Closed rcircleci closed 1 month ago
rcircleci
commented
1 month ago I wouldn't recommend adding httparty to the Gemfile as it's not actually a direct dependency of the project. It'd likely be confusing to someone working on the project later. And I already updated it in an earlier PR, so adding this line actually downgrades it from 0.22 to 0.21.
Done ✅
tfe
commented
1 month ago Actually as far as I can tell rack isn't even used in this project. It was added in this commit, but did not exist in the Gemfile.lock prior to that. A false positive from that time? I think we should try just removing it and seeing if the project builds.
rcircleci
commented
1 month ago Actually as far as I can tell rack isn't even used in this project. It was added in this commit, but did not exist in the Gemfile.lock prior to that. A false positive from that time? I think we should try just removing it and seeing if the project builds.
Unfortunately a green build here is not the full picture. If you want to make sure it works you will have to trigger a preview build to see if it builds in docs-platform. All you have to do is push this branch into preview in this repo and it should trigger a build
tfe
commented
1 month ago @rcircleci that works: https://app.circleci.com/pipelines/github/circleci/circleci-docs/54319/workflows/c41d1995-f5d5-48c8-bbc5-23439c9a2c60
And also I looked at the project itself and do not see anything that loads rack.
This takes care of the following CVEs: