Random Note 2024-06-11

New vulnerability of IntelliJ-based IDEs

Updates for security issue affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin | The Security Blog

A new security issue was discovered that affects the JetBrains GitHub plugin on the IntelliJ platform, which could lead to disclosure of access tokens to third-party sites. The issue affects all IntelliJ-based IDEs as of 2023.1 onwards that have the JetBrains GitHub plugin enabled and configured/in-use. 

https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/

The Details

On the 29th of May 2024 we received an external security report with details of a possible vulnerability that would affect pull requests within the IDE. In particular, malicious content as part of a pull request to a GitHub project which would be handled by IntelliJ-based IDEs, would expose access tokens to a third-party host. The CVE ID assigned to this vulnerability is CVE-2024-37051.

In addition to assessing the issue and starting work on a resolution, we also immediately contacted GitHub to assist us with mitigation. Please note that due to these mitigation measures, the JetBrains GitHub plugin in older versions of JetBrains IDEs may no longer work as expected.

What is required of you

1. OAuth Integration Settings: go to Applications → Authorized OAuth Apps and revoke access for the JetBrains IDE Integration application.
2. Personal Access Token Settings: go to the Tokens page and delete the token issued for the plugin. The default token name is IntelliJ IDEA GitHub integration plugin, but you may be using custom names as well.

WWDC 24

Rsdoctor

Build Analyzer for Rspack and Webpack

GitHub - web-infra-dev/rsdoctor: A one-stop build analyzer for Rspack and webpack.

A one-stop build analyzer for Rspack and webpack. Contribute to web-infra-dev/rsdoctor development by creating an account on GitHub.

https://github.com/web-infra-dev/rsdoctor

caption

Fetures: https://github.com/web-infra-dev/rsdoctor?tab=readme-ov-file#-position

Cuteness

It's true.

カーネル／VM探検隊

I've joined! (offline attendance)

Kernel/VM探検隊@東京 No17 (2024/08/10 12:30〜)

## イベント概要 カーネルやVM、およびその他なんでもIT技術の話題ジャンルについて誰でも何でも発表してワイワイ盛り上がろうという会です。ジャンルの指定は特にありません． 楽しければ何でもOK です．詳しい内容や，過去の発表については過去イベントを参照してください． たとえばLinux・*BSD・Plan9・Windowsなどの各種OSのデベロッパー/ヘビーユーザー，セキュリティ界隈の方々，競技プログラミング方面や難読化プログラミングが趣味な方，VMMの研究者の方，社宅でBGP組みたい方，などなど様々な分野で御活躍中の方々に幅広くご参加頂いております. ## 会場 * リア...

https://kernelvm.connpass.com/event/321962/

Nuxt v3.12 (v4 opt-in)

Nuxt 3.12 · Nuxt Blog

Nuxt 3.12 is out - full of improvements and preparing the way for Nuxt 4!

https://nuxt.com/blog/v3-12

export default defineNuxtConfig({
  future: {
    compatibilityVersion: 4,
  },
})

• nuxt scripts https://scripts.nuxt.com/
• nuxt/a11y (WIP)

hy-phen-ate (by typst)

Hyphenate Words Online

Unsure where to hyphenate a word? Check hyphenation for 34 languages with our free online tool. Super fast and effortless, no registration required.

https://typst.app/tools/hyphenate/

hyphenation:

the use of the symbol -, joining two words or two parts of a word

dictionary.cambridge.org

https://dictionary.cambridge.org/dictionary/english/hyphenation

C++'s ub of filtered vector mutation