search

uclibs / ucrate

Scholar@UC: University of Cincinnati's self-submission institutional repository
https://scholar.uc.edu
Other
5 stars 3 forks source link

Upgrade Omniauth gem #943

Open bsp3ars opened 3 years ago

bsp3ars commented 3 years ago

Descriptive summary

We need to upgrade the Omniauth gem to >= 2.0.0

Bundler-audit Message:

Name: omniauth Version: 1.9.1 CVE: CVE-2015-9284 GHSA: GHSA-ww4x-rwq6-qpgf Criticality: High URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 Title: CSRF vulnerability in OmniAuth's request phase Solution: upgrade to >= 2.0.0

crowesn commented 2 years ago

I think this is tied in with the orcid gem which is pointed at a local repo and is also not functioning properly.

Janell-Huyck commented 10 months ago

We are now on 1.9.2 but still need to update to 2.0

Name: omniauth Version: 1.9.2 CVE: CVE-2015-9284 GHSA: GHSA-ww4x-rwq6-qpgf Criticality: High URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 Title: CSRF vulnerability in OmniAuth's request phase Solution: upgrade to '>= 2.0.0'