refactor: Security upgrade jazzy from 0.13.5 to 0.13.5

parseplatformorg commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Gemfile.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **591/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Cross-site Scripting (XSS)
[SNYK-RUBY-ACTIVESUPPORT-3360028](https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **629/1000**
**Why?** Has a fix available, CVSS 8.3 | Cross-site Scripting (XSS)
[SNYK-RUBY-REDCARPET-1059089](https://snyk.io/vuln/SNYK-RUBY-REDCARPET-1059089) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/acinader/project/ec75b787-7aa5-43bb-9ae6-b1f26b4bdf85?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/acinader/project/ec75b787-7aa5-43bb-9ae6-b1f26b4bdf85?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e66048cb-1e59-471b-9b1c-4ee9072c2af5","prPublicId":"e66048cb-1e59-471b-9b1c-4ee9072c2af5","dependencies":[{"name":"jazzy","from":"0.13.5","to":"0.13.5"}],"packageManager":"rubygems","projectPublicId":"ec75b787-7aa5-43bb-9ae6-b1f26b4bdf85","projectUrl":"https://app.snyk.io/org/acinader/project/ec75b787-7aa5-43bb-9ae6-b1f26b4bdf85?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-RUBY-ACTIVESUPPORT-3360028","SNYK-RUBY-REDCARPET-1059089"],"upgrade":["SNYK-RUBY-ACTIVESUPPORT-3360028","SNYK-RUBY-REDCARPET-1059089"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[591,629],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/cpp/?loc=fix-pr)

parse-github-assistant[bot] commented 1 year ago

I will reformat the title to use the proper commit message syntax.

parse-github-assistant[bot] commented 1 year ago

Thanks for opening this pull request!

❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

codecov[bot] commented 1 year ago

Codecov Report

Patch coverage has no change and project coverage change: -0.16 :warning:

Comparison is base (cbab34c) 78.17% compared to head (d8a40a7) 78.01%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #1730 +/- ## ========================================== - Coverage 78.17% 78.01% -0.16% ========================================== Files 307 292 -15 Lines 36803 34708 -2095 ========================================== - Hits 28770 27077 -1693 + Misses 8033 7631 -402 ``` [see 16 files with indirect coverage changes](https://codecov.io/gh/parse-community/Parse-SDK-iOS-OSX/pull/1730/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=parse-community) Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=parse-community). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=parse-community)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

dplewis commented 9 months ago

Superceded by https://github.com/parse-community/Parse-SDK-iOS-OSX/pull/1752

parse-community / Parse-SDK-iOS-OSX