identity-dashboard
identity-dashboard copied to clipboard
18F
[Snyk] Fix for 2 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 2 vulnerabilities in the rubygems dependencies of this project.
Snyk changed the following file(s):
-
Gemfile
⚠️ Warning
``` Failed to update the Gemfile.lock, please update manually before merging. ```Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Cross-site Scripting (XSS) SNYK-RUBY-ACTIONTEXT-7210236 |
591 |
|
Improper Input Validation SNYK-RUBY-ACTIONPACK-7210237 |
496 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Input Validation 🦉 Cross-site Scripting (XSS)
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"devise","from":"4.9.3","to":"4.9.4"},{"name":"dotenv-rails","from":"2.8.1","to":"3.0.0"},{"name":"i18n-tasks","from":"1.0.13","to":"1.0.14"},{"name":"omniauth-rails_csrf_protection","from":"1.0.1","to":"1.0.2"},{"name":"propshaft","from":"0.8.0","to":"0.9.0"},{"name":"rails","from":"7.1.3.1","to":"7.1.3.4"},{"name":"rspec-rails","from":"6.1.1","to":"6.1.2"},{"name":"simple_form","from":"5.3.0","to":"5.3.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONTEXT-7210236","priority_score":591,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"}],"prId":"610a3606-e50d-41d1-ba9c-e2d6e6f3c6a1","prPublicId":"610a3606-e50d-41d1-ba9c-e2d6e6f3c6a1","packageManager":"rubygems","priorityScoreList":[496,591],"projectPublicId":"b7f6af61-3d0d-457d-b944-44f0f856e7da","projectUrl":"https://app.snyk.io/org/tts/project/b7f6af61-3d0d-457d-b944-44f0f856e7da?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-ACTIONTEXT-7210236"],"vulns":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-ACTIONTEXT-7210236"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
