fix: Downgrade rack-cors to 2.0.0 to fix CVE-2024-27456 (#9032)

2025-11-03 12:37:56 +00:00 · 2024-02-27 20:20:59 -08:00
parent ac249c75c4
commit dca14ef82d
5 changed files with 9 additions and 6 deletions
--- a/2
+++ b/2
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 ruby '3.2.2'

 ##-- base gems for rails --##
-gem 'rack-cors', require: 'rack/cors'
+gem 'rack-cors', '2.0.0', require: 'rack/cors'
 gem 'rails', '~> 7.0.8.1'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -564,7 +564,7 @@ GEM
      rack (>= 1.0, < 4)
    rack-contrib (2.4.0)
      rack (< 4)
-    rack-cors (2.0.1)
+    rack-cors (2.0.0)
      rack (>= 2.0.0)
    rack-mini-profiler (3.2.0)
      rack (>= 1.2.0)
@@ -918,7 +918,7 @@ DEPENDENCIES
  puma
  pundit
  rack-attack (>= 6.7.0)
-  rack-cors
+  rack-cors (= 2.0.0)
  rack-mini-profiler (>= 3.2.0)
  rack-timeout
  rails (~> 7.0.8.1)
--- a/app/javascript/dashboard/routes/dashboard/settings/reports/components/CsatMetrics.vue
+++ b/app/javascript/dashboard/routes/dashboard/settings/reports/components/CsatMetrics.vue
@@ -21,6 +21,7 @@

    <div
      v-if="metrics.totalResponseCount && !ratingFilterEnabled"
+      ref="csatHorizontalBarChart"
      class="w-full md:w-1/2 md:max-w-[50%] flex-1 rtl:[direction:initial] p-4"
    >
      <h3
--- a/app/javascript/dashboard/routes/dashboard/settings/reports/components/specs/CSATMetrics.spec.js
+++ b/app/javascript/dashboard/routes/dashboard/settings/reports/components/specs/CSATMetrics.spec.js
@@ -54,11 +54,13 @@ describe('CsatMetrics.vue', () => {
  });

  it('hides report card if rating filter is enabled', () => {
-    expect(wrapper.find('.report-card').exists()).toBe(false);
+    expect(wrapper.find({ ref: 'csatHorizontalBarChart' }).exists()).toBe(
+      false
+    );
  });

  it('shows report card if rating filter is not enabled', async () => {
    await wrapper.setProps({ filters: {} });
-    expect(wrapper.find('.report-card').exists()).toBe(true);
+    expect(wrapper.find({ ref: 'csatHorizontalBarChart' }).exists()).toBe(true);
  });
 });
--- a/app/javascript/dashboard/routes/dashboard/settings/reports/components/specs/snapshots/CSATMetrics.spec.js.snap
+++ b/app/javascript/dashboard/routes/dashboard/settings/reports/components/specs/snapshots/CSATMetrics.spec.js.snap
@@ -1,7 +1,7 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP

 exports[`CsatMetrics.vue computes response count correctly 1`] = `
-<div class="flex flex-wrap mx-0 bg-white dark:bg-slate-800 rounded-[4px] p-4 mb-5 border border-solid border-slate-75 dark:border-slate-700">
+<div class="flex-col lg:flex-row flex flex-wrap mx-0 bg-white dark:bg-slate-800 rounded-[4px] p-4 mb-5 border border-solid border-slate-75 dark:border-slate-700">
  <csat-metric-card-stub label="CSAT_REPORTS.METRIC.TOTAL_RESPONSES.LABEL" value="100" infotext="CSAT_REPORTS.METRIC.TOTAL_RESPONSES.TOOLTIP"></csat-metric-card-stub>
  <csat-metric-card-stub label="CSAT_REPORTS.METRIC.SATISFACTION_SCORE.LABEL" value="--" infotext="CSAT_REPORTS.METRIC.SATISFACTION_SCORE.TOOLTIP" disabled="true"></csat-metric-card-stub>
  <csat-metric-card-stub label="CSAT_REPORTS.METRIC.RESPONSE_RATE.LABEL" value="90%" infotext="CSAT_REPORTS.METRIC.RESPONSE_RATE.TOOLTIP"></csat-metric-card-stub>