security vulnerability detected while using deploy to heroku

[roberthopman]

Expected outcome:
Deploy to Heroku works and I can start logging hours.

Actual outcome:

A security vulnerability has been detected in your application.
 !     To protect your application you must take action. Your application
 !     is currently exposing its credentials via an easy to exploit directory
 !     traversal.
 !     
 !     To protect your application you must either upgrade to Sprockets version "3.7.2"
 !     or disable dynamic compilation at runtime by setting:
 !     
 !     ```
 !     config.assets.compile = false # Disables security vulnerability
 !     ```
 !     
 !     To read more about this security vulnerability please refer to this blog post:
 !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
 !
 !     Push rejected, failed to compile Ruby app.
 !     Push failed

[tarzan]

You're right. We haven't done any maintenance or updates to application in quite a while. We know some dependencies have some security vulnerabilities in them. Feel free to fix them and open up a PR :)

[dnlamah]

Hi, I am Daniel Amah. A Ruby on Rails developer. I will love to take on this task. @tarzan

[DanielAmah]

Hi, I am Daniel Amah. A Ruby on Rails developer. I will love to take on this task. @tarzan

[greysteil]

One fix for this would be #425