Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade web-console from 4.2.0 to 4.2.1 #5399

Merged
merged 2 commits into from
Oct 3, 2023

Conversation

antobinary
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
    • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 501/1000
Why? Recently disclosed, Has a fix available, CVSS 4.3
Information Exposure
SNYK-RUBY-ACTIVESUPPORT-5851458
No No Known Exploit
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Web Cache Poisoning
SNYK-RUBY-RACK-1061917
No Proof of Concept
medium severity 501/1000
Why? Recently disclosed, Has a fix available, CVSS 4.3
Information Exposure
SNYK-RUBY-RAILTIES-5851410
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@sonarcloud
Copy link

sonarcloud bot commented Oct 3, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@farhatahmad farhatahmad merged commit cbf717a into master Oct 3, 2023
4 checks passed
@farhatahmad farhatahmad deleted the snyk-fix-2f1edc35d1856b42f99bf03d81f5b813 branch October 3, 2023 18:00
simoncolincap added a commit to dBildungsplattform/greenlight that referenced this pull request Oct 26, 2023
* st

* Improved room sharing

* Update SECURITY.md (bigbluebutton#5406)

* Translate app/assets/locales/en.json in hu (bigbluebutton#5427)

100% translated source file: 'app/assets/locales/en.json'
on 'hu'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate config/locales/en.yml in hu (bigbluebutton#5426)

100% translated source file: 'config/locales/en.yml'
on 'hu'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* Translate config/locales/en.yml in fa_IR (bigbluebutton#5422)

100% translated source file: 'config/locales/en.yml'
on 'fa_IR'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file app/assets/locales/en.json in gl on branch master (bigbluebutton#5384)

* Translate app/assets/locales/en.json in gl

100% translated source file: 'app/assets/locales/en.json'
on 'gl'.

* Translate app/assets/locales/en.json in gl

100% translated source file: 'app/assets/locales/en.json'
on 'gl'.

* Translate app/assets/locales/en.json in gl

100% translated source file: 'app/assets/locales/en.json'
on 'gl'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file app/assets/locales/en.json in tr on branch master (bigbluebutton#5382)

* Translate app/assets/locales/en.json in tr

100% translated source file: 'app/assets/locales/en.json'
on 'tr'.

* Translate app/assets/locales/en.json in tr

100% translated source file: 'app/assets/locales/en.json'
on 'tr'.

* Translate app/assets/locales/en.json in tr

100% translated source file: 'app/assets/locales/en.json'
on 'tr'.

* Translate app/assets/locales/en.json in tr

100% translated source file: 'app/assets/locales/en.json'
on 'tr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file config/locales/en.yml in tr on branch master (bigbluebutton#5381)

* Translate config/locales/en.yml in tr

100% translated source file: 'config/locales/en.yml'
on 'tr'.

* Translate config/locales/en.yml in tr

100% translated source file: 'config/locales/en.yml'
on 'tr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate config/locales/en.yml in de (bigbluebutton#5378)

100% translated source file: 'config/locales/en.yml'
on 'de'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate app/assets/locales/en.json in de (bigbluebutton#5377)

100% translated source file: 'app/assets/locales/en.json'
on 'de'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file app/assets/locales/en.json in el on branch master (bigbluebutton#5375)

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

* Translate app/assets/locales/en.json in el

100% translated source file: 'app/assets/locales/en.json'
on 'el'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate config/locales/en.yml in zh_TW (bigbluebutton#5373)

100% translated source file: 'config/locales/en.yml'
on 'zh_TW'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate config/locales/en.yml in zh_TW (bigbluebutton#5372)

100% translated source file: 'config/locales/en.yml'
on 'zh_TW'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file config/locales/en.yml in gl on branch master (bigbluebutton#5370)

* Translate config/locales/en.yml in gl

100% translated source file: 'config/locales/en.yml'
on 'gl'.

* Translate config/locales/en.yml in gl

100% translated source file: 'config/locales/en.yml'
on 'gl'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Translate app/assets/locales/en.json in fr (bigbluebutton#5368)

100% translated source file: 'app/assets/locales/en.json'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Updates for file config/locales/en.yml in fr on branch master (bigbluebutton#5367)

* Translate config/locales/en.yml in fr

100% translated source file: 'config/locales/en.yml'
on 'fr'.

* Translate config/locales/en.yml in fr

100% translated source file: 'config/locales/en.yml'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* Bump puma from 5.6.5 to 5.6.7 (bigbluebutton#5387)

Bumps [puma](https://github.com/puma/puma) from 5.6.5 to 5.6.7.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v5.6.5...v5.6.7)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* [Snyk] Fix for 2 vulnerabilities (bigbluebutton#5391)

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410

* Update Gemfile.lock

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* Fix CI (bigbluebutton#5432)

* Fix Greenlight CI

* Rubocop fixes

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities (bigbluebutton#5399)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities (bigbluebutton#5408)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* fix: config.env not found (bigbluebutton#5410)

`bin/start` should most likely read `bin/config.env` instead of `config.env` as the working directory is probably *not* `./bin` but `.`

* Migrate room access codes (bigbluebutton#5434)

* Upgrade cssbundling version (bigbluebutton#5438)

* Fix issue with recording resync deleting recordings (bigbluebutton#5449)

* Fix issue with room link throwing error when authenticated (bigbluebutton#5450)

* [Snyk] Security upgrade lograge from 0.13.0 to 0.14.0 (bigbluebutton#5447)

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

* Update Gemfile.lock

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* fix: Gemfile to reduce vulnerabilities (bigbluebutton#5443)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* [Snyk] Fix for 1 vulnerabilities (bigbluebutton#5442)

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

* Update Gemfile.lock

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* fix: Gemfile to reduce vulnerabilities (bigbluebutton#5441)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

* Fix upgrade (bigbluebutton#5451)

* Fixed issues with default locale (bigbluebutton#5452)

* Add additional fail safe for action cable (bigbluebutton#5453)

* Added clear inteval when action cable works (bigbluebutton#5454)

* update changed recording URLs of already present formats instead of creating new format entries (bigbluebutton#5460)

* add hover tooltips for the copy-URL&delete buttons in room recording lists (bigbluebutton#5458)

* Increase file upload size to 30mb (bigbluebutton#5461)

* Fix bug with default locale (bigbluebutton#5462)

* Fixed issue in install script with secret generation (bigbluebutton#5466)

* add whitespace after uses of shared_by string, remove the whitespace from english locale (bigbluebutton#5468)

* Fix for superadmins when changing pages (bigbluebutton#5470)

* Fix for superadmins when changing pages

* eslint

* Fixed mixup with the ICS branch.

* Fixed missing import

* DBP-245 Recreate app/assets/builds/.keep

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: SebastianAppDev <128802341+SebastianAppDev@users.noreply.github.com>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anton Georgiev <antobinary@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Jesus Federico <jesus@123it.ca>
Co-authored-by: Marc Kohaupt <debuglevel@gmail.com>
Co-authored-by: Jan Kessler <Ithanil@users.noreply.github.com>
Co-authored-by: Nadler, Sebastian <sebastian.nadler@secunet.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants