From 3e0c980b72add7a5187396585e0041e36f122c78 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 9 Jan 2024 00:04:47 +0000 Subject: [PATCH 01/10] Create techstack.yml --- techstack.yml | 239 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..d79239c --- /dev/null +++ b/techstack.yml @@ -0,0 +1,239 @@ +repo_name: stackshareio/omniauth-openid +report_id: dc9ca062aed3529facada8ebc7a3d66d +version: 0.1 +repo_type: Public +timestamp: '2024-01-09T00:04:45+00:00' +requested_by: web-flow +provider: github +branch: master +detected_tools_count: 15 +tools: +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/omniauth-openid + detection_source: Repo Metadata +- name: Sinatra + description: Classy web-development dressed in a DSL + website_url: http://www.sinatrarb.com/ + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Microframeworks (Backend) + image_url: https://img.stackshare.io/service/999/logo.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Michael Bleigh + last_updated_on: 2011-10-20 01:53:44.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/omniauth-openid + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: 3.7.0 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Erik Michaels-Ober + last_updated_on: 2011-04-29 01:48:26.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/omniauth-openid.gemspec + detection_source: omniauth-openid.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-05 05:20:34.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:54:19.000000000 Z +- name: jruby-openssl + description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL + native library + package_url: https://rubygems.org/jruby-openssl + version: '0.9' + license: Other + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19237/default_c4ed1d3f735f11415ee5d02b5a5ba48490465220.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z +- name: omniauth + description: A generalized Rack framework for multiple-provider authentication + package_url: https://rubygems.org/omniauth + version: 1.8.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18914/default_aa081534cc9e2d100412a763ab69743f22c56ceb.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z + vulnerabilities: + - name: OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` + value + cve_id: CVE-2020-36599 + cve_url: https://github.com/advisories/GHSA-pm55-qfxr-h247 + detected_date: Sep 1 + severity: critical + first_patched: 1.9.2 + - name: OmniAuth Ruby gem Cross-site Request Forgery in request phase + cve_id: CVE-2015-9284 + cve_url: https://github.com/advisories/GHSA-ww4x-rwq6-qpgf + detected_date: Aug 22 + severity: high + first_patched: 2.0.0 +- name: rack-openid + description: Provides a more HTTPish API around the ruby-openid library + package_url: https://rubygems.org/rack-openid + version: 1.4.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/rubygems/image.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z +- name: rack-test + description: Rack::Test is a small, simple testing API for Rack apps + package_url: https://rubygems.org/rack-test + version: 0.8.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18845/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + version: 13.0.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: dependabot[bot] + last_updated_on: 2020-08-02 02:18:34.000000000 Z +- name: ruby-openid + description: A library for consuming and serving OpenID identities + package_url: https://rubygems.org/ruby-openid + version: 2.1.8 + license: Ruby,Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19359/default_586c7ce6af1eca79bd84e28b9ad0423907b71664.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z + vulnerabilities: + - name: ruby-openid SSRF via claimed_id request + cve_id: CVE-2019-11027 + cve_url: https://github.com/advisories/GHSA-fqfj-cmh6-hj49 + detected_date: Aug 22 + severity: critical + first_patched: 2.9.0 + - name: Denial of service in ruby-openid + cve_id: CVE-2013-1812 + cve_url: https://github.com/advisories/GHSA-6c8p-qphv-668v + detected_date: Aug 22 + severity: moderate + first_patched: 2.2.2 +- name: simplecov + description: Code coverage for Ruby 1.9+ with a powerful configuration library and + automatic merging of coverage across test suites + package_url: https://rubygems.org/simplecov + version: 0.15.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18819/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: webmock + description: WebMock allows stubbing HTTP requests and setting expectations on HTTP + requests + package_url: https://rubygems.org/webmock + version: 3.1.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18824/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z +- name: yard + description: YARD is a documentation generation tool for the Ruby programming language + package_url: https://rubygems.org/yard + version: 0.9.25 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18825/default_b8fbb83e23c963442e15398c5b56262cc6267d6f.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 20:11:08.000000000 Z From 28c35ad5884e75b4ddd0386aa69909ef420039c5 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 9 Jan 2024 00:04:48 +0000 Subject: [PATCH 02/10] Create techstack.md --- techstack.md | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..2eaa037 --- /dev/null +++ b/techstack.md @@ -0,0 +1,120 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public") +

+|15
Tools used|01/09/24
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Ruby +
+ Ruby +
+ +
+ +## Frameworks (1) + + + + +
+ Sinatra +
+ Sinatra +
+ +
+ +## DevOps (4) + + + + + + + + + + +
+ Git +
+ Git +
+ +
+ RSpec +
+ RSpec +
+ v3.7.0 +
+ RubyGems +
+ RubyGems +
+ +
+ Travis CI +
+ Travis CI +
+ +
+ + +## Open source packages (9) + +## RubyGems (9) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[jruby-openssl](https://rubygems.org/jruby-openssl)|v0.9|12/28/17|tmilewski |Other|N/A| +|[omniauth](https://rubygems.org/omniauth)|v1.8.1|12/28/17|tmilewski |MIT|[CVE-2020-36599](https://github.com/advisories/GHSA-pm55-qfxr-h247) (Critical)
[CVE-2015-9284](https://github.com/advisories/GHSA-ww4x-rwq6-qpgf) (High)| +|[rack-openid](https://rubygems.org/rack-openid)|v1.4.2|12/28/17|tmilewski |MIT|N/A| +|[rack-test](https://rubygems.org/rack-test)|v0.8.2|12/28/17|tmilewski |MIT|N/A| +|[rake](https://rubygems.org/rake)|v13.0.1|08/02/20|dependabot[bot] |MIT|N/A| +|[ruby-openid](https://rubygems.org/ruby-openid)|v2.1.8|12/28/17|tmilewski |Ruby,Apache-2.0|[CVE-2019-11027](https://github.com/advisories/GHSA-fqfj-cmh6-hj49) (Critical)
[CVE-2013-1812](https://github.com/advisories/GHSA-6c8p-qphv-668v) (Moderate)| +|[simplecov](https://rubygems.org/simplecov)|v0.15.1|12/28/17|tmilewski |MIT|N/A| +|[webmock](https://rubygems.org/webmock)|v3.1.1|12/28/17|tmilewski |MIT|N/A| +|[yard](https://rubygems.org/yard)|v0.9.25|12/28/17|tmilewski |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) From 53e1d30f7d1f81c6123973ef607563e85c120bb1 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 15 Feb 2024 18:29:44 +0000 Subject: [PATCH 03/10] Update techstack.yml --- techstack.yml | 56 +++++++-------------------------------------------- 1 file changed, 7 insertions(+), 49 deletions(-) diff --git a/techstack.yml b/techstack.yml index d79239c..c2a4870 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,12 +1,12 @@ repo_name: stackshareio/omniauth-openid -report_id: dc9ca062aed3529facada8ebc7a3d66d +report_id: a477835aaf2d4e4a752d670c524f07bd version: 0.1 repo_type: Public -timestamp: '2024-01-09T00:04:45+00:00' +timestamp: '2024-02-15T18:29:42+00:00' requested_by: web-flow provider: github branch: master -detected_tools_count: 15 +detected_tools_count: 13 tools: - name: Ruby description: A dynamic, interpreted, open source programming language with a focus @@ -64,10 +64,10 @@ tools: category: Build, Test, Deploy sub_category: Package Managers image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg - detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/omniauth-openid.gemspec - detection_source: omniauth-openid.gemspec - last_updated_by: Michael Bleigh - last_updated_on: 2010-04-05 05:20:34.000000000 Z + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Erik Michaels-Ober + last_updated_on: 2011-04-29 01:48:26.000000000 Z - name: Travis CI description: A hosted continuous integration service for open source and private projects @@ -96,48 +96,6 @@ tools: detection_source: Gemfile last_updated_by: tmilewski last_updated_on: 2017-12-28 19:50:50.000000000 Z -- name: omniauth - description: A generalized Rack framework for multiple-provider authentication - package_url: https://rubygems.org/omniauth - version: 1.8.1 - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/18914/default_aa081534cc9e2d100412a763ab69743f22c56ceb.png - detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock - detection_source: omniauth-openid.gemspec - last_updated_by: tmilewski - last_updated_on: 2017-12-28 19:50:50.000000000 Z - vulnerabilities: - - name: OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` - value - cve_id: CVE-2020-36599 - cve_url: https://github.com/advisories/GHSA-pm55-qfxr-h247 - detected_date: Sep 1 - severity: critical - first_patched: 1.9.2 - - name: OmniAuth Ruby gem Cross-site Request Forgery in request phase - cve_id: CVE-2015-9284 - cve_url: https://github.com/advisories/GHSA-ww4x-rwq6-qpgf - detected_date: Aug 22 - severity: high - first_patched: 2.0.0 -- name: rack-openid - description: Provides a more HTTPish API around the ruby-openid library - package_url: https://rubygems.org/rack-openid - version: 1.4.2 - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/rubygems/image.png - detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock - detection_source: omniauth-openid.gemspec - last_updated_by: tmilewski - last_updated_on: 2017-12-28 19:50:50.000000000 Z - name: rack-test description: Rack::Test is a small, simple testing API for Rack apps package_url: https://rubygems.org/rack-test From ed70ea07272333de8e5d6a8fce0390d4abf84d3e Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 15 Feb 2024 18:29:45 +0000 Subject: [PATCH 04/10] Update techstack.md --- techstack.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/techstack.md b/techstack.md index 2eaa037..ae55d5d 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public")

-|15
Tools used|01/09/24
Report generated| +|13
Tools used|02/15/24
Report generated| |------|------|
@@ -98,15 +98,13 @@ Full tech stack [here](/techstack.md) -## Open source packages (9) +## Open source packages (7) -## RubyGems (9) +## RubyGems (7) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| |[jruby-openssl](https://rubygems.org/jruby-openssl)|v0.9|12/28/17|tmilewski |Other|N/A| -|[omniauth](https://rubygems.org/omniauth)|v1.8.1|12/28/17|tmilewski |MIT|[CVE-2020-36599](https://github.com/advisories/GHSA-pm55-qfxr-h247) (Critical)
[CVE-2015-9284](https://github.com/advisories/GHSA-ww4x-rwq6-qpgf) (High)| -|[rack-openid](https://rubygems.org/rack-openid)|v1.4.2|12/28/17|tmilewski |MIT|N/A| |[rack-test](https://rubygems.org/rack-test)|v0.8.2|12/28/17|tmilewski |MIT|N/A| |[rake](https://rubygems.org/rake)|v13.0.1|08/02/20|dependabot[bot] |MIT|N/A| |[ruby-openid](https://rubygems.org/ruby-openid)|v2.1.8|12/28/17|tmilewski |Ruby,Apache-2.0|[CVE-2019-11027](https://github.com/advisories/GHSA-fqfj-cmh6-hj49) (Critical)
[CVE-2013-1812](https://github.com/advisories/GHSA-6c8p-qphv-668v) (Moderate)| From 79aa8e2a777dccaed26bd93316c44a49d860594b Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 16 Feb 2024 00:20:34 +0000 Subject: [PATCH 05/10] Update techstack.yml --- techstack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.yml b/techstack.yml index c2a4870..09c6f91 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,8 +1,8 @@ repo_name: stackshareio/omniauth-openid -report_id: a477835aaf2d4e4a752d670c524f07bd +report_id: d32abb6cd707ea96e9fca085679f8265 version: 0.1 repo_type: Public -timestamp: '2024-02-15T18:29:42+00:00' +timestamp: '2024-02-16T00:20:33+00:00' requested_by: web-flow provider: github branch: master From 800c2d4f0703a7eac201e020eaf2bcfb68a72c16 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 16 Feb 2024 00:20:35 +0000 Subject: [PATCH 06/10] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index ae55d5d..32b5951 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public")

-|13
Tools used|02/15/24
Report generated| +|13
Tools used|02/16/24
Report generated| |------|------| From c9be78dbef93173d03623bbe468c7801d5187e18 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:42 +0000 Subject: [PATCH 07/10] Update techstack.yml --- techstack.yml | 64 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 7 deletions(-) diff --git a/techstack.yml b/techstack.yml index 09c6f91..47b73cb 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,12 +1,12 @@ repo_name: stackshareio/omniauth-openid -report_id: d32abb6cd707ea96e9fca085679f8265 +report_id: ba373275292511fa6ebd73513400a4f3 version: 0.1 repo_type: Public -timestamp: '2024-02-16T00:20:33+00:00' +timestamp: '2024-03-01T20:35:41+00:00' requested_by: web-flow provider: github branch: master -detected_tools_count: 13 +detected_tools_count: 15 tools: - name: Ruby description: A dynamic, interpreted, open source programming language with a focus @@ -64,10 +64,10 @@ tools: category: Build, Test, Deploy sub_category: Package Managers image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg - detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile - detection_source: Gemfile - last_updated_by: Erik Michaels-Ober - last_updated_on: 2011-04-29 01:48:26.000000000 Z + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/omniauth-openid.gemspec + detection_source: omniauth-openid.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-05 05:20:34.000000000 Z - name: Travis CI description: A hosted continuous integration service for open source and private projects @@ -96,6 +96,48 @@ tools: detection_source: Gemfile last_updated_by: tmilewski last_updated_on: 2017-12-28 19:50:50.000000000 Z +- name: omniauth + description: A generalized Rack framework for multiple-provider authentication + package_url: https://rubygems.org/omniauth + version: 1.8.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18914/default_aa081534cc9e2d100412a763ab69743f22c56ceb.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z + vulnerabilities: + - name: OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` + value + cve_id: CVE-2020-36599 + cve_url: https://github.com/advisories/GHSA-pm55-qfxr-h247 + detected_date: Sep 1 + severity: critical + first_patched: 1.9.2 + - name: OmniAuth Ruby gem Cross-site Request Forgery in request phase + cve_id: CVE-2015-9284 + cve_url: https://github.com/advisories/GHSA-ww4x-rwq6-qpgf + detected_date: Aug 22 + severity: high + first_patched: 2.0.0 +- name: rack-openid + description: Provides a more HTTPish API around the ruby-openid library + package_url: https://rubygems.org/rack-openid + version: 1.4.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/rubygems/image.png + detection_source_url: https://github.com/stackshareio/omniauth-openid/blob/master/Gemfile.lock + detection_source: omniauth-openid.gemspec + last_updated_by: tmilewski + last_updated_on: 2017-12-28 19:50:50.000000000 Z - name: rack-test description: Rack::Test is a small, simple testing API for Rack apps package_url: https://rubygems.org/rack-test @@ -195,3 +237,11 @@ tools: detection_source: Gemfile last_updated_by: tmilewski last_updated_on: 2017-12-28 20:11:08.000000000 Z + vulnerabilities: + - name: YARD's default template vulnerable to Cross-site Scripting in generated + frames.html + cve_id: CVE-2024-27285 + cve_url: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc + detected_date: Feb 29 + severity: moderate + first_patched: 0.9.35 From 04ffda9839faa09341125b38a511ee18c3895869 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:43 +0000 Subject: [PATCH 08/10] Update techstack.md --- techstack.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/techstack.md b/techstack.md index 32b5951..9f59d78 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public")

-|13
Tools used|02/16/24
Report generated| +|15
Tools used|03/01/24
Report generated| |------|------| @@ -98,19 +98,21 @@ Full tech stack [here](/techstack.md) -## Open source packages (7) +## Open source packages (9) -## RubyGems (7) +## RubyGems (9) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| |[jruby-openssl](https://rubygems.org/jruby-openssl)|v0.9|12/28/17|tmilewski |Other|N/A| +|[omniauth](https://rubygems.org/omniauth)|v1.8.1|12/28/17|tmilewski |MIT|[CVE-2020-36599](https://github.com/advisories/GHSA-pm55-qfxr-h247) (Critical)
[CVE-2015-9284](https://github.com/advisories/GHSA-ww4x-rwq6-qpgf) (High)| +|[rack-openid](https://rubygems.org/rack-openid)|v1.4.2|12/28/17|tmilewski |MIT|N/A| |[rack-test](https://rubygems.org/rack-test)|v0.8.2|12/28/17|tmilewski |MIT|N/A| |[rake](https://rubygems.org/rake)|v13.0.1|08/02/20|dependabot[bot] |MIT|N/A| |[ruby-openid](https://rubygems.org/ruby-openid)|v2.1.8|12/28/17|tmilewski |Ruby,Apache-2.0|[CVE-2019-11027](https://github.com/advisories/GHSA-fqfj-cmh6-hj49) (Critical)
[CVE-2013-1812](https://github.com/advisories/GHSA-6c8p-qphv-668v) (Moderate)| |[simplecov](https://rubygems.org/simplecov)|v0.15.1|12/28/17|tmilewski |MIT|N/A| |[webmock](https://rubygems.org/webmock)|v3.1.1|12/28/17|tmilewski |MIT|N/A| -|[yard](https://rubygems.org/yard)|v0.9.25|12/28/17|tmilewski |MIT|N/A| +|[yard](https://rubygems.org/yard)|v0.9.25|12/28/17|tmilewski |MIT|[CVE-2024-27285](https://github.com/advisories/GHSA-8mq4-9jjh-9xrc) (Moderate)|
From c6b5dfc6387e5d61cef3bfc863d5abc36863ce20 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 8 Mar 2024 13:22:05 +0000 Subject: [PATCH 09/10] Update techstack.yml --- techstack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.yml b/techstack.yml index 47b73cb..23c5e9b 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: stackshareio/omniauth-openid report_id: ba373275292511fa6ebd73513400a4f3 version: 0.1 repo_type: Public -timestamp: '2024-03-01T20:35:41+00:00' +timestamp: '2024-03-08T13:22:03+00:00' requested_by: web-flow provider: github branch: master @@ -244,4 +244,4 @@ tools: cve_url: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc detected_date: Feb 29 severity: moderate - first_patched: 0.9.35 + first_patched: 0.9.36 From 7a7e654f820aacc62ab46ec2516c42f9ea991502 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 8 Mar 2024 13:22:05 +0000 Subject: [PATCH 10/10] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index 9f59d78..9cefe6a 100644 --- a/techstack.md +++ b/techstack.md @@ -30,7 +30,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth-openid](https://github.com/stackshareio/omniauth-openid)![](https://img.stackshare.io/public_badge.svg "public")

-|15
Tools used|03/01/24
Report generated| +|15
Tools used|03/08/24
Report generated| |------|------|