[Snyk] Fix for 2 vulnerabilities #51

Open

atomaka wants to merge 1 commits from snyk-fix-ce6b1bed511762c7663072e425eabb5c into master

pull from: snyk-fix-ce6b1bed511762c7663072e425eabb5c

merge into: atomaka:master

atomaka:master

atomaka:snyk-fix-93bbbca6fb961a4beaf62abc97b8c696

atomaka:snyk-fix-a4839c2a6aae1ff319e44bdf74db36ea

atomaka:dependabot/bundler/activerecord-6.1.7.1

atomaka:dependabot/bundler/sinatra-3.0.4

atomaka:snyk-fix-b746414b5cff8b0da5ad1d3bc8942719

atomaka:dependabot/bundler/nokogiri-1.13.9

atomaka:dependabot/bundler/addressable-2.8.1

atomaka:snyk-fix-9cf156b6f6fbd07c3092c14e5dd8d6de

atomaka:snyk-fix-13036e608c3ff04a91e56945351c2ad5

atomaka:dependabot/bundler/tzinfo-1.2.10

atomaka:dependabot/bundler/jmespath-1.6.1

atomaka:snyk-fix-466639bbdb017c3afadbc6565c55eb97

atomaka:snyk-fix-f861dd85e2c6aa6c13a4ad583a97d77f

atomaka:snyk-fix-7c28e189245c91ab25dde24dbcdda54c

atomaka:snyk-fix-dec3ab50d67b2df824a2b06f69f36594

atomaka:snyk-fix-5809b442593801e225b5b5ab04e91be7

atomaka:snyk-fix-5bdef8c547fc1e381448daffdadfddcc

atomaka:snyk-fix-1ef81a45e777b69b6c8bedd4ca39be04

atomaka:snyk-fix-33c7007ed54835d9273f6416463d268a

atomaka:snyk-fix-860764c6e2cda3d4dd36808d5008003e

atomaka:snyk-fix-1f5072891d8234260f56531be3224cdf

atomaka:snyk-fix-f1285d29fc134e64e0286a2897f756d9

atomaka:snyk-fix-de64ee4bc5b62e888d479a5649464440

atomaka:dependabot/bundler/rack-2.2.3

atomaka:snyk-fix-1125126ac6e8d74da6f24a5445cf1826

atomaka:dependabot/bundler/websocket-extensions-0.1.5

atomaka:snyk-fix-dd1ce670a0e9da6d4bcffddb8bfdf8cb

atomaka:snyk-fix-5475120628d4b60a1054f0375b7421f6

atomaka:snyk-fix-9e06ba1c5abd4ac66d437d7ec5359573

atomaka:snyk-fix-125a57af16b1f02630d0e5624a8bcfdf

atomaka:dependabot/bundler/rake-12.3.3

atomaka:snyk-fix-bf8d52731d33734943fabb90f59a1190

atomaka:snyk-fix-7fd6798f313bf8f59be961043921e3ca

atomaka:snyk-fix-4f67487b4ddf01e3351237a422e552f0

atomaka:snyk-fix-35605dde0341734bb44abc29afab0bba

atomaka:feature/actions-1

atomaka:feature/actions

atomaka:snyk-fix-b2e5bcce51d7e2e2a1164c5342eff5c9

atomaka:snyk-fix-ntnzaz

atomaka:snyk-fix-ezkfjn

atomaka:snyk-fix-305z6l

atomaka:snyk-fix-zkg3j5

atomaka:feature/poltergeist

atomaka:feature/gem-updates

Conversation 0 Commits 1 Files Changed 1 +60 -56

atomaka commented 2022-10-25 12:33:36 -04:00 (Migrated from github.com)

Copy Link

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	NULL Pointer Dereference SNYK-RUBY-NOKOGIRI-3052880	No	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Web Cache Poisoning SNYK-RUBY-RACK-1061917	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Gemfile.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **661/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | NULL Pointer Dereference <br/>[SNYK-RUBY-NOKOGIRI-3052880](https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880) | No | No Known Exploit  | **616/1000** <br/> **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Web Cache Poisoning <br/>[SNYK-RUBY-RACK-1061917](https://snyk.io/vuln/SNYK-RUBY-RACK-1061917) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmOTU1MzEwZS1hODc3LTRmMzItOWI4YS0xNGZhYzk3ZjExYmUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImY5NTUzMTBlLWE4NzctNGYzMi05YjhhLTE0ZmFjOTdmMTFiZSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"f955310e-a877-4f32-9b8a-14fac97f11be","prPublicId":"f955310e-a877-4f32-9b8a-14fac97f11be","dependencies":[{"name":"poltergeist","from":"1.16.0","to":"1.16.0"},{"name":"sinatra","from":"2.0.0","to":"2.0.0"},{"name":"sinatra-activerecord","from":"2.0.13","to":"2.0.13"},{"name":"sinatra-contrib","from":"2.0.0","to":"2.0.0"},{"name":"sinatra-flash","from":"0.3.0","to":"0.3.0"}],"packageManager":"rubygems","projectPublicId":"39f5769a-2ee8-4777-a1bb-509dcee65a10","projectUrl":"https://app.snyk.io/org/atomaka/project/39f5769a-2ee8-4777-a1bb-509dcee65a10?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-RUBY-NOKOGIRI-3052880","SNYK-RUBY-RACK-1061917"],"upgrade":["SNYK-RUBY-NOKOGIRI-3052880","SNYK-RUBY-RACK-1061917"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661,616]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

This pull request can be merged automatically.

You are not authorized to merge this pull request.

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b snyk-fix-ce6b1bed511762c7663072e425eabb5c master

git pull origin snyk-fix-ce6b1bed511762c7663072e425eabb5c

Step 2:

Merge the changes and update on Gitea.

git checkout master

git merge --no-ff snyk-fix-ce6b1bed511762c7663072e425eabb5c

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: atomaka/link-share#51

No description provided.