You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As indicated on a PR comment, version 3.x of Rack doesn't have an estimated release period/schedule yet. It is at least worth considering making Sinatra be compatible with this commit/change before 3.x is released to remove the presence of CWE-444.
In the meantime, I believe this can be patched at the project level by adding Rack as a dependency in a Gemfile specifying the fixing commit:
gem 'rack', github: 'rack/rack', ref: 'ef1fc0c'
However, there are other changes included when upgrading to this commit that may break things.
The text was updated successfully, but these errors were encountered:
Snyk notified me that the latest version of Rack (2.2.3) has CWE-444. According to the Snyk website, this was fixed on their main branch via this PR (commit).
As indicated on a PR comment, version
3.x
of Rack doesn't have an estimated release period/schedule yet. It is at least worth considering making Sinatra be compatible with this commit/change before3.x
is released to remove the presence of CWE-444.In the meantime, I believe this can be patched at the project level by adding Rack as a dependency in a Gemfile specifying the fixing commit:
However, there are other changes included when upgrading to this commit that may break things.
The text was updated successfully, but these errors were encountered: