guardrails[bot]
commented
1 year ago :warning: We detected 7 security issues in this pull request:
Vulnerable Libraries (7)
Severity | Details ----- | -------- Medium | [pkg:gem/activesupport@6.1.4.4@6.1.4.4](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L13) - **no patch available** Critical | [pkg:gem/jmespath@1.5.0@1.5.0](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L89) - **no patch available** N/A | [pkg:gem/nokogiri@1.13.1@1.13.1](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L98) upgrade to: *1.13.2* High | [pkg:gem/i18n@1.8.11@1.8.11](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L87) - **no patch available** High | [pkg:gem/rack@2.2.3@2.2.3](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L110) - **no patch available** N/A | [activesupport@6.1.4.4](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L5) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [jmespath@6.1.4.4](https://github.com/flexport/quarantine/blob/b37fb1a242e6ba0547745c20fabd4e4ab9db9c9c/Gemfile.lock#L28) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* More info on how to fix Vulnerable Libraries in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/using_vulnerable_libraries.html?utm_source=ghpr#).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
To support the range of Ruby 2.6-3.1 in CI, this change also adds a development dependence on activesupport locked to
~> 6.1