Resolve `High` finding in CodeQL for sdg.data.gov

tdlowden commented 1 month ago

_Please keep any sensitive details in Google Drive._

Date of report: 9/24/24 Severity: HIGH Due date: 10/18/24

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

[ ] Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

https://github.com/GSA/sdg-indicators-usa/security/code-scanning/1

Bagesary commented 1 month ago

Have to wait until SDG have the latest version of Ruby.

btylerburton commented 1 month ago

Marked as fixed when we updated main branch with develop. https://github.com/GSA/sdg-indicators-usa/security/code-scanning/1

GSA / data.gov

Resolve `High` finding in CodeQL for sdg.data.gov #4903

Brief description