Skip to content
This repository was archived by the owner on Apr 18, 2026. It is now read-only.
This repository was archived by the owner on Apr 18, 2026. It is now read-only.

Update the dependency versions #459

Open
Open
Update the dependency versions#459
@gfrankliu

Description

@gfrankliu
gfrankliu
opened on Apr 30, 2021

A quick search shows we are still depending on the old vulnerable versions:

===========================================================================
Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

+---------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+---------+------------------+----------+-------------------+---------------+---------------------------------------+
| json    | CVE-2020-10663   | HIGH     | 2.2.0             | 2.3.0         | rubygem-json: Unsafe Object           |
|         |                  |          |                   |               | Creation Vulnerability in JSON        |
|         |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-10663 |
+---------+------------------+          +-------------------+---------------+---------------------------------------+
| rake    | CVE-2020-8130    |          | 10.5.0            | 12.3.3        | rake: OS Command Injection            |
|         |                  |          |                   |               | via egrep in Rake::FileList           |
|         |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-8130  |
+---------+------------------+----------+-------------------+---------------+---------------------------------------+
| rubocop | CVE-2017-8418    | LOW      | 0.39.0            | 0.49.0        | RuboCop: insecure use of /tmp         |
|         |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2017-8418  |
+---------+------------------+----------+-------------------+---------------+---------------------------------------+

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions