Dependency: httparty (~> 0.13.3) depends on json (~> 1.8) which has a CVE

from `bundle-audit`:
```
Name: json
Version: 1.8.6
Advisory: CVE-2020-10663
Criticality: Unknown
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Solution: upgrade to >= 2.3.0
```
@grnhse Please loosen the dependency on `httparty` so that we can use this gem without the vulnerability.
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency: httparty (~> 0.13.3) depends on json (~> 1.8) which has a CVE #39

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development