philou/planning-poker

View on GitHub

Showing 26 of 28 total issues

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Loofah 2.0.3 is vulnerable (CVE-2018-8048). Upgrade to 2.1.2
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

rails-html-sanitizer 1.0.3 is vulnerable (CVE-2018-3741). Upgrade to 1.0.4
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

The use of eval is a serious security risk.
Open

eval(`cat #{Rails.root.to_s}/db/schema.rb | sed 's/,[^:]*: :serial\//g'`)
Severity: Minor
Found in spec/rails_helper.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

TODO found
Open

  <% # TODO get rid of these 2 'if' %>
Severity: Minor
Found in app/views/contributors/show.html.erb by fixme

TODO found
Open

    # TODO could we load jasmine through the rails-asset gem source instead of teaspoon ?
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

# TODO Release Alpha
Severity: Minor
Found in DayBook.md by fixme

TODO found
Open

# TODO use FactoryGirl to simplify the data setup.

TODO found
Open

# TODO define env var in some special purpose place (check dotenv gem)
Severity: Minor
Found in config/application.rb by fixme

TODO found
Open

  # TODO Write unit test for the subscription when the action cable tests commits are available (https://github.com/rails/rails/pull/23211 and https://github.com/rspec/rspec-rails/issues/1606)
Severity: Minor
Found in spec/channels/team_channel_spec.rb by fixme

TODO found
Open

# TODO remove the 'from his browser' from the step def. This is really implementation specific

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_running.html.erb by fixme

TODO found
Open

# TODO add a primary key on teams(name)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

# TODO find a way to test that we are subscribing with the correct arguments.

TODO found
Open

  # TODO do some polling instead of sleeping for a full second

TODO found
Open

# TODO use rails-assets.org instead of jquery-rails to get jquery
Severity: Minor
Found in Gemfile by fixme

TODO found
Open

    # TODO move to an hexagonal architecture in order to encapsulate team.animator= this would ensure a unique way to update the animator, and we could remove this almost duplicated test https://medium.com/@vsavkin/hexagonal-architecture-for-rails-developers-8b1fee64a613#.c2giyb3mh
Severity
Category
Status
Source
Language