indirect / feedyour.email

https://feedyour.email
MIT License
22 stars 1 forks source link

rack dependency needs bumping #474

Closed numist closed 4 months ago

numist commented 4 months ago

Blocking PR checks (see: #473):

> bin/bundler-audit --update
Download ruby-advisory-db ...
Cloning into '/home/runner/.local/share/ruby-advisory-db'...
ruby-advisory-db:
  advisories:   896 advisories
  last updated: 2024-07-04 08:29:42 -0700
  commit:   606271ddd6df5c22f95158b095671859d378110e
Name: rack
Version: 3.1.4
CVE: CVE-2024-39316
GHSA: GHSA-cj83-2ww7-mvq7
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7
Title: Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Solution: upgrade to '>= 3.1.5'

Vulnerabilities found!
Error: Process completed with exit code 1.
indirect commented 4 months ago

very weird that dependabot hasn’t shown up with that yet…

indirect commented 4 months ago

anyway if you want to take a stab at it yourself the command is “bundle update rack”

indirect commented 4 months ago

Fixed in #473.