chore(deps): update dependency json to v2 [security] #5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
b83a116 to
a067012
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
a067012 to
8d675d1
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
8d675d1 to
3946d50
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
3946d50 to
9fce0ef
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
9fce0ef to
f333d16
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
f333d16 to
08df68b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
08df68b to
1934196
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
1934196 to
000d139
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
000d139 to
4dd04c6
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
4dd04c6 to
860b565
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
860b565 to
0402168
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
0402168 to
e240cff
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
e240cff to
7a4098c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
7a4098c to
6c216be
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
6c216be to
ed26f70
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
ed26f70 to
fa35b38
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
fa35b38 to
443fc07
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
443fc07 to
95b2e94
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
95b2e94 to
915f869
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
915f869 to
ff68691
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/rubygems-json-vulnerability
branch
from
ff68691 to
e02266b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
'~>1.6.8'->'~>2.3.0''~>1.6'->'~>2.3'GitHub Vulnerability Alerts
CVE-2020-10663
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.