[Snyk] Upgrade vinyl from 2.2.0 to 2.2.1

[snyk-bot]

Snyk has created this PR to upgrade vinyl from 2.2.0 to 2.2.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 7 months ago, on 2020-09-22.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer[bot]]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is almost always a mistake, we're going to go ahead and close this. If it was intentional, please let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog[bot]]

*Ruff* :dog: I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file :weary: Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a `docker-compose.yml` file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available. Visit our website to learn more.

Commands

- `@pull-dog up` to reprovision or provision the server. - `@pull-dog down` to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository **Configuration** ```json { "isLazy": false, "dockerComposeYmlFilePaths": [ "docker-compose.yml" ], "expiry": "00:00:00", "conversationMode": "singleComment" } ``` **Trace ID** 82e91d30-ae0f-11eb-92bb-458d84393a98

[guardrails[bot]]

:warning: We detected 10 security issues in this pull request:

Mode: paranoid | Total findings: 10 | Considered vulnerability: 0

Hard-Coded Secrets (2)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr) | Title: **Hard-coded Secrets**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/_config.yml#L117 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr) | Title: **Hard-coded Secrets**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/_config.yml#L118 More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---

Insecure Use of Dangerous Function (1)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr) | Title: **Use of child process and non-literal exec()**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L7 More info on how to fix Insecure Use of Dangerous Function in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr). ---

Insecure File Management (6)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal fs filename**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L216 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal fs filename**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L219 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal fs filename**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L222 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal require**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L278 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal fs filename**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L282 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr) | Title: **Use of non-literal fs filename**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/gulpfile.js#L285 More info on how to fix Insecure File Management in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/Insecure_file_management.html?utm_source=ghpr). ---

Insecure Use of Regular Expressions (1)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr) | Title: **Regex DOS (ReDOS)**
https://github.com/turkdevops/portapps.github.io/blob/c95ae2059713efb21dde17bd7c29a6f36bfb00c5/src/js/main.js#L33 More info on how to fix Insecure Use of Regular Expressions in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr).

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.