From 6034e2ab4fe99c2b4851e15d987a807125374717 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:39 +0000 Subject: [PATCH 1/4] Create techstack.yml --- techstack.yml | 308 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 308 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 00000000..fad94861 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,308 @@ +repo_name: stackshareio/makara +report_id: 0ef61cb51a0fe41c5631c3ed0a11bb82 +version: 0.1 +repo_type: Public +timestamp: '2024-03-01T20:35:37+00:00' +requested_by: jeromedalbert +provider: github +branch: master +detected_tools_count: 16 +tools: +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/makara + detection_source: Repo Metadata +- name: MySQL + description: The world's most popular open source database + website_url: http://www.mysql.com + open_source: true + hosted_saas: false + category: Data Stores + sub_category: Databases + image_url: https://img.stackshare.io/service/1025/logo-mysql-170x170.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Mike Nelson + last_updated_on: 2012-09-07 04:01:39.000000000 Z +- name: PostgreSQL + description: A powerful, open source object-relational database system + website_url: http://www.postgresql.org/ + open_source: true + hosted_saas: false + category: Data Stores + sub_category: Databases + image_url: https://img.stackshare.io/service/1028/ASOhU5xJ.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/makara + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: 3.9.0 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Mike Nelson + last_updated_on: 2013-09-03 15:27:19.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/makara/blob/master/makara.gemspec + detection_source: makara.gemspec + last_updated_by: Mike Nelson + last_updated_on: 2012-09-07 04:01:39.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: Evan Tahler + last_updated_on: 2012-09-09 20:52:57.000000000 Z +- name: activerecord + description: Databases on Rails + package_url: https://rubygems.org/activerecord + version: 6.0.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18828/default_07d724f95ff4caf087b38d9eb083e0406bcfdadf.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: makara.gemspec + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z + vulnerabilities: + - name: Active Record RCE bug with Serialized Columns + cve_id: CVE-2022-32224 + cve_url: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j + detected_date: Jul 13 + severity: critical + first_patched: 6.0.5.1 + - name: Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter + cve_id: CVE-2022-44566 + cve_url: https://github.com/advisories/GHSA-579w-22j4-4749 + detected_date: Jan 19 + severity: high + first_patched: 6.1.7.1 + - name: Active Record subject to Regular Expression Denial-of-Service (ReDoS) + cve_id: CVE-2021-22880 + cve_url: https://github.com/advisories/GHSA-8hc4-xxm3-5ppp + detected_date: Aug 22 + severity: high + first_patched: 6.0.3.5 + - name: SQL Injection Vulnerability via ActiveRecord comments + cve_id: CVE-2023-22794 + cve_url: https://github.com/advisories/GHSA-hq7p-j377-6v63 + detected_date: Jan 19 + severity: high + first_patched: 6.0.6.1 +- name: activerecord-postgis-adapter + description: ActiveRecord connection adapter for PostGIS + package_url: https://rubygems.org/activerecord-postgis-adapter + version: 6.0.0 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/rubygems/image.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z +- name: byebug + description: Byebug is a Ruby debugger + package_url: https://rubygems.org/byebug + version: 11.1.3 + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18849/default_887cb273c504fac90d07fc552b7b223fbb32ca39.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z +- name: mysql2 + description: A simple, fast Mysql library for Ruby, binding to libmysql + package_url: https://rubygems.org/mysql2 + version: 0.5.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18883/default_947bd37125b8812cb816bc3cf571b13df90a4fe0.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z +- name: pg + description: Pg is the Ruby interface to the {PostgreSQL RDBMS}[http://www.postgresql.org/] + package_url: https://rubygems.org/pg + version: 1.2.3 + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18855/default_d343d9a7c573fa5dcbeb4d3c43d2ffe4afa82cc1.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Mike Nelson + last_updated_on: 2012-09-07 04:01:39.000000000 Z +- name: rack + description: Rack provides a minimal, modular and adaptable interface for developing + web applications in Ruby + package_url: https://rubygems.org/rack + version: 2.2.3 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18839/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z + vulnerabilities: + - name: Possible shell escape sequence injection vulnerability in Rack + cve_id: CVE-2022-30123 + cve_url: https://github.com/advisories/GHSA-wq4h-7r42-5hrr + detected_date: May 28 + severity: critical + first_patched: 2.2.3.1 + - name: Rack has possible DoS Vulnerability in Multipart MIME parsing + cve_id: CVE-2023-27530 + cve_url: https://github.com/advisories/GHSA-3h57-hmj3-gj3p + detected_date: Mar 9 + severity: high + first_patched: 2.2.6.3 + - name: Denial of service via header parsing in Rack + cve_id: CVE-2022-44570 + cve_url: https://github.com/advisories/GHSA-65f5-mfpf-vfhj + detected_date: Jan 19 + severity: high + first_patched: 2.2.6.2 + - name: Denial of Service Vulnerability in Rack Multipart Parsing + cve_id: CVE-2022-30122 + cve_url: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 + detected_date: May 28 + severity: high + first_patched: 2.2.3.1 + - name: Denial of Service Vulnerability in Rack Content-Disposition parsing + cve_id: CVE-2022-44571 + cve_url: https://github.com/advisories/GHSA-93pm-5p5f-3ghx + detected_date: Jan 19 + severity: low + first_patched: 2.2.6.1 + - name: Denial of service via multipart parsing in Rack + cve_id: CVE-2022-44572 + cve_url: https://github.com/advisories/GHSA-rqv2-275x-2jq5 + detected_date: Jan 19 + severity: low + first_patched: 2.2.6.1 + - name: Possible Denial of Service Vulnerability in Rack's header parsing + cve_id: CVE-2023-27539 + cve_url: https://github.com/advisories/GHSA-c6qg-cjj8-47qp + detected_date: Mar 16 + severity: low + first_patched: 2.2.6.4 + - name: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) + cve_id: CVE-2024-25126 + cve_url: https://github.com/advisories/GHSA-22f2-v57c-j9cx + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 + - name: Rack Header Parsing leads to Possible Denial of Service Vulnerability + cve_id: CVE-2024-26146 + cve_url: https://github.com/advisories/GHSA-54rr-7fvw-6x8f + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 + - name: Rack has possible DoS Vulnerability with Range Header + cve_id: CVE-2024-26141 + cve_url: https://github.com/advisories/GHSA-xj5v-6v4g-jfw6 + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + version: 13.0.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Mike Nelson + last_updated_on: 2013-09-03 15:43:05.000000000 Z +- name: rgeo + description: RGeo is a geospatial data library for Ruby + package_url: https://rubygems.org/rgeo + version: 2.1.1 + license: Other + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19728/default_c83abd71b4fb91b9c1bf937d7824fa66fe3e6ca3.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Josh Frye + last_updated_on: 2020-08-02 03:18:35.000000000 Z +- name: timecop + description: A gem providing "time travel" and "time freezing" capabilities, making + it dead simple to test time-dependent code + package_url: https://rubygems.org/timecop + version: 0.9.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18861/default_96cb61a9c0f8ef41b80df83209dca4f4c229184e.png + detection_source_url: https://github.com/stackshareio/makara/blob/master/Gemfile.lock + detection_source: Gemfile + last_updated_by: Mike Nelson + last_updated_on: 2013-08-29 03:26:50.000000000 Z From ea81bf3ef750aefa5baa618d63a21a78e0b57e87 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:40 +0000 Subject: [PATCH 2/4] Create techstack.md --- techstack.md | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 00000000..399130ab --- /dev/null +++ b/techstack.md @@ -0,0 +1,130 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/makara](https://github.com/stackshareio/makara)![](https://img.stackshare.io/public_badge.svg "public") +

+|16
Tools used|03/01/24
Report generated| +|------|------| +
+ +## Languages (1) + + + + +
+ Ruby +
+ Ruby +
+ +
+ +## Data (2) + + + + + + +
+ MySQL +
+ MySQL +
+ +		 + PostgreSQL +
+ PostgreSQL +
+ +
+ +## DevOps (4) + + + + + + + + + + +
+ Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v3.9.0 +		 + RubyGems +
+ RubyGems +
+ +		 + Travis CI +
+ Travis CI +
+ +
+ + +## Open source packages (9) + +## RubyGems (9) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[activerecord](https://rubygems.org/activerecord)|v6.0.3|08/02/20|Josh Frye |MIT|[CVE-2022-32224](https://github.com/advisories/GHSA-3hhc-qp5v-9p2j) (Critical)
[CVE-2022-44566](https://github.com/advisories/GHSA-579w-22j4-4749) (High)
[CVE-2021-22880](https://github.com/advisories/GHSA-8hc4-xxm3-5ppp) (High)
[CVE-2023-22794](https://github.com/advisories/GHSA-hq7p-j377-6v63) (High)| +|[activerecord-postgis-adapter](https://rubygems.org/activerecord-postgis-adapter)|v6.0.0|08/02/20|Josh Frye |BSD-3-Clause|N/A| +|[byebug](https://rubygems.org/byebug)|v11.1.3|08/02/20|Josh Frye |BSD-2-Clause|N/A| +|[mysql2](https://rubygems.org/mysql2)|v0.5.3|08/02/20|Josh Frye |MIT|N/A| +|[pg](https://rubygems.org/pg)|v1.2.3|09/07/12|Mike Nelson |BSD-2-Clause|N/A| +|[rack](https://rubygems.org/rack)|v2.2.3|08/02/20|Josh Frye |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2022-44570](https://github.com/advisories/GHSA-65f5-mfpf-vfhj) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2022-44571](https://github.com/advisories/GHSA-93pm-5p5f-3ghx) (Low)
[CVE-2022-44572](https://github.com/advisories/GHSA-rqv2-275x-2jq5) (Low)
[CVE-2023-27539](https://github.com/advisories/GHSA-c6qg-cjj8-47qp) (Low)
[CVE-2024-25126](https://github.com/advisories/GHSA-22f2-v57c-j9cx) (Low)
[CVE-2024-26146](https://github.com/advisories/GHSA-54rr-7fvw-6x8f) (Low)
[CVE-2024-26141](https://github.com/advisories/GHSA-xj5v-6v4g-jfw6) (Low)| +|[rake](https://rubygems.org/rake)|v13.0.1|09/03/13|Mike Nelson |MIT|N/A| +|[rgeo](https://rubygems.org/rgeo)|v2.1.1|08/02/20|Josh Frye |Other|N/A| +|[timecop](https://rubygems.org/timecop)|v0.9.1|08/29/13|Mike Nelson |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) From d5802b02ff274209ca3fa9d7379f4ab8ab30adf2 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:44 +0000 Subject: [PATCH 3/4] Update techstack.yml --- techstack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.yml b/techstack.yml index fad94861..9ba1ce61 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: stackshareio/makara report_id: 0ef61cb51a0fe41c5631c3ed0a11bb82 version: 0.1 repo_type: Public -timestamp: '2024-03-01T20:35:37+00:00' +timestamp: '2024-03-01T20:35:42+00:00' requested_by: jeromedalbert provider: github branch: master From 86eac8093ce61c124ca9e7d359fefaff4ee369f7 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:45 +0000 Subject: [PATCH 4/4] Update techstack.md