You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After I noticed my documentation only PR - #479 - broke the build I realized that actually the deploy was being blocked by bundle-audit
The reason why the build is failing is because there's a security vulnerability with (rubyzip 1.2.1)[https://nvd.nist.gov/vuln/detail/CVE-2018-1000544] which is in turn a dependency of selenium-webdriver.
This is the output of bundle-audit:
ruby-advisory-db: 321 advisories
Name: rubyzip
Version: 1.2.1
Advisory: CVE-2018-1000544
Criticality: Unknown
URL: https://github.com/rubyzip/rubyzip/issues/369
Title: Directory Traversal in rubyzip
Solution: remove or disable this gem until a patch is available!
Being a dependency only for the test environment, if this is blocking needed merges, someone could temporarily disable bundle-audit and make the builds go through, until the patch it's released.
Current Behavior
The build is broken for a security vulnerability
Expected Behavior
The build shouldn't have known security vulnerabilities
The text was updated successfully, but these errors were encountered:
Bug Report
After I noticed my documentation only PR - #479 - broke the build I realized that actually the deploy was being blocked by
bundle-audit
The reason why the build is failing is because there's a security vulnerability with (rubyzip 1.2.1)[https://nvd.nist.gov/vuln/detail/CVE-2018-1000544] which is in turn a dependency of
selenium-webdriver
.This is the output of bundle-audit:
Unfortunately there's no patch yet rubyzip/rubyzip#371 - I've also opened an issue ticket to Selenium SeleniumHQ/selenium#6330
Being a dependency only for the test environment, if this is blocking needed merges, someone could temporarily disable bundle-audit and make the builds go through, until the patch it's released.
Current Behavior
The build is broken for a security vulnerability
Expected Behavior
The build shouldn't have known security vulnerabilities
The text was updated successfully, but these errors were encountered: