Dejavu's Blog – Telegram

Dejavu's Blog

2.8K subscribers

751 photos

31 videos

5 files

1.2K links

个人博客｜GitHub 发现｜RSS 讯息
群组 https://t.me/dejavuGroup

Download Telegram

About

Blog

Apps

Platform

2.8K subscribers

506 views10:24

看到有个说法很有意思，国内的很多企业的媒体运营（尤其是小红书平台），很多都在做“公款追星”、“公款打拳”，有意思🤔

483 views10:29

Forwarded from Dejavu's Blog

今天是母亲节哦🫣

414 views03:09

https://github.com/DetachHead/rebased

GitHub - DetachHead/rebased: A git client based on the IntelliJ platform

A git client based on the IntelliJ platform. Contribute to DetachHead/rebased development by creating an account on GitHub.

457 views07:46

https://github.com/zedeus/nitter

GitHub - zedeus/nitter: Alternative Twitter front-end

Alternative Twitter front-end. Contribute to zedeus/nitter development by creating an account on GitHub.

458 views08:01

https://hackaday.io/project/205403-solar-pi

solar-powered tiny homeserver

415 views11:31

Hytron #VPS 上新节点 1折码 85ZF6GK2RUAM https://zsh.moe/hyvps

Hytron #VPS 上新节点 Intel 金牌6138

1折码 85ZF6GK2RUAM 最低0.46/月，大量库存

下单 https://zsh.moe/hyvps

444 views23:00

☺️

😁5

451 views11:30

Forwarded from 层叠 - The Cascading

🔴 Tanstack 系列包被骇。

- 约 42 个包的 84 个版本受到影响；Tanstack Query (@tanstack/react-query) 未受影响。 [1]
- 在 5/11 安装了受影响版本的设备可能也因此被骇。
- 恶意行为包括收集设备上的凭据，以及向设备用户维护的 npm 包加入恶意代码并重新打包发布等。
- 有用户称，恶意软件会在设备上持续运行，如果监测到其收集的 token 被 revoke，则会清空设备家目录。 [2]

tanstack.com/~

1. GHSA-g7cv-rxg3-hmpx
2. gh:TanStack/router#7383

#Tanstack

Postmortem: TanStack npm supply-chain compromise | TanStack Blog

On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm.…

355 views04:58

This media is not supported in your browser

VIEW IN TELEGRAM

408 views11:42

❤1

上班3天，人已老实😷

😁1🌚1

416 views11:53

Forwarded from 层叠 - The Cascading

🔴 NGINX http_rewrite 模块漏洞；或会导致堆溢出甚至远程代码执行。

- 漏洞的起因是 nginx 尝试将 escape 过的 URL 写入未 escape 长度的内存。
- 在 ASLR 未被开启的情况下，可以导致远程代码执行。
- 修复已于 1.30.1/1.31.0 发布。

1. https://depthfirst.com/nginx-rift
2. my.f5.com/~

CVE: CVE-2026-42945
CVSS: 9.2 (F5 Networks)
Affect: [0.6.27, 1.30.0]
Fixed-At: 1.30.1, 1.31.0

#nginx

An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.

309 views03:56

无耻之徒里面最讨厌这个黛比了，每次看到她都好烦😂

374 views11:25

这到提醒我了，刚刚把所有服务器都升级了一下😂

380 views12:59

想把服务迁移到 Podman 还是以失败告终，还是 Docker 用得顺手😆

372 views13:21

老马真是高强度刷 X

448 views13:26

BitWarden 浏览器插件更新了，好像变好看了点

292 viewsedited 04:02

#AI #Skills

https://github.com/yetone/native-feel-skill

GitHub - yetone/native-feel-skill: An Agent Skill for designing cross-platform desktop apps that feel native — distilled from Raycast's…

An Agent Skill for designing cross-platform desktop apps that feel native — distilled from Raycast's 2.0 deep-dive and reverse engineering of Raycast Beta.app. Eight architectural tenets, f...

204 views21:45

#macOS #图标 #icns #AI

https://github.com/TeamDev-IP/MoBrowser-App-Icon-Maker

GitHub - TeamDev-IP/MoBrowser-App-Icon-Maker: Generate macOS app icons using AI.

Generate macOS app icons using AI. Contribute to TeamDev-IP/MoBrowser-App-Icon-Maker development by creating an account on GitHub.

192 views21:46

#Plausible CE 安全更新

https://github.com/plausible/analytics/releases/tag/v3.2.1

Release v3.2.1 · plausible/analytics

Security related update
This patch release fixes a security vulnerability affecting the following versions of Plausible Community Edition (image: ghcr.io/plausible/community-edition):
Tags:

v3.2
v...

165 views21:47

基于 HTTP/SSE 的加密 SOCKS5/HTTP 代理隧道 - 专为仅使用纯 HTTP 的环境而构建。

https://github.com/aeroxy/tunnix

GitHub - aeroxy/tunnix: An encrypted SOCKS5/HTTP proxy tunnel over HTTP/SSE — built for environments where only plain HTTP works.

An encrypted SOCKS5/HTTP proxy tunnel over HTTP/SSE — built for environments where only plain HTTP works. - aeroxy/tunnix

159 views21:48