Skip to content

rubymem/ruby-mem-advisory-db

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
14 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
gems
 
 
scripts
 
 
spec
 
 
.gitignore
 
 
.rspec
 
 
.travis.yml
 
 
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
 
 
CONTRIBUTORS.md
 
 
Gemfile
 
 
Gemfile.lock
 
 
LICENSE.txt
 
 
README.md
 
 
Rakefile
 
 
Ruby Leaky Gems Database Support Our RubyMem Initiative! How You Can Help Directory Structure Format Schema Tests Credits

README.md

Ruby Leaky Gems Database

The RubyMem Database is a community effort to compile all known memory leaks that are relevant to Ruby gems.

You can check your own Gemfile.locks against this database by using bundler-leak.

Support Our RubyMem Initiative!

This project has been a community effort since the beginning. The more reports we track, the more value we can provide to your future projects!

How You Can Help

Do you know about a known memory leak that isn't listed in this database? Open an issue, submit a PR, or use this form which will email the maintainers.

Directory Structure

The database is a list of directories that match the names of Ruby libraries on rubygems.org. Within each directory are one or more files for the Ruby library. These files can be named however you want, in this example it is named after the PR number in github.

gems/:
  celluloid/:
    612.yml

Format

Each file contains the information in YAML format:

---
gem: celluloid
url: https://github.com/celluloid/celluloid/issues/670
title: Memory Leak using Celluloid::Future
date: 2015-08-31
description: |
  The Celluloid::Group::Spawner appears to never clean up the completed Threads
  that it creates.
leaky_versions:
  - "> 0.16.0, < 0.17.2"
patched_versions:
  - ">= 0.17.3"

Schema

  • gem [String]: Name of the affected gem.
  • framework [String] (optional): Name of the framework which the affected gem belongs to.
  • platform [String] (optional): If this vulnerability is platform-specific, name of platform this vulnerability affects (e.g. jruby)
  • url [String]: The URL to the full advisory.
  • title [String]: The title of the advisory or individual vulnerability.
  • date [Date]: The public disclosure date of the advisory.
  • description [String]: One or more paragraphs describing the vulnerability.
  • leaky_versions [String]: The version requirement of the gem with a known memory leak.
  • unaffected_versions [Array<String>] (optional): The version requirements for the unaffected versions of the Ruby library.
  • patched_versions [Array<String>]: The version requirements for the patched versions of the Ruby library.

Tests

Prior to submitting a pull request, run the tests:

bundle install
bundle exec rspec

Credits

Please see CONTRIBUTORS.md.

About

Leaky gems advisory database

Topics

ruby ruby-memory-bloat rubymem bundler-leak

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity

Stars

54 stars

Watchers

13 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages