fix: Downgrade rack-cors to 2.0.0 to fix CVE-2024-27456 (#9032)

chatwoot · Feb 28, 2024 · dca14ef · dca14ef
1 parent ac249c7
commit dca14ef
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 ruby '3.2.2'
 
 ##-- base gems for rails --##
-gem 'rack-cors', require: 'rack/cors'
+gem 'rack-cors', '2.0.0', require: 'rack/cors'
 gem 'rails', '~> 7.0.8.1'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -564,7 +564,7 @@ GEM
       rack (>= 1.0, < 4)
     rack-contrib (2.4.0)
       rack (< 4)
-    rack-cors (2.0.1)
+    rack-cors (2.0.0)
       rack (>= 2.0.0)
     rack-mini-profiler (3.2.0)
       rack (>= 1.2.0)
@@ -918,7 +918,7 @@ DEPENDENCIES
   puma
   pundit
   rack-attack (>= 6.7.0)
-  rack-cors
+  rack-cors (= 2.0.0)
   rack-mini-profiler (>= 3.2.0)
   rack-timeout
   rails (~> 7.0.8.1)

diff --git a/app/javascript/dashboard/routes/dashboard/settings/reports/components/CsatMetrics.vue b/app/javascript/dashboard/routes/dashboard/settings/reports/components/CsatMetrics.vue
@@ -21,6 +21,7 @@
 
     <div
       v-if="metrics.totalResponseCount && !ratingFilterEnabled"
+      ref="csatHorizontalBarChart"
       class="w-full md:w-1/2 md:max-w-[50%] flex-1 rtl:[direction:initial] p-4"
     >
       <h3

diff --git a/...vascript/dashboard/routes/dashboard/settings/reports/components/specs/CSATMetrics.spec.js b/...vascript/dashboard/routes/dashboard/settings/reports/components/specs/CSATMetrics.spec.js
@@ -54,11 +54,13 @@ describe('CsatMetrics.vue', () => {
   });
 
   it('hides report card if rating filter is enabled', () => {
-    expect(wrapper.find('.report-card').exists()).toBe(false);
+    expect(wrapper.find({ ref: 'csatHorizontalBarChart' }).exists()).toBe(
+      false
+    );
   });
 
   it('shows report card if rating filter is not enabled', async () => {
     await wrapper.setProps({ filters: {} });
-    expect(wrapper.find('.report-card').exists()).toBe(true);
+    expect(wrapper.find({ ref: 'csatHorizontalBarChart' }).exists()).toBe(true);
   });
 });
diff --git a/...routes/dashboard/settings/reports/components/specs/__snapshots__/CSATMetrics.spec.js.snap b/...routes/dashboard/settings/reports/components/specs/__snapshots__/CSATMetrics.spec.js.snap
@@ -1,7 +1,7 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
 exports[`CsatMetrics.vue computes response count correctly 1`] = `
-<div class="flex flex-wrap mx-0 bg-white dark:bg-slate-800 rounded-[4px] p-4 mb-5 border border-solid border-slate-75 dark:border-slate-700">
+<div class="flex-col lg:flex-row flex flex-wrap mx-0 bg-white dark:bg-slate-800 rounded-[4px] p-4 mb-5 border border-solid border-slate-75 dark:border-slate-700">
   <csat-metric-card-stub label="CSAT_REPORTS.METRIC.TOTAL_RESPONSES.LABEL" value="100" infotext="CSAT_REPORTS.METRIC.TOTAL_RESPONSES.TOOLTIP"></csat-metric-card-stub>
   <csat-metric-card-stub label="CSAT_REPORTS.METRIC.SATISFACTION_SCORE.LABEL" value="--" infotext="CSAT_REPORTS.METRIC.SATISFACTION_SCORE.TOOLTIP" disabled="true"></csat-metric-card-stub>
   <csat-metric-card-stub label="CSAT_REPORTS.METRIC.RESPONSE_RATE.LABEL" value="90%" infotext="CSAT_REPORTS.METRIC.RESPONSE_RATE.TOOLTIP"></csat-metric-card-stub>