New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #9

Merged

O330oei merged 1 commit into master from snyk-fix-2863aeb801e6241d3ea07f51b3ecf233

Mar 26, 2020

snyk-bot commented Mar 26, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Gemfile

⚠️

Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONVIEW-560837	No	No Known Exploit
	Arbitrary Code Injection SNYK-RUBY-FARADAYMIDDLEWARE-20334	No	No Known Exploit
	Prototype Pollution SNYK-RUBY-JQUERYRAILS-450225	No	No Known Exploit
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-552159	No	No Known Exploit
	HTTP Response Splitting SNYK-RUBY-PUMA-559020	No	No Known Exploit
	HTTP Response Splitting SNYK-RUBY-PUMA-559100	No	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: Gemfile to reduce vulnerabilities

e7a00f0

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-560837
- https://snyk.io/vuln/SNYK-RUBY-FARADAYMIDDLEWARE-20334
- https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-450225
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559020
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559100

pull-assistant bot commented Mar 26, 2020

Best reviewed: commit by commit

Optimal code review plan

fix: Gemfile to reduce vulnerabilities

Powered by Pull Assistant. Last update e7a00f0 ... e7a00f0. Read the comment docs.

O330oei merged commit 5518f39 into master

O330oei deleted the snyk-fix-2863aeb801e6241d3ea07f51b3ecf233 branch

March 26, 2020 00:50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet