Critical vulnerability for rack 0.0.0 in docker-scout #501
Labels
bug
Indicates an unexpected problem or unintended behavior
Comments
|
its suspect that docker-scout is complaining incorrectly about the rack version 0.0.0 when its at 2.2.8.1, which was the most recent patched version for rack in the 2.x release branch |
|
Closing due to lack of response, and I also think the report is invalid as per previous comments |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
I am currently using "@pact-foundation/pact": "^12.3.0" as a dev dependency in a NextJS project. Docker-scout is listing a critical vulnerability for rack 0.0.0 , and the package path is:
Type: gem
Location:
/node_modules/@pact-foundation/pact-core/standalone/darwin-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
/node_modules/@pact-foundation/pact-core/standalone/darwin-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
/node_modules/@pact-foundation/pact-core/standalone/linux-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
/node_modules/@pact-foundation/pact-core/standalone/linux-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
/node_modules/@pact-foundation/pact-core/standalone/windows-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec
We upgraded the @pact-foundation/pact version based on pact-foundation/pact-ruby-standalone#132 issue hoping it would fix this but the location is linking back to @pact-foundation/pact-core
The text was updated successfully, but these errors were encountered: