philou/planning-poker

View on GitHub

Showing 23 of 25 total issues

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

The use of eval is a serious security risk.
Open

eval(`cat #{Rails.root.to_s}/db/schema.rb | sed 's/,[^:]*: :serial\//g'`)
Severity: Minor
Found in spec/rails_helper.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

Broken Access Control vulnerability in Active Job
Open

    activejob (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, >= 5.2.1.1

Bypass vulnerability in Active Storage
Open

    activestorage (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16477

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

Solution: upgrade to >= 5.2.1.1

TODO found
Open

  # TODO Write unit test for the subscription when the action cable tests commits are available (https://github.com/rails/rails/pull/23211 and https://github.com/rspec/rspec-rails/issues/1606)
Severity: Minor
Found in spec/channels/team_channel_spec.rb by fixme

TODO found
Open

# TODO add a primary key on teams(name)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

    # TODO update jasmine test framework version
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

# TODO remove the 'from his browser' from the step def. This is really implementation specific

TODO found
Open

# TODO define env var in some special purpose place (check dotenv gem)
Severity: Minor
Found in config/application.rb by fixme

TODO found
Open

# TODO find a way to test that we are subscribing with the correct arguments.

TODO found
Open

  # TODO do some polling instead of sleeping for a full second

TODO found
Open

    # TODO use stream_to instead
Severity: Minor
Found in app/channels/team_channel.rb by fixme

TODO found
Open

    # TODO move some of this in the Team class using events
Severity: Minor
Found in app/controllers/votes_controller.rb by fixme

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_not_running.html.erb by fixme

TODO found
Open

# TODO use rails-assets.org instead of jquery-rails to get jquery
Severity: Minor
Found in Gemfile by fixme

TODO found
Open

    # TODO could we load jasmine through the rails-asset gem source instead of teaspoon ?
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

# TODO use FactoryGirl to simplify the data setup.

TODO found
Open

# TODO add a primary key on contributors(name, team)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

  <% # TODO get rid of these 2 'if' %>
Severity: Minor
Found in app/views/contributors/show.html.erb by fixme
Severity
Category
Status
Source
Language