Does not find Vulnerability

Question

Does not find Vulnerability

prosanelli opened this issue 9 years ago · 3 comments

When I run bundler-audit gem on the command line, it finds:

$ bundle-audit check
Name: uglifier
Version: 2.7.1
Advisory: 126747
Criticality: Unknown
URL: https://github.com/mishoo/UglifyJS2/issues/751
Title: uglifier incorrectly handles non-boolean comparisons during minification
Solution: upgrade to >= 2.7.2

Vulnerabilities found!

When I run in it on CodeClimate CLI, i get:

Starting analysis

Analysis complete! Found 0 issues.

Answer 1 · 2015-09-28T19:40:38.000Z

maybe it's related to: #5

Answer 2 · 2015-12-16T13:56:56.000Z

That vulnerability was added to ruby-advisory-db on Aug 26th though - is it really so out of date?

Answer 3 · 2015-12-17T20:45:59.000Z

Hi @prosanelli @jdelStrother,

So sorry about this. Our process for deploying engines to Docker Hub has been uncharacteristically manual. We've since improved our automation around engine deployments to Docker Hub and I've gone ahead and pushed our a recent build of this engine to Docker Hub.

Additionally, for engines like this which depend upon up-to-date external data, we're working towards more automation to make sure that these engines are updated not only when we have behavioral changes but also on a set interval.

@jdelStrother Thank you for the ping on this yesterday.