Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Dependency on old version of rest-client
See original GitHub issueHas anyone else who is using the filestack-rails gem run into these messages on the bundle-audit check?
Name: rest-client
Version: 1.6.9
Advisory: CVE-2015-1820
Criticality: Unknown
URL: https://github.com/rest-client/rest-client/issues/369
Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
Solution: upgrade to >= 1.8.0
Name: rest-client
Version: 1.6.9
Advisory: CVE-2015-3448
Criticality: Unknown
URL: http://www.osvdb.org/show/osvdb/117461
Title: Rest-Client Gem for Ruby logs password information in plaintext
Solution: upgrade to >= 1.7.3
I’m unable to update the rest-client gem because the latest version of the filestack-rails gem (3.1.0) has a dependency on rest-client 1.6.7:
In Gemfile:
rest-client (>= 1.8.0)
filestack-rails was resolved to 3.1.0, which depends on
filestack (~> 2.1.0) was resolved to 2.1.0, which depends on
unirest (~> 1.1.2) was resolved to 1.1.2, which depends on
rest-client (~> 1.6.7)```Issue Analytics
- State:
- Created 6 years ago
- Reactions:3
- Comments:15 (5 by maintainers)
Top Results From Across the Web
Can I use newer version of java high level rest client on an ...
I tried it and it works, but just want to be thorough as we don't want our data to be corrupted. Edit: The...
Read more >Using the REST Client - Quarkus
This guide is about the REST Client compatible with RESTEasy Classic which used to be ... <artifactId>quarkus-rest-client-jackson</artifactId> </dependency>.
Read more >RestSharp Next (v107)
RestSharp creates a new instance of HttpClient internally, and you will get lots of hanging connections, and eventually exhaust the connection ...
Read more >Migrating from the High Level Rest Client | Elasticsearch Java ...
The HLRC version 7.17 can be used with Elasticsearch version 8.x by enabling HLRC's compatibility mode (see code sample below). In this mode...
Read more >RestSharp 108.0.3 - NuGet
Version Downloads Last updated
109.0.0‑preview.1 6,537 a month ago
108.0.4‑alpha.0.16 39 2 days ago
108.0.3 279,684 a month ago
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@thejspr I will escalate this and start working on a new release. Will try to have it up sometime next week. I can’t promise because I’m not sure exactly how long it will take to rip out Unirest, but I will get started on it.
@LucasCioffi This appears to be an issue with Unirest, which is a dependency of the Ruby SDK, which is a dependency of the Rails plugin.
I can look into replacing Unirest or seeing if there is a newer version with upgraded dependencies.