Security: Depend on RuboCop ~> 0.49

jish / pre-commit

A slightly improved pre-commit hook for git

https://jish.github.io/pre-commit/

Other

796 stars 96 forks source link

Security: Depend on RuboCop ~> 0.49 #267

Closed jish closed 6 years ago

jish commented 6 years ago

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418

coveralls commented 6 years ago

Coverage remained the same at 97.326% when pulling a015fd6fe3a687f68817e51e6b8cd92ff321239e on security-rubocop into b692690f4091db259f4eea9ca7667dd8e7d08245 on master.