From c30965483c2f8098ef9e1cbd54467f6dd6e7cfd2 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Fri, 19 Jun 2026 12:59:48 +0530 Subject: [PATCH 1/3] issues-jira.yml --- .github/workflows/issues-jira.yml | 121 +++++++++++++++++++++++++----- 1 file changed, 104 insertions(+), 17 deletions(-) diff --git a/.github/workflows/issues-jira.yml b/.github/workflows/issues-jira.yml index 7bf0469..5f65d0b 100644 --- a/.github/workflows/issues-jira.yml +++ b/.github/workflows/issues-jira.yml @@ -2,30 +2,117 @@ name: Create Jira Ticket for Github Issue on: issues: - types: [opened] + types: [opened, reopened] jobs: issue-jira: runs-on: ubuntu-latest steps: + - name: Create Jira Issue + id: create_jira + uses: actions/github-script@v9 + with: + script: | + const baseUrl = process.env.JIRA_BASE_URL; + const userEmail = process.env.JIRA_USER_EMAIL; + const jiraToken = process.env.JIRA_API_TOKEN; + const jiraProject = process.env.JIRA_PROJECT; + const jiraIssueType = process.env.JIRA_ISSUE_TYPE; + const jiraFields = JSON.parse(process.env.ISSUES_JIRA_FIELDS); + + let requestBody = JSON.stringify({ + fields: { + ...jiraFields, + "project": { + "key": jiraProject + }, + "issuetype": { + "name": jiraIssueType + }, + "summary": "Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }}", + "description": { + "version": 1, + "type": "doc", + "content": [ + { + "type": "paragraph", + "content": [ + { + "type": "text", + "text": "Github Issue", + "marks": [ + { + "type": "strong" + } + ] + }, + { + "type": "text", + "text": ": " + }, + { + "type": "text", + "text": "${{ github.event.issue.html_url }}", + "marks": [ + { + "type": "link", + "attrs": { + "href": "${{ github.event.issue.html_url }}" + } + } + ] + } + ] + }, + { + "type": "paragraph", + "content": [ + { + "type": "text", + "text": "Description", + "marks": [ + { + "type": "strong" + } + ] + }, + { + "type": "text", + "text": ":" + } + ] + }, + { + "type": "codeBlock", + "content": [ + { + "type": "text", + "text": `${{ github.event.issue.body }}` + } + ] + } + ] + } + } + }); - - name: Login to Jira - uses: atlassian/gajira-login@master + const response = await fetch(`${baseUrl}/rest/api/3/issue`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + 'Authorization': `Basic ${btoa(userEmail + ":" + jiraToken)}` + }, + body: requestBody + }); + if (!response.ok) { + throw new Error(`JIRA API error! Status: ${response.status}`); + } + const data = await response.json(); + console.log('Jira Issue Created:', data.key); env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Create Jira Issue - id: create_jira - uses: atlassian/gajira-create@master - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }} - description: | - *GitHub Issue:* ${{ github.event.issue.html_url }} - - *Description:* - ${{ github.event.issue.body }} - fields: "${{ secrets.ISSUES_JIRA_FIELDS }}" \ No newline at end of file + JIRA_PROJECT: ${{ secrets.JIRA_PROJECT }} + JIRA_ISSUE_TYPE: ${{ secrets.JIRA_ISSUE_TYPE }} + ISSUES_JIRA_FIELDS: "${{ secrets.ISSUES_JIRA_FIELDS }}" From c72cbea0f8dadffe5edbe34b01ff8a9f14fb34fc Mon Sep 17 00:00:00 2001 From: OMpawar-21 Date: Wed, 24 Jun 2026 15:13:50 +0530 Subject: [PATCH 2/3] fix: bump yard to 0.9.44 and concurrent-ruby to 1.3.7 for security patches Addresses Snyk-reported vulnerabilities: - SNYK-RUBY-YARD-17400355: Directory Traversal in yard@0.9.42 (fixed in 0.9.44) - SNYK-RUBY-CONCURRENTRUBY-17391432: Infinite loop in concurrent-ruby@1.3.6 (fixed in 1.3.7) - SNYK-RUBY-CONCURRENTRUBY-17391433: Improper Locking in concurrent-ruby@1.3.6 (fixed in 1.3.7) - SNYK-RUBY-CONCURRENTRUBY-17391434: Wrap-around Error in concurrent-ruby@1.3.6 (fixed in 1.3.7) --- Gemfile.lock | 8 ++++---- contentstack_utils.gemspec | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 934e413..ec5d687 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,7 +25,7 @@ GEM base64 (0.3.0) benchmark (0.5.0) bigdecimal (4.1.1) - concurrent-ruby (1.3.6) + concurrent-ruby (1.3.7) connection_pool (3.0.2) crack (1.0.1) bigdecimal @@ -84,7 +84,7 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - yard (0.9.42) + yard (0.9.44) PLATFORMS aarch64-linux-gnu @@ -102,7 +102,7 @@ DEPENDENCIES rspec (~> 3.13) simplecov (~> 0.22) webmock (~> 3.23) - yard (~> 0.9.38) + yard (>= 0.9.44) BUNDLED WITH - 2.5.22 + 2.3.26 diff --git a/contentstack_utils.gemspec b/contentstack_utils.gemspec index 4b379a1..3c77c2c 100644 --- a/contentstack_utils.gemspec +++ b/contentstack_utils.gemspec @@ -28,5 +28,5 @@ Gem::Specification.new do |s| s.add_development_dependency 'rspec', '~> 3.13' s.add_development_dependency 'webmock', '~> 3.23' s.add_development_dependency 'simplecov', '~> 0.22' - s.add_development_dependency 'yard', '~> 0.9.38' + s.add_development_dependency 'yard', '>= 0.9.44' end From 8ceb254591cc2996c7fa7016991feb35b721427d Mon Sep 17 00:00:00 2001 From: OMpawar-21 Date: Wed, 24 Jun 2026 15:20:48 +0530 Subject: [PATCH 3/3] fix: updated version bump --- CHANGELOG.md | 3 +++ Gemfile.lock | 4 ++-- lib/contentstack_utils/version.rb | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a356b0a..723d3af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## [1.2.5](https://github.com/contentstack/contentstack-utils-ruby/tree/v1.2.5) (2026-06-24) + - Fixed security vulnerabilities: upgraded yard to 0.9.44 (Directory Traversal) and concurrent-ruby to 1.3.7 (Infinite loop, Improper Locking, Wrap-around Error). + ## [1.2.4](https://github.com/contentstack/contentstack-utils-ruby/tree/v1.2.4) (2026-04-15) - Fixed Security issues. diff --git a/Gemfile.lock b/Gemfile.lock index ec5d687..d22889f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - contentstack_utils (1.2.4) + contentstack_utils (1.2.5) activesupport (>= 7.0, < 8) nokogiri (~> 1.19, >= 1.19.2) @@ -105,4 +105,4 @@ DEPENDENCIES yard (>= 0.9.44) BUNDLED WITH - 2.3.26 + 2.5.22 diff --git a/lib/contentstack_utils/version.rb b/lib/contentstack_utils/version.rb index 2ac4815..d184ac3 100644 --- a/lib/contentstack_utils/version.rb +++ b/lib/contentstack_utils/version.rb @@ -1,3 +1,3 @@ module ContentstackUtils - VERSION = "1.2.4" + VERSION = "1.2.5" end