search

zendesk / samson

Web interface for deployments, with plugin architecture and kubernetes support
Other
1.45k stars 235 forks source link

[Snyk] Fix for 9 vulnerabilities #4039

Closed svc-github-snyk closed 1 year ago

svc-github-snyk commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Gemfile
⚠️ Warning ``` Failed to update the Gemfile.lock, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-ACTIONPACK-3237231](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-ACTIONPACK-3237232](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **701/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 8.3 | SQL Injection
[SNYK-RUBY-ACTIVERECORD-3237236](https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237236) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-RUBY-ACTIVERECORD-3237239](https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-ACTIVESUPPORT-3237242](https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-GLOBALID-3237234](https://snyk.io/vuln/SNYK-RUBY-GLOBALID-3237234) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-RACK-3237233](https://snyk.io/vuln/SNYK-RUBY-RACK-3237233) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-RACK-3237237](https://snyk.io/vuln/SNYK-RUBY-RACK-3237237) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-RUBY-RACK-3237240](https://snyk.io/vuln/SNYK-RUBY-RACK-3237240) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/deploy/project/8271dc0c-72f5-4843-9769-a77c8d4501cc?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/deploy/project/8271dc0c-72f5-4843-9769-a77c8d4501cc?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"378951e1-5f45-43d5-ac88-b33a2a12ad56","prPublicId":"378951e1-5f45-43d5-ac88-b33a2a12ad56","dependencies":[{"name":"active_hash","from":"3.0.0","to":"3.0.0"},{"name":"ar_multi_threaded_transactional_tests","from":"0.5.0","to":"0.5.0"},{"name":"audited","from":"4.10.0","to":"4.10.0"},{"name":"bootstrap3-datetimepicker-rails","from":"4.17.47","to":"4.17.47"},{"name":"doorkeeper","from":"5.4.0","to":"5.4.0"},{"name":"goldiloader","from":"3.2.0","to":"3.2.0"},{"name":"lograge","from":"0.9.0","to":"0.9.0"},{"name":"marco-polo","from":"2.0.0","to":"2.0.0"},{"name":"minitest-rails","from":"6.1.0","to":"6.1.0"},{"name":"momentjs-rails","from":"2.20.1","to":"2.20.1"},{"name":"omniauth","from":"1.9.2","to":"1.9.2"},{"name":"omniauth-bitbucket","from":"0.0.2","to":"0.0.2"},{"name":"omniauth-github","from":"1.4.0","to":"1.4.0"},{"name":"omniauth-gitlab","from":"1.0.2","to":"1.0.2"},{"name":"omniauth-google-oauth2","from":"0.6.0","to":"0.6.0"},{"name":"omniauth-ldap","from":"1.0.5","to":"1.0.5"},{"name":"omniauth-oauth2","from":"1.7.0","to":"1.7.0"},{"name":"omniauth-rails_csrf_protection","from":"0.1.2","to":"0.1.2"},{"name":"rack-mini-profiler","from":"1.1.4","to":"1.1.4"},{"name":"rails","from":"6.1.6.1","to":"6.1.7.1"},{"name":"rails-controller-testing","from":"1.0.4","to":"1.0.4"},{"name":"rubocop-rails","from":"2.3.2","to":"2.3.2"},{"name":"sass-rails","from":"6.0.0","to":"6.0.0"},{"name":"soft_deletion","from":"1.6.0","to":"1.6.0"},{"name":"sprockets","from":"3.7.2","to":"3.7.2"},{"name":"validates_lengths_from_database","from":"0.7.0","to":"0.7.0"},{"name":"warden","from":"1.2.7","to":"1.2.7"}],"packageManager":"rubygems","projectPublicId":"8271dc0c-72f5-4843-9769-a77c8d4501cc","projectUrl":"https://app.snyk.io/org/deploy/project/8271dc0c-72f5-4843-9769-a77c8d4501cc?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-RUBY-ACTIONPACK-3237231","SNYK-RUBY-ACTIONPACK-3237232","SNYK-RUBY-ACTIVERECORD-3237236","SNYK-RUBY-ACTIVERECORD-3237239","SNYK-RUBY-ACTIVESUPPORT-3237242","SNYK-RUBY-GLOBALID-3237234","SNYK-RUBY-RACK-3237233","SNYK-RUBY-RACK-3237237","SNYK-RUBY-RACK-3237240"],"upgrade":["SNYK-RUBY-ACTIONPACK-3237231","SNYK-RUBY-ACTIONPACK-3237232","SNYK-RUBY-ACTIVERECORD-3237236","SNYK-RUBY-ACTIVERECORD-3237239","SNYK-RUBY-ACTIVESUPPORT-3237242","SNYK-RUBY-GLOBALID-3237234","SNYK-RUBY-RACK-3237233","SNYK-RUBY-RACK-3237237","SNYK-RUBY-RACK-3237240"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[551,551,701,661,551,551,551,551,551]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [SQL Injection](https://learn.snyk.io/lessons/sql-injection/php/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)
zendesk-mattlefevre commented 1 year ago

Vulnerabilities addressed elsewhere.