chelsea 0.0.29 → 0.0.30

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -0
  3. data/lib/chelsea/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d0d6459a288c51263c75bc0d0d1c114dbbe957b4ea5ab8cd3cda28da1963085
4
- data.tar.gz: f9fd826b3d99f646d4f15f163bb4c532219889a6c753a61fa6d78398f36d57e7
3
+ metadata.gz: cb0f0b89a80068b3f42f99ba3906694c6a580b03ea8dbbb6462ea551d0b90e5e
4
+ data.tar.gz: e44fcf3b82fea2effa72228b489835e2a84d79a1debd2643bf67d9979aaeea84
5
5
  SHA512:
6
- metadata.gz: bc23b614556a27acbbef2cd46da6433418b3db05e31ca23f8a0c7324c9a0bc5ba8c42983a53e04eb177a9ee4134b13fe9707c187e6894364462cdd52ded65339
7
- data.tar.gz: 4adfafe26cc352759066b6b1dc8b758118dbcdf6cd5e8b555ea67a9ab23b5b40c8a2c7864dd03f1077ad8356e8442d9e2a3d4e0b9da4175fdc4bc3313dff3428
6
+ metadata.gz: f797161ad92d67d3ff1971e5d7d5ab3717d0c8e8defb28a0fafe5d2ad498a122edf8a1796ab34f17c6984fc6c111988f4717de48daf1f57f3de3f78767c2bb51
7
+ data.tar.gz: ed7184252d47b4346ee578b3708ec49a9ba7e26e13e871f590ef37df21a08ccdfde31f470a65aad877422d898d333e5baf889bd03c42b96f309bc56d630c50b6
data/README.md CHANGED
@@ -287,6 +287,12 @@ Perhaps a more palatable approach would be to upgrade to a newer version of the
287
287
  the direct dependency (`rubocop`) to a version that does not depend on a vulnerable version of the transitive dependency
288
288
  (`rexml`). This approach will make fewer changes overall.
289
289
 
290
+ In some cases, no such upgrade of the direct dependency exists that avoids a dependence on the vulnerable component.
291
+ In such a case, the next step is to file an issue with the direct dependency project for them to update the vulnerable
292
+ sub-dependencies. Be sure to read and follow any vulnerability reporting instructions published by the project: Look for
293
+ a `SECURITY.md` file, or other instructions on how to report vulnerabilities. Some projects may prefer you not report
294
+ the vulnerability publicly.
295
+
290
296
  In our example, there is a newer version of the direct dependency available:
291
297
  ```shell
292
298
  $ bundle outdated | grep rubocop
data/lib/chelsea/version.rb CHANGED
@@ -17,5 +17,5 @@
17
17
  #
18
18
 
19
19
  module Chelsea
20
- VERSION = '0.0.29'
20
+ VERSION = '0.0.30'
21
21
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chelsea
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.29
4
+ version: 0.0.30
5
5
  platform: ruby
6
6
  authors:
7
7
  - Allister Beharry
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-13 00:00:00.000000000 Z
11
+ date: 2021-04-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler