[Snyk] Security upgrade aws-sdk from 2.10.53 to 2.10.53 #43

Open

atomaka wants to merge 1 commit from snyk-fix-466639bbdb017c3afadbc6565c55eb97 into master

pull from: snyk-fix-466639bbdb017c3afadbc6565c55eb97

merge into: atomaka:master

atomaka:master

atomaka:snyk-fix-93bbbca6fb961a4beaf62abc97b8c696

atomaka:snyk-fix-a4839c2a6aae1ff319e44bdf74db36ea

atomaka:dependabot/bundler/activerecord-6.1.7.1

atomaka:dependabot/bundler/sinatra-3.0.4

atomaka:snyk-fix-b746414b5cff8b0da5ad1d3bc8942719

atomaka:snyk-fix-ce6b1bed511762c7663072e425eabb5c

atomaka:dependabot/bundler/nokogiri-1.13.9

atomaka:dependabot/bundler/addressable-2.8.1

atomaka:snyk-fix-9cf156b6f6fbd07c3092c14e5dd8d6de

atomaka:snyk-fix-13036e608c3ff04a91e56945351c2ad5

atomaka:dependabot/bundler/tzinfo-1.2.10

atomaka:dependabot/bundler/jmespath-1.6.1

atomaka:snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f

atomaka:snyk-fix-7c28e189245c91ab25dde24dbcdda54c

atomaka:snyk-fix-dec3ab50d67b2df824a2b06f69f36594

atomaka:snyk-fix-5809b442593801e225b5b5ab04e91be7

atomaka:snyk-fix-5bdef8c547fc1e381448daffdadfddcc

atomaka:snyk-fix-1ef81a45e777b69b6c8bedd4ca39be04

atomaka:snyk-fix-33c7007ed54835d9273f6416463d268a

atomaka:snyk-fix-860764c6e2cda3d4dd36808d5008003e

atomaka:snyk-fix-1f5072891d8234260f56531be3224cdf

atomaka:snyk-fix-f1285d29fc134e64e0286a2897f756d9

atomaka:snyk-fix-de64ee4bc5b62e888d479a5649464440

atomaka:dependabot/bundler/rack-2.2.3

atomaka:snyk-fix-1125126ac6e8d74da6f24a5445cf1826

atomaka:dependabot/bundler/websocket-extensions-0.1.5

atomaka:snyk-fix-dd1ce670a0e9da6d4bcffddb8bfdf8cb

atomaka:snyk-fix-5475120628d4b60a1054f0375b7421f6

atomaka:snyk-fix-9e06ba1c5abd4ac66d437d7ec5359573

atomaka:snyk-fix-125a57af16b1f02630d0e5624a8bcfdf

atomaka:dependabot/bundler/rake-12.3.3

atomaka:snyk-fix-bf8d52731d33734943fabb90f59a1190

atomaka:snyk-fix-7fd6798f313bf8f59be961043921e3ca

atomaka:snyk-fix-4f67487b4ddf01e3351237a422e552f0

atomaka:snyk-fix-35605dde0341734bb44abc29afab0bba

atomaka:feature/actions-1

atomaka:feature/actions

atomaka:snyk-fix-b2e5bcce51d7e2e2a1164c5342eff5c9

atomaka:snyk-fix-ntnzaz

atomaka:snyk-fix-ezkfjn

atomaka:snyk-fix-305z6l

atomaka:snyk-fix-zkg3j5

atomaka:feature/poltergeist

atomaka:feature/gem-updates

Conversation 0 Commits 1 Files changed 2 +12 -10

atomaka commented 2022-06-07 12:51:44 -04:00 (Migrated from github.com)

Copy link

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • Gemfile
  • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	691/1000 Why? Recently disclosed, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-RUBY-JMESPATH-2859799	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data

<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Gemfile - Gemfile.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **691/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data <br/>[SNYK-RUBY-JMESPATH-2859799](https://snyk.io/vuln/SNYK-RUBY-JMESPATH-2859799) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlMjE5MTcxMS0xMzIzLTQ2YzEtYTFmZS1iYTdiMGVjNDQ3NzQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImUyMTkxNzExLTEzMjMtNDZjMS1hMWZlLWJhN2IwZWM0NDc3NCJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e2191711-1323-46c1-a1fe-ba7b0ec44774","prPublicId":"e2191711-1323-46c1-a1fe-ba7b0ec44774","dependencies":[{"name":"aws-sdk","from":"2.10.53","to":"2.10.53"}],"packageManager":"rubygems","projectPublicId":"39f5769a-2ee8-4777-a1bb-509dcee65a10","projectUrl":"https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-RUBY-JMESPATH-2859799"],"upgrade":["SNYK-RUBY-JMESPATH-2859799"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[691]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Deserialization of Untrusted Data](https://learn.snyk.io/lessons/insecure-deserialization/java?loc&#x3D;fix-pr)

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin snyk-fix-466639bbdb017c3afadbc6565c55eb97:snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout snyk-fix-466639bbdb017c3afadbc6565c55eb97

Merge

Merge the changes and update on Forgejo.

git checkout master

git merge --no-ff snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout snyk-fix-466639bbdb017c3afadbc6565c55eb97

git rebase master

git checkout master

git merge --ff-only snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout snyk-fix-466639bbdb017c3afadbc6565c55eb97

git rebase master

git checkout master

git merge --no-ff snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout master

git merge --squash snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout master

git merge --ff-only snyk-fix-466639bbdb017c3afadbc6565c55eb97

git checkout master

git merge snyk-fix-466639bbdb017c3afadbc6565c55eb97

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference: atomaka/link-share#43

No description provided.