This PR would update the logos for the integrations (also add the dark mode variants to be used in the future) and updates the logic for enabled / active attributes in the apps.
The following error starting is shown on the console after the ruby
upgrade.
csv.rb was loaded from the standard library, but will no longer be part
of the default gems since Ruby 3.4.0. Add csv to your Gemfile or
gemspec. Also contact author of csv-safe-3.2.1 to add csv into its
gemspec.
Csv-safe has already added a patch via
https://github.com/zvory/csv-safe/pull/20.
This PR updates the version to the latest version of csv-safe (3.3.1)
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br
/>
### Snyk has created this PR to fix 2 vulnerabilities in the rubygems
dependencies of this project.
#### Snyk changed the following file(s):
- `Gemfile`
- `Gemfile.lock`
#### Vulnerabilities that will be fixed with an upgrade:
| | Issue | Score |
:-------------------------:|:-------------------------|:-------------------------
 | Improper Input Validation
<br/>[SNYK-RUBY-ACTIONPACK-7210237](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-7210237)
| **496**
 | Missing Cryptographic Step
<br/>[SNYK-RUBY-OPENSSL-6036190](https://snyk.io/vuln/SNYK-RUBY-OPENSSL-6036190)
| **479**
---
> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - Max score is 1000. Note that the real score may have changed since
the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a
real user.
---
**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs._
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMDU0MzI0Yy1kZjU0LTQ2OTMtYTY1NC1kY2MyZGRmODU1MTIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYwNTQzMjRjLWRmNTQtNDY5My1hNjU0LWRjYzJkZGY4NTUxMiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr)
📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project
settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read about Snyk's upgrade
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Improper Input
Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"dotenv-rails","from":"2.8.1","to":"3.0.0"},{"name":"rails","from":"7.0.8.3","to":"7.0.8.4"},{"name":"rspec-rails","from":"6.0.2","to":"6.0.3"},{"name":"web-push","from":"3.0.0","to":"3.0.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-OPENSSL-6036190","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing
Cryptographic
Step"}],"prId":"f054324c-df54-4693-a654-dcc2ddf85512","prPublicId":"f054324c-df54-4693-a654-dcc2ddf85512","packageManager":"rubygems","priorityScoreList":[496,479],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"vulns":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
The system did not detect the delivery errors earlier, resulting in some false positives. The user was not informed when an email failed to be delivered. While we do handle failure status in other channels, we were not able to capture the actual delivery status for the email channel.
This pull request makes the following changes:
- Updated the class EmailReplyWorker to use the deliver_now method instead of deliver_later. This change is made to raise any errors that may occur with the SMTP connection. The errors are then captured and sent to Sentry, and the email is marked as failed. Previously, we did not consider the case of retries in the email channel, so this feature is currently not functioning. So, I have disabled the retry option. We will address this in a follow-up ticket.
- Downgraded the net-smtp gem to version 0.3.4. This change is made to avoid an argument error when using XOAUTH2.
Fixes: https://linear.app/chatwoot/issue/CW-3032/argumenterror-wrong-authentication-type-xoauth2-argumenterror
