fastlane/ci

Update Sinatra to >=2.0.2 for vulnerability

powerivq opened this issue · 2 comments

powerivq commented

#970 #972

There has been an attempt to upgrade the Sinatra to 2.0.2 for a known vulnerability, however it caused a regression. Further investigation is needed to figure out why and fix that.

Stack trace copied here

NoMethodError: Failed to open TCP connection to api.github.com:443 (undefined method `[]' for nil:NilClass)
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:882:in `rescue in block in connect'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:879:in `block in connect'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/timeout.rb:91:in `block in timeout'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/timeout.rb:101:in `timeout'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:878:in `connect'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:852:in `start'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:1398:in `request'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/2.3.0/net/http.rb:1156:in `get'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/adapter/net_http.rb:85:in `perform_request'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/adapter/net_http.rb:43:in `block in call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/adapter/net_http.rb:92:in `with_net_http_connection'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/adapter/net_http.rb:38:in `call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/response.rb:8:in `call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/response.rb:8:in `call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/octokit-4.9.0/lib/octokit/middleware/follow_redirects.rb:73:in `perform_with_redirection'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/octokit-4.9.0/lib/octokit/middleware/follow_redirects.rb:61:in `call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/rack_builder.rb:143:in `build_response'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/connection.rb:387:in `run_request'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/faraday-0.15.2/lib/faraday/connection.rb:138:in `get'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/sawyer-0.8.1/lib/sawyer/agent.rb:94:in `call'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/octokit-4.9.0/lib/octokit/connection.rb:156:in `request'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/octokit-4.9.0/lib/octokit/connection.rb:84:in `paginate'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/octokit-4.9.0/lib/octokit/client/users.rb:300:in `emails'
  /Users/liebowitz/dev/ci/app/services/services.rb:115:in `provider_credential'
  /Users/liebowitz/dev/ci/app/services/services.rb:182:in `configuration_repository_service'
  /Users/liebowitz/dev/ci/app/services/onboarding_service.rb:81:in `remote_configuration_repository_valid?'
  /Users/liebowitz/dev/ci/app/services/onboarding_service.rb:56:in `required_keys_and_proper_remote_configuration_repo?'
  /Users/liebowitz/dev/ci/app/services/onboarding_service.rb:37:in `correct_setup?'
  /Users/liebowitz/dev/ci/launch.rb:161:in `start_github_workers'
  /Users/liebowitz/dev/ci/launch.rb:37:in `take_off'
  /Users/liebowitz/dev/ci/config.ru:8:in `block in <main>'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/builder.rb:55:in `instance_eval'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/builder.rb:55:in `initialize'
  /Users/liebowitz/dev/ci/config.ru:in `new'
  /Users/liebowitz/dev/ci/config.ru:in `<main>'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/builder.rb:49:in `eval'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/builder.rb:49:in `new_from_string'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/builder.rb:40:in `parse_file'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/server.rb:319:in `build_app_and_options_from_config'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/server.rb:219:in `app'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/server.rb:354:in `wrapped_app'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/server.rb:283:in `start'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/lib/rack/server.rb:148:in `start'
  /Users/liebowitz/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rack-2.0.5/bin/rackup:4:in `<top (required)>'
  /Users/liebowitz/.rbenv/versions/2.3.3/bin/rackup:22:in `load'
  /Users/liebowitz/.rbenv/versions/2.3.3/bin/rackup:22:in `<top (required)>'
KrauseFx commented

Cool, thanks for creating this issue, I tagged it for the Beta milestone 👍

taquitos commented

Closing in favor of a newer PR: #1005