From 6783ad9e8dae1b0ac6387977ee1c89b1717e6873 Mon Sep 17 00:00:00 2001 From: Sai Kumar Kotagiri Date: Mon, 19 Aug 2024 09:19:25 -0400 Subject: [PATCH 1/2] uses bundler-audit throughout security scan --- .github/workflows/security_checks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security_checks.yml b/.github/workflows/security_checks.yml index 5d07b855..3fee0c66 100644 --- a/.github/workflows/security_checks.yml +++ b/.github/workflows/security_checks.yml @@ -91,10 +91,10 @@ jobs: bundle install - name: install bundler-audit run: | - gem install bundler-audit && bundle-audit update + gem install bundler-audit && bundler-audit update - name: run bundler-audit run: | - bundle-audit --output=bundler_audit.txt + bundler-audit --output=bundler_audit.txt - name: upload bundler-audit failure report uses: actions/upload-artifact@v3 if: failure() From 36ef4a97e03750dfe5940a30e3b820e027918519 Mon Sep 17 00:00:00 2001 From: Sai Kumar Kotagiri Date: Mon, 19 Aug 2024 09:20:03 -0400 Subject: [PATCH 2/2] upgrades rexml gem to 3.3.5 to fix vulnerabilities --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 91a4b6e4..f7d4ff25 100644 --- a/Gemfile +++ b/Gemfile @@ -30,7 +30,7 @@ gem 'mongoid', '~> 7.4' gem 'nokogiri', '~> 1.16.5' gem 'nokogiri-happymapper' -gem 'rexml', '~> 3.3.2' +gem 'rexml', '>= 3.3.3' # Postgres Database gem 'pg' diff --git a/Gemfile.lock b/Gemfile.lock index 8e203571..58cba621 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -429,7 +429,7 @@ GEM rbtree (0.4.6) redcarpet (3.6.0) regexp_parser (2.9.0) - rexml (3.3.2) + rexml (3.3.5) strscan rspec-core (3.13.0) rspec-support (~> 3.13.0) @@ -572,7 +572,7 @@ DEPENDENCIES rbnacl redcarpet resource_registry! - rexml (~> 3.3.2) + rexml (>= 3.3.3) rspec-rails rubocop rubocop-git