diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..9cefe6a --- /dev/null +++ b/techstack.md @@ -0,0 +1,120 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public") +

+|15
Tools used|03/08/24
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Ruby +
+ Ruby +
+ +
+ +## Frameworks (1) + + + + +
+ Sinatra +
+ Sinatra +
+ +
+ +## DevOps (4) + + + + + + + + + + +
+ Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v3.7.0 +		 + RubyGems +
+ RubyGems +
+ +		 + Travis CI +
+ Travis CI +
+ +
+ + +## Open source packages (9) + +## RubyGems (9) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[jruby-openssl](https://rubygems.org/jruby-openssl)|v0.9|12/28/17|tmilewski |Other|N/A| +|[omniauth](https://rubygems.org/omniauth)|v1.8.1|12/28/17|tmilewski |MIT|[CVE-2020-36599](https://github.com/advisories/GHSA-pm55-qfxr-h247) (Critical)
[CVE-2015-9284](https://github.com/advisories/GHSA-ww4x-rwq6-qpgf) (High)| +|[rack-openid](https://rubygems.org/rack-openid)|v1.4.2|12/28/17|tmilewski |MIT|N/A| +|[rack-test](https://rubygems.org/rack-test)|v0.8.2|12/28/17|tmilewski |MIT|N/A| +|[rake](https://rubygems.org/rake)|v13.0.1|08/02/20|dependabot[bot] |MIT|N/A| +|[ruby-openid](https://rubygems.org/ruby-openid)|v2.1.8|12/28/17|tmilewski |Ruby,Apache-2.0|[CVE-2019-11027](https://github.com/advisories/GHSA-fqfj-cmh6-hj49) (Critical)
[CVE-2013-1812](https://github.com/advisories/GHSA-6c8p-qphv-668v) (Moderate)| +|[simplecov](https://rubygems.org/simplecov)|v0.15.1|12/28/17|tmilewski |MIT|N/A| +|[webmock](https://rubygems.org/webmock)|v3.1.1|12/28/17|tmilewski |MIT|N/A| +|[yard](https://rubygems.org/yard)|v0.9.25|12/28/17|tmilewski |MIT|[CVE-2024-27285](https://github.com/advisories/GHSA-8mq4-9jjh-9xrc) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..23c5e9b --- /dev/null +++ b/techstack.yml @@ -0,0 +1,247 @@ +repo_name: stackshareio/omniauth-openid +report_id: ba373275292511fa6ebd73513400a4f3 +version: 0.1 +repo_type: Public +timestamp: '2024-03-08T13:22:03+00:00' +requested_by: web-flow +provider: github +branch: master +detected_tools_count: 15 +tools: +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/omniauth-openid + detection_source: Repo Metadata +- name: Sinatra + description: Classy web-development dressed in a DSL + website_url: http://www.sinatrarb.com/ + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Microframeworks (Backend) + image_url: https://img.stackshare.io/service/999/logo.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Michael Bleigh + last_updated_on: 2011-10-20 01:53:44.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/omniauth-openid + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: 3.7.0 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Erik Michaels-Ober + last_updated_on: 2011-04-29 01:48:26.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/omniauth-openid.gemspec + detection_source: omniauth-openid.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-05 05:20:34.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:54:19.000000000 Z +- name: jruby-openssl + description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL + native library + package_url: https://rubygems.org/jruby-openssl + version: '0.9' + license: Other + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19237/default_c4ed1d3f735f11415ee5d02b5a5ba48490465220.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z +- name: omniauth + description: A generalized Rack framework for multiple-provider authentication + package_url: https://rubygems.org/omniauth + version: 1.8.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18914/default_aa081534cc9e2d100412a763ab69743f22c56ceb.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z + vulnerabilities: + - name: OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` + value + cve_id: CVE-2020-36599 + cve_url: https://github.com/advisories/GHSA-pm55-qfxr-h247 + detected_date: Sep 1 + severity: critical + first_patched: 1.9.2 + - name: OmniAuth Ruby gem Cross-site Request Forgery in request phase + cve_id: CVE-2015-9284 + cve_url: https://github.com/advisories/GHSA-ww4x-rwq6-qpgf + detected_date: Aug 22 + severity: high + first_patched: 2.0.0 +- name: rack-openid + description: Provides a more HTTPish API around the ruby-openid library + package_url: https://rubygems.org/rack-openid + version: 1.4.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/rubygems/image.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z +- name: rack-test + description: Rack::Test is a small, simple testing API for Rack apps + package_url: https://rubygems.org/rack-test + version: 0.8.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18845/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + version: 13.0.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: dependabot[bot] + last_updated_on: 2020-08-02 02:18:34.000000000 Z +- name: ruby-openid + description: A library for consuming and serving OpenID identities + package_url: https://rubygems.org/ruby-openid + version: 2.1.8 + license: Ruby,Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19359/default_586c7ce6af1eca79bd84e28b9ad0423907b71664.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z + vulnerabilities: + - name: ruby-openid SSRF via claimed_id request + cve_id: CVE-2019-11027 + cve_url: https://github.com/advisories/GHSA-fqfj-cmh6-hj49 + detected_date: Aug 22 + severity: critical + first_patched: 2.9.0 + - name: Denial of service in ruby-openid + cve_id: CVE-2013-1812 + cve_url: https://github.com/advisories/GHSA-6c8p-qphv-668v + detected_date: Aug 22 + severity: moderate + first_patched: 2.2.2 +- name: simplecov + description: Code coverage for Ruby 1.9+ with a powerful configuration library and + automatic merging of coverage across test suites + package_url: https://rubygems.org/simplecov + version: 0.15.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18819/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: webmock + description: WebMock allows stubbing HTTP requests and setting expectations on HTTP + requests + package_url: https://rubygems.org/webmock + version: 3.1.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18824/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: yard + description: YARD is a documentation generation tool for the Ruby programming language + package_url: https://rubygems.org/yard + version: 0.9.25 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18825/default_b8fbb83e23c963442e15398c5b56262cc6267d6f.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z + vulnerabilities: + - name: YARD's default template vulnerable to Cross-site Scripting in generated + frames.html + cve_id: CVE-2024-27285 + cve_url: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc + detected_date: Feb 29 + severity: moderate + first_patched: 0.9.36