techulus / push-github-action Goto Github PK

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • Gemfile
  • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIVESUPPORT-3237242	No	No Known Exploit
	591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-3360028	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow or Wraparound SNYK-RUBY-COMMONMARKER-2415031	Yes	No Known Exploit
	486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Out-of-bounds Read SNYK-RUBY-COMMONMARKER-3318398	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318399	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318400	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318401	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-1726792	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Use After Free SNYK-RUBY-NOKOGIRI-2413994	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-NOKOGIRI-2620374	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Write SNYK-RUBY-NOKOGIRI-2630623	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-2630898	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Improper Handling of Unexpected Data Type SNYK-RUBY-NOKOGIRI-2840634	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	NULL Pointer Dereference SNYK-RUBY-NOKOGIRI-3052880	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-RUBY-TZINFO-2958048	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn

Originally posted by @NahNick in NahNick/opensource.guide#11

New Crowdin translations, automated with Github Actions

See .github/workflows/crowdin-download.yml

This PR will be updated every day with new translations.

Due to a limitation in Github Actions, checks are not running on this PR without manual action.
If you want to run the checks, then close and re-open it.

Originally posted by @github-actions in mastodon/mastodon#27220

Pitch

When unfollowing a user that follows you, Mastodon should ask through a confirmation dialogue if you would also like that user to be removed as a follower (as can be done through the /relationships screen).

This dialogue should be configurable as such:

• Always prompt to remove follower when unfollowing
• Always remove follower when unfollowing

Motivation

"Softblocking"—blocking a user and then unblocking them to force an unfollow—is in common practice on Mastodon. This functionality should be implemented in the UI itself. Accounts which maintain small and roughly symmetrical following/follower typically do not want to maintain followers who they do not themselves follow.

Originally posted by @a-dows in mastodon/mastodon#26891

Steps to reproduce the problem

1. git checkout main
2. docker compose build --progress plain
3. Canceled with error:

#20 27.04 Bundler 2.4.10 is running, but your lockfile was generated with 2.4.13. Installing Bundler 2.4.13 and restarting using that version.
#20 27.21 There was an error installing the locked bundler version (2.4.13), rerun with the `--verbose` flag for more details. Going on using bundler 2.4.10.
#20 27.29 Could not load OpenSSL.
#20 27.29 You must recompile Ruby with OpenSSL support.
#20 ERROR: process "/bin/bash -o pipefail -c apt-get update &&     apt-get install -y --no-install-recommends build-essential         git         libicu-dev         libidn-dev         libpq-dev         libjemalloc-dev         zlib1g-dev         libgdbm-dev         libgmp-dev         libssl-dev         libyaml-0-2         ca-certificates         libreadline8         python3         shared-mime-info &&     bundle config set --local deployment 'true' &&     bundle config set --local without 'development test' &&     bundle config set silence_root_warning true &&     bundle install -j\"$(nproc)\" &&     yarn install --pure-lockfile --production --network-timeout 600000 &&     yarn cache clean" did not complete successfully: exit code: 17

Expected behaviour

Build succeeds

Actual behaviour

Build fails

Detailed description

No response

Mastodon instance

No response

Mastodon version

main

Technical details

No response

Originally posted by @CSDUMMI in mastodon/mastodon#26888

Issue Description

Configuration Details

Originally posted by @NahNick in vmstan/gravity-sync#408