Skip to content

Commit

Permalink
Temporarily ignore CVE-2020-8184 in rack while waiting on fix (#4391)
Browse files Browse the repository at this point in the history 
We are blocked from upgrading `rack` because of a dependency conflict
with Sidekiq5 (which is in the long process of being upgraded in #XXXX)

While we get a fix in for this specific issue in rack through a patch,
we want to avoid breaking the build for the next day or so until a fix
is implemented. This PR temporarily ignores the vulnerability check for
this CVE.
  • Loading branch information
@johnpaulashenfelter
johnpaulashenfelter authored Jun 16, 2020
1 parent 671a0b6 commit 20cc0b4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rakelib/security.rake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ task security: :environment do

puts 'running bundle-audit to check for insecure dependencies...'
exit!(1) unless ShellCommand.run('bundle-audit update')
audit_result = ShellCommand.run('bundle-audit check --ignore CVE-2020-8161')
audit_result = ShellCommand.run('bundle-audit check --ignore CVE-2020-8161 CVE-2020-8184')

puts "\n"
if brakeman_result && audit_result
Expand Down

0 comments on commit 20cc0b4

Please sign in to comment.