New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 5 vulnerabilities #47

Merged

bowring merged 2 commits into main from snyk-fix-838b6ea28fd7575cd0ffd4cf204b16f7

Jul 30, 2022

Contributor

snyk-bot commented Jul 30, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- docs/Gemfile
- docs/Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-NOKOGIRI-2620374	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Write SNYK-RUBY-NOKOGIRI-2630623	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-2630898	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Improper Handling of Unexpected Data Type SNYK-RUBY-NOKOGIRI-2840634	No	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Directory Traversal SNYK-RUBY-TZINFO-2958048	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

snyk-bot and others added 2 commits

July 30, 2022 14:14


          fix: docs/Gemfile & docs/Gemfile.lock to reduce vulnerabilities

a786e8c

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048


          Merge branch 'main' into snyk-fix-838b6ea28fd7575cd0ffd4cf204b16f7

44a0f3e

bowring merged commit 1ead604 into main

bowring deleted the snyk-fix-838b6ea28fd7575cd0ffd4cf204b16f7 branch

July 30, 2022 20:26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet