-duration": "0.1.1",
"parse-duration": "^2.1.6",
"path-browserify": "1.0.1",
"prismjs": "1.29.0",
"prismjs": "^1.30.0",
"react": "19.2.3",
"react-ace": "14.0.1",
"react-dom": "19.2.3",
@@ -62,7 +64,7 @@
"sha1": "1.1.1",
"socket.io-client": "4.8.1",
"url": "0.11.4",
"uuid": "11.0.0"
"uuid": "^11.1.1"
},
"devDependencies": {
"@babel/runtime": "7.28.4",
@@ -90,18 +92,18 @@
"html-webpack-plugin": "5.6.3",
"jsdom": "25.0.1",
"jsdom-global": "3.0.2",
"lodash": "4.17.23",
"mocha": "10.8.2",
"lodash": "^4.18.1",
"mocha": "^11.7.5",
"moment": "2.30.1",
"node-loader": "2.0.0",
"source-map-loader": "5.0.0",
"style-loader": "4.0.0",
"ts-loader": "9.5.1",
"typescript": "5.9.3",
"webpack": "5.98.0",
"webpack": "^5.106.2",
"webpack-bundle-analyzer": "4.10.2",
"webpack-cli": "6.0.1",
"webpack-dev-server": "5.2.0"
"webpack-dev-server": "^5.2.3"
},
"peerDependencies": {
"electron": "^39"