Closed crondaemon closed 5 years ago
coveralls
commented
5 years ago Coverage decreased (-0.1%) to 96.804% when pulling 49f86da57145612bf2358200815facad82de24c5 on dario/rails-html-sanitizer into 84575e792ad0a7267f7d7244be748efd0176a6cf on master.
coveralls
commented
5 years ago Coverage decreased (-0.1%) to 96.804% when pulling 49f86da57145612bf2358200815facad82de24c5 on dario/rails-html-sanitizer into 84575e792ad0a7267f7d7244be748efd0176a6cf on master.
vicvega
commented
5 years ago I don't think #15 is a real issue.
The latest actionview (5.2.2) depends on rails-html-sanitizer, using these version constraints: ~> 1.0, >= 1.0.3 (see https://github.com/rails/rails/blob/master/actionview/actionview.gemspec#L36)
That constraint would allow you to use the vulnerable version of rails-html-sanitizer (1.0.3), but chaltron use the latest (not vulnerable) version (1.0.4) since https://github.com/vicvega/chaltron/commit/eeee035777fcf5b9dfd50134f3826f9028950509)
I think we can just close this and #15
crondaemon
commented
5 years ago Whitesource bolt is failing here, then. It detects the dependency but doesn't detect the actual version used. I agree to close both the PR and the issue.
It looks like the straight update didn't break anything.
Fix: #15.