chelsea 0.0.29 → 0.0.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/lib/chelsea/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cb0f0b89a80068b3f42f99ba3906694c6a580b03ea8dbbb6462ea551d0b90e5e
|
4
|
+
data.tar.gz: e44fcf3b82fea2effa72228b489835e2a84d79a1debd2643bf67d9979aaeea84
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f797161ad92d67d3ff1971e5d7d5ab3717d0c8e8defb28a0fafe5d2ad498a122edf8a1796ab34f17c6984fc6c111988f4717de48daf1f57f3de3f78767c2bb51
|
7
|
+
data.tar.gz: ed7184252d47b4346ee578b3708ec49a9ba7e26e13e871f590ef37df21a08ccdfde31f470a65aad877422d898d333e5baf889bd03c42b96f309bc56d630c50b6
|
data/README.md
CHANGED
@@ -287,6 +287,12 @@ Perhaps a more palatable approach would be to upgrade to a newer version of the
|
|
287
287
|
the direct dependency (`rubocop`) to a version that does not depend on a vulnerable version of the transitive dependency
|
288
288
|
(`rexml`). This approach will make fewer changes overall.
|
289
289
|
|
290
|
+
In some cases, no such upgrade of the direct dependency exists that avoids a dependence on the vulnerable component.
|
291
|
+
In such a case, the next step is to file an issue with the direct dependency project for them to update the vulnerable
|
292
|
+
sub-dependencies. Be sure to read and follow any vulnerability reporting instructions published by the project: Look for
|
293
|
+
a `SECURITY.md` file, or other instructions on how to report vulnerabilities. Some projects may prefer you not report
|
294
|
+
the vulnerability publicly.
|
295
|
+
|
290
296
|
In our example, there is a newer version of the direct dependency available:
|
291
297
|
```shell
|
292
298
|
$ bundle outdated | grep rubocop
|
data/lib/chelsea/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chelsea
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.30
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Allister Beharry
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-04-
|
11
|
+
date: 2021-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|