diff --git a/techstack.md b/techstack.md new file mode 100644 index 000000000..a585b544d --- /dev/null +++ b/techstack.md @@ -0,0 +1,127 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/omniauth](https://github.com/stackshareio/omniauth)![](https://img.stackshare.io/public_badge.svg "public") +

+|20
Tools used|03/01/24
Report generated| +|------|------| +
+ +## Languages (2) + + + + + + +
+ CSS 3 +
+ CSS 3 +
+ +		 + Ruby +
+ Ruby +
+ +
+ +## DevOps (5) + + + + + + + + + + + + +
+ Bundler +
+ Bundler +
+ +		 + Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v3.5.0 +		 + RubyGems +
+ RubyGems +
+ +		 + Travis CI +
+ Travis CI +
+ +
+ + +## Open source packages (13) + +## RubyGems (13) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[benchmark-ips](https://rubygems.org/benchmark-ips)|N/A|10/01/14|schneems |MIT|N/A| +|[coveralls](https://rubygems.org/coveralls)|N/A|02/12/17|Tom Milewski |MIT|N/A| +|[hashie](https://rubygems.org/hashie)|v3.4.6|11/11/19|Bobby McDonald |MIT|N/A| +|[jruby-openssl](https://rubygems.org/jruby-openssl)|v0.9.19|11/11/19|Bobby McDonald |Other|N/A| +|[kramdown](https://rubygems.org/kramdown)|N/A|02/12/17|Tom Milewski |MIT|N/A| +|[memory_profiler](https://rubygems.org/memory_profiler)|N/A|10/01/14|schneems |MIT|N/A| +|[mime-types](https://rubygems.org/mime-types)|v3.1|02/11/17|Tom Milewski |MIT|N/A| +|[pry](https://rubygems.org/pry)|N/A|04/07/11|Michael Bleigh |MIT|N/A| +|[rack](https://rubygems.org/rack)|v1.6.2|02/11/17|Tom Milewski |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-44570](https://github.com/advisories/GHSA-65f5-mfpf-vfhj) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[CVE-2024-25126](https://github.com/advisories/GHSA-22f2-v57c-j9cx) (Low)
[CVE-2024-26146](https://github.com/advisories/GHSA-54rr-7fvw-6x8f) (Low)
[CVE-2024-26141](https://github.com/advisories/GHSA-xj5v-6v4g-jfw6) (Low)| +|[rack-test](https://rubygems.org/rack-test)|N/A|12/14/18|Tom Milewski |MIT|N/A| +|[rake](https://rubygems.org/rake)|v12.0|02/11/17|Tom Milewski |MIT|[CVE-2020-8130](https://github.com/advisories/GHSA-jppv-gw3r-w3q8) (Moderate)| +|[rest-client](https://rubygems.org/rest-client)|v2.0.0|02/11/17|Tom Milewski |MIT|N/A| +|[yard](https://rubygems.org/yard)|v0.9.11|12/28/17|tmilewski |MIT|[CVE-2019-1020001](https://github.com/advisories/GHSA-xfhh-rx56-rxcr) (High)
[CVE-2024-27285](https://github.com/advisories/GHSA-8mq4-9jjh-9xrc) (Moderate)| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 000000000..7be82115d --- /dev/null +++ b/techstack.yml @@ -0,0 +1,361 @@ +repo_name: stackshareio/omniauth +report_id: 866761f992b540fc35cc3ac4733a20e2 +version: 0.1 +repo_type: Public +timestamp: '2024-03-01T20:35:52+00:00' +requested_by: BobbyMcWho +provider: github +branch: master +detected_tools_count: 20 +tools: +- name: CSS 3 + description: The latest evolution of the Cascading Style Sheets language + website_url: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS3 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/6727/css.png + detection_source_url: https://github.com/stackshareio/omniauth + detection_source: Repo Metadata +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/omniauth + detection_source: Repo Metadata +- name: Bundler + description: A consistent environment for tracking and installing gems and versions + website_url: http://bundler.io + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/2988/4e77LXIo_400x400.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/omniauth.gemspec + detection_source: omniauth.gemspec + last_updated_by: Tom Milewski + last_updated_on: 2017-02-11 19:38:00.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/omniauth + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: 3.5.0 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Michael Bleigh + last_updated_on: 2011-04-07 23:59:12.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/omniauth.gemspec + detection_source: omniauth.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-05-01 19:07:56.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: Michael Bleigh + last_updated_on: 2011-04-07 23:57:12.000000000 Z +- name: benchmark-ips + description: An iterations per second enhancement to Benchmark + package_url: https://rubygems.org/benchmark-ips + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19069/default_5f9f148b380c6e53dd11ecf4121a9aa0355b667e.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: schneems + last_updated_on: 2014-10-01 18:41:24.000000000 Z +- name: coveralls + description: A Ruby implementation of the Coveralls API + package_url: https://rubygems.org/coveralls + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18833/default_8c2fa81d8b8e48c679685199823ce30d598d3e87.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2017-02-12 08:51:20.000000000 Z +- name: hashie + description: Hashie is a collection of classes and mixins that make hashes more + powerful + package_url: https://rubygems.org/hashie + version: 3.4.6 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18857/default_8ed4d900247cd3cbcebc45138514f25fd80b6c4b.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Bobby McDonald + last_updated_on: 2019-11-11 02:17:25.000000000 Z +- name: jruby-openssl + description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL + native library + package_url: https://rubygems.org/jruby-openssl + version: 0.9.19 + license: Other + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19237/default_c4ed1d3f735f11415ee5d02b5a5ba48490465220.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Bobby McDonald + last_updated_on: 2019-11-11 05:34:16.000000000 Z +- name: kramdown + description: Kramdown is yet-another-markdown-parser but fast + package_url: https://rubygems.org/kramdown + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18939/default_9835367d7a13be70dd38d3b7dfa4b8514b31a43d.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2017-02-12 06:12:28.000000000 Z +- name: memory_profiler + description: Memory profiling routines for Ruby 2.3+ + package_url: https://rubygems.org/memory_profiler + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19745/default_9441b9831c402e8b1bbbeac1030603f41221911e.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: schneems + last_updated_on: 2014-10-01 18:41:24.000000000 Z +- name: mime-types + description: The mime-types library provides a library and registry for information + about MIME content type definitions + package_url: https://rubygems.org/mime-types + version: '3.1' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18884/default_5eea69864b07424ee9f6cd5c0e7cb7227f1b4579.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2017-02-11 19:38:00.000000000 Z +- name: pry + description: An IRB alternative and runtime developer console + package_url: https://rubygems.org/pry + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18815/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Michael Bleigh + last_updated_on: 2011-04-07 23:59:12.000000000 Z +- name: rack + description: Rack provides a minimal, modular and adaptable interface for developing + web applications in Ruby + package_url: https://rubygems.org/rack + version: 1.6.2 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18839/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/omniauth.gemspec + detection_source: omniauth.gemspec + last_updated_by: Tom Milewski + last_updated_on: 2017-02-11 16:57:24.000000000 Z + vulnerabilities: + - name: Possible shell escape sequence injection vulnerability in Rack + cve_id: CVE-2022-30123 + cve_url: https://github.com/advisories/GHSA-wq4h-7r42-5hrr + detected_date: May 28 + severity: critical + first_patched: 2.0.9.1 + - name: Rack has possible DoS Vulnerability in Multipart MIME parsing + cve_id: CVE-2023-27530 + cve_url: https://github.com/advisories/GHSA-3h57-hmj3-gj3p + detected_date: Mar 9 + severity: high + first_patched: 2.0.9.3 + - name: Rack allows Percent-encoded cookies to overwrite existing prefixed cookie + names + cve_id: CVE-2020-8184 + cve_url: https://github.com/advisories/GHSA-j6w9-fv6q-3q52 + detected_date: Aug 22 + severity: high + first_patched: 2.1.4 + - name: Denial of service via header parsing in Rack + cve_id: CVE-2022-44570 + cve_url: https://github.com/advisories/GHSA-65f5-mfpf-vfhj + detected_date: Jan 19 + severity: high + first_patched: 2.0.9.2 + - name: Denial of Service Vulnerability in Rack Multipart Parsing + cve_id: CVE-2022-30122 + cve_url: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 + detected_date: May 28 + severity: high + first_patched: 2.0.9.1 + - name: Directory traversal in Rack::Directory app bundled with Rack + cve_id: CVE-2020-8161 + cve_url: https://github.com/advisories/GHSA-5f9h-9pjv-v6j7 + detected_date: Aug 22 + severity: high + first_patched: 2.1.3 + - name: Possible Information Leak / Session Hijack Vulnerability in Rack + cve_id: CVE-2019-16782 + cve_url: https://github.com/advisories/GHSA-hrqr-hxpp-chr3 + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.12 + - name: Rack vulnerable to Cross-site Scripting + cve_id: CVE-2018-16471 + cve_url: https://github.com/advisories/GHSA-5r2p-j47h-mhpg + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.11 + - name: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) + cve_id: CVE-2024-25126 + cve_url: https://github.com/advisories/GHSA-22f2-v57c-j9cx + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 + - name: Rack Header Parsing leads to Possible Denial of Service Vulnerability + cve_id: CVE-2024-26146 + cve_url: https://github.com/advisories/GHSA-54rr-7fvw-6x8f + detected_date: Feb 29 + severity: low + first_patched: 2.0.9.4 + - name: Rack has possible DoS Vulnerability with Range Header + cve_id: CVE-2024-26141 + cve_url: https://github.com/advisories/GHSA-xj5v-6v4g-jfw6 + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 +- name: rack-test + description: Rack::Test is a small, simple testing API for Rack apps + package_url: https://rubygems.org/rack-test + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18845/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2018-12-14 17:00:56.000000000 Z +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + version: '12.0' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2017-02-11 19:38:00.000000000 Z + vulnerabilities: + - name: OS Command Injection in Rake + cve_id: CVE-2020-8130 + cve_url: https://github.com/advisories/GHSA-jppv-gw3r-w3q8 + detected_date: Aug 22 + severity: moderate + first_patched: 12.3.3 +- name: rest-client + description: A simple HTTP and REST client for Ruby + package_url: https://rubygems.org/rest-client + version: 2.0.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18836/default_669e0ebb464c584b580cfec09e646fddff70c02a.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Tom Milewski + last_updated_on: 2017-02-11 19:38:00.000000000 Z +- name: yard + description: YARD is a documentation generation tool for the Ruby programming language + package_url: https://rubygems.org/yard + version: 0.9.11 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18825/default_b8fbb83e23c963442e15398c5b56262cc6267d6f.png + detection_source_url: https://github.com/stackshareio/omniauth/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: tmilewski + last_updated_on: 2017-12-28 04:22:21.000000000 Z + vulnerabilities: + - name: Path Traversal vulnerability that affects yard + cve_id: CVE-2019-1020001 + cve_url: https://github.com/advisories/GHSA-xfhh-rx56-rxcr + detected_date: Aug 22 + severity: high + first_patched: 0.9.20 + - name: YARD's default template vulnerable to Cross-site Scripting in generated + frames.html + cve_id: CVE-2024-27285 + cve_url: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc + detected_date: Feb 29 + severity: moderate + first_patched: 0.9.35