New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 5 vulnerabilities #547

Merged

mseedat-moj merged 9 commits into main from snyk-fix-57ca54026af7aab9f941f87537c6bb24

Mar 8, 2024

Contributor

rohanssalunkhe commented Feb 28, 2024 •

edited by mseedat-moj

Update from Mo

changing rails_event_store, '>= 2.14.0' causes odd assertion error in spec/system/manage_users/change_user_role_spec.rb:44 - method args switched!

Same as Datastore - dotenv-rails v3 causes spects to fail due to bkeepers/dotenv#482 so manually reverted to older working version

New rubocop does not like the use of pluck which I've disabled for now because not sure what the repurcussions could be with real world usage new ticket: CRIMAPP-617

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Gemfile

⚠️

Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-6274386	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIONPACK-6274387	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274383	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274384	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-RUBY-RACK-6274385	Yes	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)


          fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-6274386
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-6274387
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274383
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274384
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274385

rohanssalunkhe requested a review from a team as a code owner

February 28, 2024 10:14

mseedat-moj added 8 commits

March 7, 2024 18:21


          Update gemfile to working dotenv-rails

10eaf4d


          Update comment

3d70863


          Merge branch 'main' into snyk-fix-57ca54026af7aab9f941f87537c6bb24

8e0f0ba


          Update gems

bbd7f45


          Snyk Fix Initial recommended updates

2a6f1e3


          Snyx Fix update Capybara

c4bb3a5


          Snyk fix update rubocop-rails

f3be428


          Snyk fix update rspec-rails

d830577

timpeat approved these changes

View reviewed changes

mseedat-moj merged commit 3b91243 into main

6 checks passed

mseedat-moj deleted the snyk-fix-57ca54026af7aab9f941f87537c6bb24 branch

March 8, 2024 10:04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment