[PageOneX] [dev] Fwd: [numeroteca/pageonex] One of your dependencies may have a security vulnerability
Rafael Porres Molina
rporres at gmail.com
Tue Jan 16 17:53:04 EST 2018
2018-01-16 12:59 GMT+01:00 pablo rey <pablo at basurama.org>:
> Well, I tried upating the Gemfile.lock, which worked well for some gems
> andlead me to upgrade from ruby version. Now I am stuck with a gem
> dependency ("debugger") that is not compatible. I also have problems with
> nokogiri, as Rafa forecasted.
>
> Which is the good practce to proceed and update gems and ruby version?
>
Which is the version you're currently running? To update it, it is also
important to know how you have it installed
You need to make it run in a different place with the same setup with the
new ruby/gem versions and test it. Before doing it in the real system...
Cheers,
Rafa
>
> Thanks again,
> pablo
>
> On 15 January 2018 at 17:47, pablo rey <pablo at basurama.org> wrote:
>
>> Thanks Rafa, I'll try and report what I find.
>> best,
>> p
>>
>>
>> On 15 January 2018 at 15:25, Rafael Porres Molina <rporres at gmail.com>
>> wrote:
>>
>>>
>>> 2018-01-15 15:21 GMT+01:00 pablo rey <pablo at basurama.org>:
>>>
>>>> Hey, we have some vulnerable dependencies to update. I'll try to solve
>>>> them asap.
>>>>
>>>> In case you can give a hand, ping me!
>>>>
>>>
>>> Nokogiri is a tricky lib to update as it depends on libxml2. Tomorrow I
>>> can give you a hand if you need, Pablo.
>>>
>>> Cheers,
>>>
>>> Rafa
>>>
>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: GitHub <notifications at github.com>
>>>> Date: 15 January 2018 at 14:51
>>>> Subject: [numeroteca/pageonex] One of your dependencies may have a
>>>> security vulnerability
>>>> To: numeroteca/pageonex <pageonex at noreply.github.com>
>>>> Cc: Security alert <security_alert at noreply.github.com>
>>>>
>>>>
>>>> We found a potential security vulnerabilty in one of your dependencies
>>>> [image: GitHub]
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEWME0HPrt1BQ5PnvsDPqB31-2FSQrz4-2FYngQJvb-2BL9vudfBRIwEXt-2BhkxJNLWWdSynb5HCNmd8OQj2XTtdKBu217X88i0EHPAGTGCQihoTF4X7A2FT-2B1Whl-2FJjJhTzBo6CU-2FmtmQVPuHXw-2F954l-2BUD-2Bl30EnkMWyPHUGRb2z-2BANzNrM7fqUAL6aKH5AquNrWFmc> Sign
>>>> in
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEGUbj72Rr0lcYlYl8v2Wqmu7bu000lc3cKnmkfRKKtJT3Rdmu1Q9GLa-2BsR7ylHWL0LL3-2F7j75zqLh0kUCup-2FOfDk4uB0N9PtQkHrjMBp8ycFYnuWX3LbX8MrhqodVMD7f5eg4eq7KtxQ8M9LNdhl8iS8DGyW7SYIE7eZxXLIBndtbeEsCkIbtJMzsbx45jQ4r>
>>>> *numeroteca,*
>>>>
>>>> We found a potential security vulnerability in a repository which you
>>>> have been granted security alert access.
>>>> [image: @numeroteca] numeroteca/pageonex
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMYCXGTcqK4xebAWLnxjNknJ_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzKYRb4D2iRhp3lrgnMb9IB8bc2kJKaf3g0pA-2F5hxLYAqLReX6fyuWy23SeMXXzxa2ilzKZHogq4zhOL-2F4X-2FIUWQv4FUpz8DVhArktIVVROX87wZwQEUB1iEOe4ygJSD5-2B1ynyyrBTEPf8kF1bH8WQ8yEDEcint-2Fi6bc6RoCxhANVmuv2jMsG-2BnWj57tQayFG>
>>>> Known * critical severity* security vulnerability detected in nokogiri
>>>> < 1.8.1 defined in Gemfile.lock
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEZbRbhjK9e6N0NN02BTGSzqrj4TzMF6jh7OgPUfowyotfvkYPlA4EnzY6U-2FIBoDl-2FtC8Sw8Kwiq9VUVXFM0P4fL-2F3TCAI6v2DSH-2FehPQAhk140hv3bvggprKeHvqvI5UphFfeWwNoUZQXpGFMtHPEkIIU-2BCsGIJwgugEfd6M6vNlSwwipkMuHwDA71-2BdZ0mg-2B>.
>>>>
>>>> Gemfile.lock
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE-2BsxbqfhteWKf8d-2FqJZPkQqruHZ2-2BwP12Ece325ZKjhV2ll1xkXfF0fteUVwFlvpqqoM8A6SjNh-2FNtZVh3b0sH65JOHJLZrB-2BhhusTR9g-2FMNsnR1La-2FN-2B-2BhPDJAdArfM-2BYDS1MoJY7C3cupyJGA1SHCR2MJm5xBi6Dk-2B2uPXt5UI7c-2FyBXXeMGd2-2B3L2NPaMP>
>>>> update suggested: nokogiri ~> 1.8.1.
>>>> Always verify the validity and compatibility of suggestions with your
>>>> codebase.
>>>> Review vulnerable dependency
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMaQyBBgEH-2FcP5LeWGABnqQouCNX4H4MC3kTYw2uQev6oJZUKeGpVSPrdZUpUQzeBi8-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEe6hRrmessZ93BTPxlMU-2F1LhAUElodhWD78yaoEIab5lSWmMWsb3O2xIYL7TXv38H-2F85ET4BChStjAoH9i7qz-2BunqAfMhu2eqpZ6xXIec8Z4yJSblC9-2Bfl-2BFyCF3HfvtIMw5ZAtPP0pPCJHJRRmJcDADDApVhMg7qWiOUlyBBuv0xrpvbL4Y7FTsaoH2T7zhP>
>>>> ------------------------------
>>>>
>>>> Only users who have been assigned access to security alerts will
>>>> receive these notifications.
>>>> Unsubscribe
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEGbP5MCHG9kw1Zc3ERxuKjJkCw-2BPOnGAsm4icCQea1udRnB-2FuR6ghUyIT0Dm6IUuyoxvPoy7VEkLcu8rH2Hgm1A-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEIkpmP3DJpxkggWd5dgOv630oRXhfmQT8MagpVyZBVXwSai7AEWtUwY3VlsO6-2FR7E7f37djsi3agEJ1EXyePVNrVCtMuKOrasqzh0y1boQN2FiDpmRU3SgkrnHSlE2D-2Bqf8todHLq3MNJNIMLa6JDMmDgV7tcqR2hAiMppDksGCuU5jlpnWbYUD6WDRE-2Behx5>
>>>> · Email preferences
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEK-2Fx9K2djWxRcWPvK4-2Fywh3fs9I8lPPwL-2Bunb-2Bl847DD4nPVrPXWjZN8WtReBIDBkYF9rgSvsb2HqPHBTcppxudiPojE-2FLkBArlY7lAeR6AL9gGMhfmZnT2eU818-2BV0KFt8DHUfhvu-2FjcN-2BmEEFolciLQaIgNiSmEJVeLridEocuUi3FOfaZdAqLBNnDDoozP>
>>>> · Terms
>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzbG6Ok-2Be5yUa0OAOO-2B2ZklgsT2LEEn8VvW55SZ-2FhkhwB3I6kduYN9MSqBHLL9lOZA5uhl2KyEJMsIgF6BVZGitm2v4SYUo14Z9gPRQeWUlKMz0K6kv6hSAbt2m1lXIG5pqwTig1ZmWNRznnxvRJyZv0J2LY2xST0NaE-2FgLBGqsZGN-2B-2FMU2zLzWDwfydsN42n>
>>>> · Privacy
>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEpkDqKOvRc47v9XberbHQlA9kTchSucxCU-2Fhhlm-2B-2Fx3T0uVgSbxUiCdfRlbPjBhUJtcHGdfnstI3luusBTGGR3cNAJyzwrBdpkagAeD1JPOOvEdTlkNICGQsO5nO-2FjUwwhY7Dtk2IdkNpxYTbWMv5DxeuccxfotoXdzMn7ImnH15sgHVAYFdCtSxbugU0KfEG>
>>>> · Sign into GitHub
>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE7VSsoicY17Toubo6I4aPm7lpmTSvCDGiq-2FOYU9dL-2FuRymue1Hdvy2KjwrWK7V90TSOEGyLVfhWrvwenj1vOB37IlnPIA-2FN-2BOmaXAeqv2bzf0UM-2FNZhp3pKkWRhbgk54S6Y37MRB7eU5kUrY1GzvxLPE3fs0Gelex6o2riQ6suu8LQlMiEzKIh2YGcwkqccS-2B>
>>>>
>>>> GitHub, Inc.
>>>> 88 Colin P Kelly Jr St.
>>>> San Francisco, CA 94107
>>>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g>
>>>>
>>>>
>>>> _______________________________________________
>>>> Pageonexdev mailing list
>>>> Pageonexdev at mit.edu
>>>> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Pageonexdev mailing list
>>> Pageonexdev at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/pageonexdev/attachments/20180116/0b8a5643/attachment-0001.html
More information about the Pageonexdev
mailing list