Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 25 vulnerabilities #5

Open
wants to merge 42 commits into
base: gh-pages
Choose a base branch
from
Open

[Snyk] Fix for 25 vulnerabilities #5

wants to merge 42 commits into from

Conversation

officialmofabs
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
    • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVESUPPORT-3237242		 Yes No Known Exploit
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-3360028		 Yes No Known Exploit
high severity 834/1000
Why? Mature exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-RUBY-ACTIVESUPPORT-569598		 Yes Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ADDRESSABLE-1316242		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Access Control
SNYK-RUBY-JEKYLL-451462		 Yes No Known Exploit
high severity 574/1000
Why? Has a fix available, CVSS 7.2		 Remote Code Execution
SNYK-RUBY-KRAMDOWN-585939		 Yes No Known Exploit
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1055008		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		 No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Use After Free
SNYK-RUBY-NOKOGIRI-2413994		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		 No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
medium severity 414/1000
Why? Has a fix available, CVSS 4		 Out-of-Bounds
SNYK-RUBY-NOKOGIRI-3357692		 No No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Access Control Bypass
SNYK-RUBY-NOKOGIRI-3357693		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Command Injection
SNYK-RUBY-NOKOGIRI-459107		 No No Known Exploit
high severity 659/1000
Why? Has a fix available, CVSS 8.9		 Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		 No No Known Exploit
high severity 600/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		 No No Known Exploit
high severity 794/1000
Why? Mature exploit, Has a fix available, CVSS 7.3		 Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-RUBY-RUBYZIP-22039		 No Mature
high severity 635/1000
Why? Has a fix available, CVSS 8.2		 Denial of Service (DoS)
SNYK-RUBY-RUBYZIP-469156		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-RUBY-TZINFO-2958048		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Deserialization of Untrusted Data
🦉 More lessons are available in Snyk Learn

officialmofabs and others added 30 commits February 9, 2023 02:35
@officialmofabs
Update CODEOWNERS
aa7a5db 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CODEOWNERS
d7b2fd0 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CODEOWNERS
2ea3f21 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CODEOWNERS
9a37189 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update _config.yml
2b45411 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update base.Dockerfile
d1369d0 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update Dockerfile
b2c8d30 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update index.html
77ca97e 
Signed-off-by: Moses Fabiyi <[email protected]>
@projectoperations
Update README.md
7a00796 
Signed-off-by: IGE Project Service <[email protected]>
@projectoperations
Update README.md
ecff394 
Signed-off-by: IGE Project Service <[email protected]>
@projectoperations
Update README.md
0039e00 
Signed-off-by: IGE Project Service <[email protected]>
@officialmofabs
Update collections.html
68b40ac 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update guides.html
25c0b96 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update specification-toc.yml
ca4273e 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update footer.html
449652a 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update footer.html
62cf9cc 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update README.md
a66177d 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update README.md
0213a28 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CODEOWNERS
1ea31d2 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CNAME
bd1ec19 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Create jekyll.yml
564de79 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update README.md
cfbcc5e 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update CNAME
b33d0a4 
Signed-off-by: Moses Fabiyi <[email protected]>
@projectoperations
Create README.md
7787e9e 
Signed-off-by: IGE Project Service <[email protected]>
@officialmofabs
Delete collections.html
8fbbc9f 
Signed-off-by: Moses Fabiyi <[email protected]>
@projectoperations
Merge branch 'devcontainers:gh-pages' into gh-pages
c5e1dba
@projectoperations
Update README.md
89eb925 
Signed-off-by: IGE Project Service <[email protected]>
@officialmofabs
Create hadolint.yml
0e21eb1 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Update issue templates
2f0995d
@projectoperations
Update _config.yml
5f9f015 
Signed-off-by: IGE Project Service <[email protected]>
projectoperations and others added 12 commits February 10, 2023 23:25
@projectoperations
Update _config.yml
350102a 
Signed-off-by: IGE Project Service <[email protected]>
@projectoperations
Create dependabot.yml
05d79df 
Signed-off-by: IGE Project Service <[email protected]>
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
9754c75
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
1b099af
@projectoperations
Merge branch 'devcontainers:gh-pages' into gh-pages
d6ced54
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
11e18f2
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
f144cca
@officialmofabs
Create .github/workflows/label.yml
75ddb15 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
62dd429
@officialmofabs
Create .github/workflows/snyk-container.yml
b700dd6 
Signed-off-by: Moses Fabiyi <[email protected]>
@officialmofabs
Merge branch 'devcontainers:gh-pages' into gh-pages
ec6dd05
@snyk-bot
fix: Gemfile & Gemfile.lock to reduce vulnerabilities
6ec5984 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242
- https://snyk.io/vuln/SNYK-RUBY-JEKYLL-451462
- https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357692
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-RUBYZIP-22039
- https://snyk.io/vuln/SNYK-RUBY-RUBYZIP-469156
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@officialmofabs @projectoperations @snyk-bot