Skip to content

[Snyk] Fix for 29 vulnerabilities#12

Open
samawad wants to merge 1 commit intomasterfrom
snyk-fix-9988b2d57819ac3aee1070e040408681
Open

[Snyk] Fix for 29 vulnerabilities#12
samawad wants to merge 1 commit intomasterfrom
snyk-fix-9988b2d57819ac3aee1070e040408681

Conversation

@samawad
Copy link
Copy Markdown

@samawad samawad commented Jul 16, 2025

snyk-top-banner

Snyk has created this PR to fix 29 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

  • Gemfile
⚠️ Warning 
Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Deserialization of Untrusted Data
SNYK-RUBY-ACTIVESUPPORT-569598		   834  
high severity Command Injection
SNYK-RUBY-GIT-2421270		   726  
critical severity Remote Code Execution (RCE)
SNYK-RUBY-ACTIVERECORD-2960802		   704  
high severity Arbitrary Code Injection
SNYK-RUBY-RAKE-552000		   686  
critical severity Denial of Service (DoS)
SNYK-RUBY-JSON-560838		   679  
critical severity Arbitrary Addition Creation
SNYK-RUBY-JSON-20056		   669  
high severity Command Injection
SNYK-RUBY-RDOC-1279617		   619  
high severity Remote Code Execution (RCE)
SNYK-RUBY-GIT-3227617		   614  
high severity Denial of Service (DoS)
SNYK-RUBY-ACTIVERECORD-3237239		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-I18N-72582		   589  
high severity Directory Traversal
SNYK-RUBY-TZINFO-2958048		   589  
high severity Data Injection
SNYK-RUBY-ACTIVERECORD-1314522		   579  
high severity SQL Injection
SNYK-RUBY-ACTIVERECORD-20044		   579  
high severity SQL Injection
SNYK-RUBY-ACTIVERECORD-20185		   579  
high severity Denial of Service (DoS)
SNYK-RUBY-JSON-20060		   579  
high severity Command Injection
SNYK-RUBY-RDOC-1316279		   564  
medium severity JSON Parameter Parsing Query Bypass
SNYK-RUBY-ACTIVERECORD-20046		   539  
medium severity Data Injection
SNYK-RUBY-ACTIVERECORD-20149		   529  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-3360028		   519  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVESUPPORT-20294		   484  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVERECORD-20088		   479  
medium severity Nested Attributes Rejection Bypass
SNYK-RUBY-ACTIVERECORD-20259		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVESUPPORT-20229		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVESUPPORT-3237242		   479  
medium severity Code Injection
SNYK-RUBY-RDOC-6476871		   439  
medium severity Access Restriction Bypass
SNYK-RUBY-ACTIVERECORD-20062		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-I18N-20124		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-RDOC-20057		   429  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVEATTR-3175608		   389  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 SQL Injection
🦉 JSON Parameter Parsing Query Bypass
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: Gemfile to reduce vulnerabilities
d1af1d6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-GIT-2421270
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-JSON-20056
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617
- https://snyk.io/vuln/SNYK-RUBY-GIT-3227617
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1314522
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20044
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20185
- https://snyk.io/vuln/SNYK-RUBY-JSON-20060
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20046
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20149
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20294
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20088
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242
- https://snyk.io/vuln/SNYK-RUBY-RDOC-6476871
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20062
- https://snyk.io/vuln/SNYK-RUBY-I18N-20124
- https://snyk.io/vuln/SNYK-RUBY-RDOC-20057
- https://snyk.io/vuln/SNYK-RUBY-ACTIVEATTR-3175608
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@samawad @snyk-bot