[PageOneX] [dev] Fwd: [numeroteca/pageonex] One of your dependencies may have a security vulnerability
pablo rey
pablo at basurama.org
Wed Jan 17 04:26:20 EST 2018
I am working locally.
I upgraded to ruby 2.3.0, because some dependencies required it. I am using
use rvm to manage the different versions of ruby.
We also have a development and a production server to tests things.
best,
p
On 16 January 2018 at 23:53, Rafael Porres Molina <rporres at gmail.com> wrote:
> 2018-01-16 12:59 GMT+01:00 pablo rey <pablo at basurama.org>:
>
>> Well, I tried upating the Gemfile.lock, which worked well for some gems
>> andlead me to upgrade from ruby version. Now I am stuck with a gem
>> dependency ("debugger") that is not compatible. I also have problems with
>> nokogiri, as Rafa forecasted.
>>
>> Which is the good practce to proceed and update gems and ruby version?
>>
>
> Which is the version you're currently running? To update it, it is also
> important to know how you have it installed
>
> You need to make it run in a different place with the same setup with the
> new ruby/gem versions and test it. Before doing it in the real system...
>
> Cheers,
>
> Rafa
>
>
>>
>> Thanks again,
>> pablo
>>
>> On 15 January 2018 at 17:47, pablo rey <pablo at basurama.org> wrote:
>>
>>> Thanks Rafa, I'll try and report what I find.
>>> best,
>>> p
>>>
>>>
>>> On 15 January 2018 at 15:25, Rafael Porres Molina <rporres at gmail.com>
>>> wrote:
>>>
>>>>
>>>> 2018-01-15 15:21 GMT+01:00 pablo rey <pablo at basurama.org>:
>>>>
>>>>> Hey, we have some vulnerable dependencies to update. I'll try to solve
>>>>> them asap.
>>>>>
>>>>> In case you can give a hand, ping me!
>>>>>
>>>>
>>>> Nokogiri is a tricky lib to update as it depends on libxml2. Tomorrow I
>>>> can give you a hand if you need, Pablo.
>>>>
>>>> Cheers,
>>>>
>>>> Rafa
>>>>
>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: GitHub <notifications at github.com>
>>>>> Date: 15 January 2018 at 14:51
>>>>> Subject: [numeroteca/pageonex] One of your dependencies may have a
>>>>> security vulnerability
>>>>> To: numeroteca/pageonex <pageonex at noreply.github.com>
>>>>> Cc: Security alert <security_alert at noreply.github.com>
>>>>>
>>>>>
>>>>> We found a potential security vulnerabilty in one of your dependencies
>>>>> [image: GitHub]
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlaoUQ7ZnNSfaod-2BRPoWgKQ-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEWME0HPrt1BQ5PnvsDPqB31-2FSQrz4-2FYngQJvb-2BL9vudfBRIwEXt-2BhkxJNLWWdSynb5HCNmd8OQj2XTtdKBu217X88i0EHPAGTGCQihoTF4X7A2FT-2B1Whl-2FJjJhTzBo6CU-2FmtmQVPuHXw-2F954l-2BUD-2Bl30EnkMWyPHUGRb2z-2BANzNrM7fqUAL6aKH5AquNrWFmc> Sign
>>>>> in
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEGUbj72Rr0lcYlYl8v2Wqmu7bu000lc3cKnmkfRKKtJT3Rdmu1Q9GLa-2BsR7ylHWL0LL3-2F7j75zqLh0kUCup-2FOfDk4uB0N9PtQkHrjMBp8ycFYnuWX3LbX8MrhqodVMD7f5eg4eq7KtxQ8M9LNdhl8iS8DGyW7SYIE7eZxXLIBndtbeEsCkIbtJMzsbx45jQ4r>
>>>>> *numeroteca,*
>>>>>
>>>>> We found a potential security vulnerability in a repository which you
>>>>> have been granted security alert access.
>>>>> [image: @numeroteca] numeroteca/pageonex
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMYCXGTcqK4xebAWLnxjNknJ_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzKYRb4D2iRhp3lrgnMb9IB8bc2kJKaf3g0pA-2F5hxLYAqLReX6fyuWy23SeMXXzxa2ilzKZHogq4zhOL-2F4X-2FIUWQv4FUpz8DVhArktIVVROX87wZwQEUB1iEOe4ygJSD5-2B1ynyyrBTEPf8kF1bH8WQ8yEDEcint-2Fi6bc6RoCxhANVmuv2jMsG-2BnWj57tQayFG>
>>>>> Known * critical severity* security vulnerability detected in nokogiri
>>>>> < 1.8.1 defined in Gemfile.lock
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEZbRbhjK9e6N0NN02BTGSzqrj4TzMF6jh7OgPUfowyotfvkYPlA4EnzY6U-2FIBoDl-2FtC8Sw8Kwiq9VUVXFM0P4fL-2F3TCAI6v2DSH-2FehPQAhk140hv3bvggprKeHvqvI5UphFfeWwNoUZQXpGFMtHPEkIIU-2BCsGIJwgugEfd6M6vNlSwwipkMuHwDA71-2BdZ0mg-2B>.
>>>>>
>>>>> Gemfile.lock
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMbf9Ntg6hFfQFWA9i-2FdYTrUA1b-2FuZ1lKUtPhB5o818TQBTCYg1EgyKrxtKsMp7eXfw-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE-2BsxbqfhteWKf8d-2FqJZPkQqruHZ2-2BwP12Ece325ZKjhV2ll1xkXfF0fteUVwFlvpqqoM8A6SjNh-2FNtZVh3b0sH65JOHJLZrB-2BhhusTR9g-2FMNsnR1La-2FN-2B-2BhPDJAdArfM-2BYDS1MoJY7C3cupyJGA1SHCR2MJm5xBi6Dk-2B2uPXt5UI7c-2FyBXXeMGd2-2B3L2NPaMP>
>>>>> update suggested: nokogiri ~> 1.8.1.
>>>>> Always verify the validity and compatibility of suggestions with your
>>>>> codebase.
>>>>> Review vulnerable dependency
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBshx9-2FQJ-2BmEsJPcqv-2B1ZyMaQyBBgEH-2FcP5LeWGABnqQouCNX4H4MC3kTYw2uQev6oJZUKeGpVSPrdZUpUQzeBi8-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEe6hRrmessZ93BTPxlMU-2F1LhAUElodhWD78yaoEIab5lSWmMWsb3O2xIYL7TXv38H-2F85ET4BChStjAoH9i7qz-2BunqAfMhu2eqpZ6xXIec8Z4yJSblC9-2Bfl-2BFyCF3HfvtIMw5ZAtPP0pPCJHJRRmJcDADDApVhMg7qWiOUlyBBuv0xrpvbL4Y7FTsaoH2T7zhP>
>>>>> ------------------------------
>>>>>
>>>>> Only users who have been assigned access to security alerts will
>>>>> receive these notifications.
>>>>> Unsubscribe
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBh4tM-2BvbnAt1ZCBIm0TQChRsti2oUDbPtOO7snnCj3QEGbP5MCHG9kw1Zc3ERxuKjJkCw-2BPOnGAsm4icCQea1udRnB-2FuR6ghUyIT0Dm6IUuyoxvPoy7VEkLcu8rH2Hgm1A-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEIkpmP3DJpxkggWd5dgOv630oRXhfmQT8MagpVyZBVXwSai7AEWtUwY3VlsO6-2FR7E7f37djsi3agEJ1EXyePVNrVCtMuKOrasqzh0y1boQN2FiDpmRU3SgkrnHSlE2D-2Bqf8todHLq3MNJNIMLa6JDMmDgV7tcqR2hAiMppDksGCuU5jlpnWbYUD6WDRE-2Behx5>
>>>>> · Email preferences
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBlttXBNYv-2BeGM-2FMVHbSBvTrPDvaZJ5yvsxfEVwy5gWOO_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEK-2Fx9K2djWxRcWPvK4-2Fywh3fs9I8lPPwL-2Bunb-2Bl847DD4nPVrPXWjZN8WtReBIDBkYF9rgSvsb2HqPHBTcppxudiPojE-2FLkBArlY7lAeR6AL9gGMhfmZnT2eU818-2BV0KFt8DHUfhvu-2FjcN-2BmEEFolciLQaIgNiSmEJVeLridEocuUi3FOfaZdAqLBNnDDoozP>
>>>>> · Terms
>>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkI7aIK5sDG6eHhf6PFf2GZEMdAPO1mXdWyaS9GI2aLnBA-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEzbG6Ok-2Be5yUa0OAOO-2B2ZklgsT2LEEn8VvW55SZ-2FhkhwB3I6kduYN9MSqBHLL9lOZA5uhl2KyEJMsIgF6BVZGitm2v4SYUo14Z9gPRQeWUlKMz0K6kv6hSAbt2m1lXIG5pqwTig1ZmWNRznnxvRJyZv0J2LY2xST0NaE-2FgLBGqsZGN-2B-2FMU2zLzWDwfydsN42n>
>>>>> · Privacy
>>>>> <http://sgmail.githubmail.com/wf/click?upn=H-2FQ3yMxnv4jw-2BxNnSBX80-2FAtA3t7vDbetmbWolVUHkKdSMxJcKXeaeoPn0qQqs-2Fw-2BqmMjx3QOoJQotJaBhy-2FxQ-3D-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLEpkDqKOvRc47v9XberbHQlA9kTchSucxCU-2Fhhlm-2B-2Fx3T0uVgSbxUiCdfRlbPjBhUJtcHGdfnstI3luusBTGGR3cNAJyzwrBdpkagAeD1JPOOvEdTlkNICGQsO5nO-2FjUwwhY7Dtk2IdkNpxYTbWMv5DxeuccxfotoXdzMn7ImnH15sgHVAYFdCtSxbugU0KfEG>
>>>>> · Sign into GitHub
>>>>> <http://sgmail.githubmail.com/wf/click?upn=lYxq-2FYU7yocrdKNILYalBluE-2FGrtUQ7WwbM8S6nEaj0-3D_ZtwdRLEHWx8j4hqZrhsLCvT-2B9G9FxJoFRCdtqPjYOBF1ACBmiMMJfI3Q-2FJw-2FPeLE7VSsoicY17Toubo6I4aPm7lpmTSvCDGiq-2FOYU9dL-2FuRymue1Hdvy2KjwrWK7V90TSOEGyLVfhWrvwenj1vOB37IlnPIA-2FN-2BOmaXAeqv2bzf0UM-2FNZhp3pKkWRhbgk54S6Y37MRB7eU5kUrY1GzvxLPE3fs0Gelex6o2riQ6suu8LQlMiEzKIh2YGcwkqccS-2B>
>>>>>
>>>>> GitHub, Inc.
>>>>> 88 Colin P Kelly Jr St.
>>>>> San Francisco, CA 94107
>>>>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.%0D+San+Francisco,+CA+94107&entry=gmail&source=g>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Pageonexdev mailing list
>>>>> Pageonexdev at mit.edu
>>>>> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Pageonexdev mailing list
>>>> Pageonexdev at mit.edu
>>>> http://mailman.mit.edu/mailman/listinfo/pageonexdev
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/pageonexdev/attachments/20180117/a8dc1232/attachment-0001.html
More information about the Pageonexdev
mailing list