:hammer: a modular and flexible dependency manager that can download, build and stage multiple languages
Home Page: https://supersandro2000.github.io/canuby/
License: GNU General Public License v3.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::GemNotFound with message: Could not find gem 'minitest-filesystem (<= 1.2.0, >= 1.2)' in any of the gem sources listed in your Gemfile.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::GemNotFound with message: Could not find gem 'minitest-filesystem (~> 1.2)' in any of the gem sources listed in your Gemfile.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Vulnerable Library - jquery-1.7.1.min.jsJavaScript library for DOM operations
path: /canuby/js/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: a8bf6e28b563840e62408d7126ab7f21e5e8d373
Vulnerability Details
In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0.
Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.
Publish Date: 2017-04-15
URL: WS-2017-0195
CVSS 2 Score Details (5.3)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: jquery/jquery@d12e13d
Release Date: 2016-05-29
Fix Resolution: Replace or update the following files: attr.js, attributes.js
Step up your Open Source Security Game with WhiteSource here
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "rubygems":
In Gemfile:
rubygems (= 3.0.2)
canuby was resolved to 0.0.1, which depends on
rubygems (~> 2.7.3)
Could not find gem 'rubygems (~> 2.7.3)', which is required by gem 'canuby', in any of the relevant sources:
the local ruby installation
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::GemNotFound with message: Could not find gem 'minitest-filesystem (<= 1.2.0, >= 1.2)' in any of the gem sources listed in your Gemfile.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "rubygems":
In Gemfile:
rubygems (= 3.0.1)
canuby was resolved to 0.0.1, which depends on
rubygems (~> 2.7.3)
Could not find gem 'rubygems (~> 2.7.3)', which is required by gem 'canuby', in any of the relevant sources:
the local ruby installation
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Vulnerable Library - jquery-1.7.1.min.jsJavaScript library for DOM operations
path: /canuby/js/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: a8bf6e28b563840e62408d7126ab7f21e5e8d373
Vulnerability Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: jquery/jquery@05531fc#diff-bf0908d787469dbf983b3ed33447c516
Release Date: 2012-12-13
Fix Resolution: Replace or update the following files: selector.js, traversing.js, core.js, sizzle, core.js
Step up your Open Source Security Game with WhiteSource here
Dependabot can't evaluate your Ruby dependency files.
As a result, Dependabot couldn't check whether any of your dependencies are out-of-date.
This is almost always caused by one of your dependency files loading in other files, which Dependabot doesn't currently support. If moving your dependency definitions into a single file isn't an option, let us know.
You can mention @dependabot in the comments below to contact the Dependabot team.
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "rubygems":
In Gemfile:
rubygems (= 3.0.1)
canuby was resolved to 0.0.1, which depends on
rubygems (~> 2.7.3)
Could not find gem 'rubygems (~> 2.7.3)', which is required by gem 'canuby', in any of the relevant sources:
the local ruby installation
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Vulnerable Library - jquery-1.7.1.min.jsJavaScript library for DOM operations
path: /canuby/js/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: a8bf6e28b563840e62408d7126ab7f21e5e8d373
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: jquery/jquery@b078a62#diff-bee4304906ea68bebadfc11be4368419
Release Date: 2015-10-12
Fix Resolution: Replace or update the following files: script.js, ajax.js, ajax.js
Step up your Open Source Security Game with WhiteSource here
Dependabot can't resolve your Ruby dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Bundler::GemNotFound with message: Could not find gem 'minitest-filesystem (~> 1.2)' in any of the gem sources listed in your Gemfile.
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Dependabot can't resolve your Ruby dependencies.
As a result, Dependabot couldn't update any of your dependencies.
This could have been caused by a git reference having been deleted at the source, by an out-of-sync lockfile, or by a bug in Dependabot.
To help diagnose the issue, please try running bundle update --patch locally. If no errors occur, get in touch and we'll help dig into it.
You can mention @dependabot in the comments below to contact the Dependabot team.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.