A lot of hammer repositories have pinned to an ancient and insecure version of Rake which triggers security warnings (CVE-2020-8130). I’ve tried to submit one PR but it fails all over.
Note that this is copied into basically all hammer repositories.
I’d like to ask the various maintainers to take a look at this.
Is it used anywhere outside the test group? i.e. does this only affects development, not production usage?
Seems that we’ve got that dependency used only in test/dev environment, so it shouldn’t affect production usage. Although we plan to update it and fix failing tests (or the cause of it).
Since this hasn’t been resolved and I get a weekly email about this, I’ve given the appropriate teams permissions to see these as well. Those teams will probably get the same weekly reminder now.