[Snyk] Fix for 2 vulnerabilities #42

Open

atomaka wants to merge 1 commits from snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f into master

pull from: snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f

merge into: atomaka:master

atomaka:master

atomaka:snyk-fix-93bbbca6fb961a4beaf62abc97b8c696

atomaka:snyk-fix-a4839c2a6aae1ff319e44bdf74db36ea

atomaka:dependabot/bundler/activerecord-6.1.7.1

atomaka:dependabot/bundler/sinatra-3.0.4

atomaka:snyk-fix-b746414b5cff8b0da5ad1d3bc8942719

atomaka:snyk-fix-ce6b1bed511762c7663072e425eabb5c

atomaka:dependabot/bundler/nokogiri-1.13.9

atomaka:dependabot/bundler/addressable-2.8.1

atomaka:snyk-fix-9cf156b6f6fbd07c3092c14e5dd8d6de

atomaka:snyk-fix-13036e608c3ff04a91e56945351c2ad5

atomaka:dependabot/bundler/tzinfo-1.2.10

atomaka:dependabot/bundler/jmespath-1.6.1

atomaka:snyk-fix-466639bbdb017c3afadbc6565c55eb97

atomaka:snyk-fix-7c28e189245c91ab25dde24dbcdda54c

atomaka:snyk-fix-dec3ab50d67b2df824a2b06f69f36594

atomaka:snyk-fix-5809b442593801e225b5b5ab04e91be7

atomaka:snyk-fix-5bdef8c547fc1e381448daffdadfddcc

atomaka:snyk-fix-1ef81a45e777b69b6c8bedd4ca39be04

atomaka:snyk-fix-33c7007ed54835d9273f6416463d268a

atomaka:snyk-fix-860764c6e2cda3d4dd36808d5008003e

atomaka:snyk-fix-1f5072891d8234260f56531be3224cdf

atomaka:snyk-fix-f1285d29fc134e64e0286a2897f756d9

atomaka:snyk-fix-de64ee4bc5b62e888d479a5649464440

atomaka:dependabot/bundler/rack-2.2.3

atomaka:snyk-fix-1125126ac6e8d74da6f24a5445cf1826

atomaka:dependabot/bundler/websocket-extensions-0.1.5

atomaka:snyk-fix-dd1ce670a0e9da6d4bcffddb8bfdf8cb

atomaka:snyk-fix-5475120628d4b60a1054f0375b7421f6

atomaka:snyk-fix-9e06ba1c5abd4ac66d437d7ec5359573

atomaka:snyk-fix-125a57af16b1f02630d0e5624a8bcfdf

atomaka:dependabot/bundler/rake-12.3.3

atomaka:snyk-fix-bf8d52731d33734943fabb90f59a1190

atomaka:snyk-fix-7fd6798f313bf8f59be961043921e3ca

atomaka:snyk-fix-4f67487b4ddf01e3351237a422e552f0

atomaka:snyk-fix-35605dde0341734bb44abc29afab0bba

atomaka:feature/actions-1

atomaka:feature/actions

atomaka:snyk-fix-b2e5bcce51d7e2e2a1164c5342eff5c9

atomaka:snyk-fix-ntnzaz

atomaka:snyk-fix-ezkfjn

atomaka:snyk-fix-305z6l

atomaka:snyk-fix-zkg3j5

atomaka:feature/poltergeist

atomaka:feature/gem-updates

Conversation 0 Commits 1 Files Changed 1 +57 -53

atomaka commented 2022-05-31 12:45:30 -04:00 (Migrated from github.com)

Copy Link

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-RUBY-RACK-2848599	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-RACK-2848600	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Gemfile.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **776/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 9.8 | Arbitrary Code Injection <br/>[SNYK-RUBY-RACK-2848599](https://snyk.io/vuln/SNYK-RUBY-RACK-2848599) | No | No Known Exploit  | **661/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS) <br/>[SNYK-RUBY-RACK-2848600](https://snyk.io/vuln/SNYK-RUBY-RACK-2848600) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4YmUyOTZiOC1iMTE1LTQ3MjEtODZjZC1mODZhMjM0ZDhhNTciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhiZTI5NmI4LWIxMTUtNDcyMS04NmNkLWY4NmEyMzRkOGE1NyJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8be296b8-b115-4721-86cd-f86a234d8a57","prPublicId":"8be296b8-b115-4721-86cd-f86a234d8a57","dependencies":[{"name":"poltergeist","from":"1.16.0","to":"1.16.0"},{"name":"sinatra","from":"2.0.0","to":"2.0.0"},{"name":"sinatra-activerecord","from":"2.0.13","to":"2.0.13"},{"name":"sinatra-contrib","from":"2.0.0","to":"2.0.0"},{"name":"sinatra-flash","from":"0.3.0","to":"0.3.0"}],"packageManager":"rubygems","projectPublicId":"39f5769a-2ee8-4777-a1bb-509dcee65a10","projectUrl":"https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-RUBY-RACK-2848599","SNYK-RUBY-RACK-2848600"],"upgrade":["SNYK-RUBY-RACK-2848599","SNYK-RUBY-RACK-2848600"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[776,661]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Arbitrary Code Injection](https://learn.snyk.io/lessons/malicious-code-injection/javascript?loc&#x3D;fix-pr)

This pull request can be merged automatically.

You are not authorized to merge this pull request.

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f master

git pull origin snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f

Step 2:

Merge the changes and update on Gitea.

git checkout master

git merge --no-ff snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: atomaka/link-share#42

No description provided.