Skip to content

Commit 189c70d

Browse files
rohandaxinirohandaxini
authored
Fix security vulnerability for ActionView (#2137)
* Upgrade ruby and rails version to set actionview to patched version 6-0-4-8 * No need to upgrade Ruby
1 parent eb3f38b commit 189c70d

File tree

2 files changed

+67
-67
lines changed

2 files changed

+67
-67
lines changed

Gemfile

+2-2
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ ruby '~> 2.6.10'
55

66
gem 'puma'
77
gem 'rack-rewrite'
8-
gem 'rails', '~> 6.0.3.3'
8+
gem 'rails', '~> 6.0.4.8'
99

1010
gem 'activerecord-import'
1111
gem 'bcrypt', '3.1.13'
@@ -96,7 +96,7 @@ group :development, :test do
9696

9797
gem 'webdrivers', '>= 5.0.0'
9898

99-
gem 'actionview', '>= 6.0.3.7'
99+
gem 'actionview'
100100
end
101101

102102
group :test do

Gemfile.lock

+65-65
Original file line numberDiff line numberDiff line change
@@ -1,58 +1,58 @@
11
GEM
22
remote: https://rubygems.org/
33
specs:
4-
actioncable (6.0.3.7)
5-
actionpack (= 6.0.3.7)
4+
actioncable (6.0.4.8)
5+
actionpack (= 6.0.4.8)
66
nio4r (~> 2.0)
77
websocket-driver (>= 0.6.1)
8-
actionmailbox (6.0.3.7)
9-
actionpack (= 6.0.3.7)
10-
activejob (= 6.0.3.7)
11-
activerecord (= 6.0.3.7)
12-
activestorage (= 6.0.3.7)
13-
activesupport (= 6.0.3.7)
8+
actionmailbox (6.0.4.8)
9+
actionpack (= 6.0.4.8)
10+
activejob (= 6.0.4.8)
11+
activerecord (= 6.0.4.8)
12+
activestorage (= 6.0.4.8)
13+
activesupport (= 6.0.4.8)
1414
mail (>= 2.7.1)
15-
actionmailer (6.0.3.7)
16-
actionpack (= 6.0.3.7)
17-
actionview (= 6.0.3.7)
18-
activejob (= 6.0.3.7)
15+
actionmailer (6.0.4.8)
16+
actionpack (= 6.0.4.8)
17+
actionview (= 6.0.4.8)
18+
activejob (= 6.0.4.8)
1919
mail (~> 2.5, >= 2.5.4)
2020
rails-dom-testing (~> 2.0)
21-
actionpack (6.0.3.7)
22-
actionview (= 6.0.3.7)
23-
activesupport (= 6.0.3.7)
21+
actionpack (6.0.4.8)
22+
actionview (= 6.0.4.8)
23+
activesupport (= 6.0.4.8)
2424
rack (~> 2.0, >= 2.0.8)
2525
rack-test (>= 0.6.3)
2626
rails-dom-testing (~> 2.0)
2727
rails-html-sanitizer (~> 1.0, >= 1.2.0)
28-
actiontext (6.0.3.7)
29-
actionpack (= 6.0.3.7)
30-
activerecord (= 6.0.3.7)
31-
activestorage (= 6.0.3.7)
32-
activesupport (= 6.0.3.7)
28+
actiontext (6.0.4.8)
29+
actionpack (= 6.0.4.8)
30+
activerecord (= 6.0.4.8)
31+
activestorage (= 6.0.4.8)
32+
activesupport (= 6.0.4.8)
3333
nokogiri (>= 1.8.5)
34-
actionview (6.0.3.7)
35-
activesupport (= 6.0.3.7)
34+
actionview (6.0.4.8)
35+
activesupport (= 6.0.4.8)
3636
builder (~> 3.1)
3737
erubi (~> 1.4)
3838
rails-dom-testing (~> 2.0)
3939
rails-html-sanitizer (~> 1.1, >= 1.2.0)
40-
activejob (6.0.3.7)
41-
activesupport (= 6.0.3.7)
40+
activejob (6.0.4.8)
41+
activesupport (= 6.0.4.8)
4242
globalid (>= 0.3.6)
43-
activemodel (6.0.3.7)
44-
activesupport (= 6.0.3.7)
45-
activerecord (6.0.3.7)
46-
activemodel (= 6.0.3.7)
47-
activesupport (= 6.0.3.7)
43+
activemodel (6.0.4.8)
44+
activesupport (= 6.0.4.8)
45+
activerecord (6.0.4.8)
46+
activemodel (= 6.0.4.8)
47+
activesupport (= 6.0.4.8)
4848
activerecord-import (1.0.6)
4949
activerecord (>= 3.2)
50-
activestorage (6.0.3.7)
51-
actionpack (= 6.0.3.7)
52-
activejob (= 6.0.3.7)
53-
activerecord (= 6.0.3.7)
50+
activestorage (6.0.4.8)
51+
actionpack (= 6.0.4.8)
52+
activejob (= 6.0.4.8)
53+
activerecord (= 6.0.4.8)
5454
marcel (~> 1.0.0)
55-
activesupport (6.0.3.7)
55+
activesupport (6.0.4.8)
5656
concurrent-ruby (~> 1.0, >= 1.0.2)
5757
i18n (>= 0.7, < 2)
5858
minitest (~> 5.1)
@@ -129,7 +129,7 @@ GEM
129129
dotenv-rails (2.7.6)
130130
dotenv (= 2.7.6)
131131
railties (>= 3.2)
132-
erubi (1.10.0)
132+
erubi (1.11.0)
133133
et-orbi (1.2.4)
134134
tzinfo
135135
execjs (2.7.0)
@@ -219,7 +219,7 @@ GEM
219219
addressable (~> 2.7)
220220
letter_opener (1.7.0)
221221
launchy (~> 2.2)
222-
loofah (2.18.0)
222+
loofah (2.19.0)
223223
crass (~> 1.0.2)
224224
nokogiri (>= 1.5.9)
225225
mail (2.7.1)
@@ -232,7 +232,7 @@ GEM
232232
mime-types-data (3.2021.0901)
233233
mini_mime (1.1.2)
234234
mini_portile2 (2.8.0)
235-
minitest (5.16.2)
235+
minitest (5.16.3)
236236
mono_logger (1.1.0)
237237
multi_json (1.15.0)
238238
multi_xml (0.6.0)
@@ -241,7 +241,7 @@ GEM
241241
ruby2_keywords (~> 0.0.1)
242242
netrc (0.11.0)
243243
nio4r (2.5.8)
244-
nokogiri (1.13.6)
244+
nokogiri (1.13.8)
245245
mini_portile2 (~> 2.8.0)
246246
racc (~> 1.4)
247247
oauth2 (1.4.9)
@@ -299,32 +299,32 @@ GEM
299299
pwned (2.0.2)
300300
raabro (1.4.0)
301301
racc (1.6.0)
302-
rack (2.2.3.1)
302+
rack (2.2.4)
303303
rack-mini-profiler (2.1.0)
304304
rack (>= 1.2.0)
305305
rack-protection (2.2.0)
306306
rack
307307
rack-proxy (0.6.5)
308308
rack
309309
rack-rewrite (1.5.1)
310-
rack-test (1.1.0)
311-
rack (>= 1.0, < 3)
310+
rack-test (2.0.2)
311+
rack (>= 1.3)
312312
rack-timeout (0.6.0)
313313
railroady (1.5.3)
314-
rails (6.0.3.7)
315-
actioncable (= 6.0.3.7)
316-
actionmailbox (= 6.0.3.7)
317-
actionmailer (= 6.0.3.7)
318-
actionpack (= 6.0.3.7)
319-
actiontext (= 6.0.3.7)
320-
actionview (= 6.0.3.7)
321-
activejob (= 6.0.3.7)
322-
activemodel (= 6.0.3.7)
323-
activerecord (= 6.0.3.7)
324-
activestorage (= 6.0.3.7)
325-
activesupport (= 6.0.3.7)
314+
rails (6.0.4.8)
315+
actioncable (= 6.0.4.8)
316+
actionmailbox (= 6.0.4.8)
317+
actionmailer (= 6.0.4.8)
318+
actionpack (= 6.0.4.8)
319+
actiontext (= 6.0.4.8)
320+
actionview (= 6.0.4.8)
321+
activejob (= 6.0.4.8)
322+
activemodel (= 6.0.4.8)
323+
activerecord (= 6.0.4.8)
324+
activestorage (= 6.0.4.8)
325+
activesupport (= 6.0.4.8)
326326
bundler (>= 1.3.0)
327-
railties (= 6.0.3.7)
327+
railties (= 6.0.4.8)
328328
sprockets-rails (>= 2.0.0)
329329
rails-controller-testing (1.0.5)
330330
actionpack (>= 5.0.1.rc1)
@@ -348,9 +348,9 @@ GEM
348348
rails_stdout_logging
349349
rails_serve_static_assets (0.0.5)
350350
rails_stdout_logging (0.0.5)
351-
railties (6.0.3.7)
352-
actionpack (= 6.0.3.7)
353-
activesupport (= 6.0.3.7)
351+
railties (6.0.4.8)
352+
actionpack (= 6.0.4.8)
353+
activesupport (= 6.0.4.8)
354354
method_source
355355
rake (>= 0.8.7)
356356
thor (>= 0.20.3, < 2.0)
@@ -506,9 +506,9 @@ GEM
506506
sprockets (3.7.2)
507507
concurrent-ruby (~> 1.0)
508508
rack (> 1, < 3)
509-
sprockets-rails (3.2.2)
510-
actionpack (>= 4.0)
511-
activesupport (>= 4.0)
509+
sprockets-rails (3.4.2)
510+
actionpack (>= 5.2)
511+
activesupport (>= 5.2)
512512
sprockets (>= 3.0.0)
513513
ssrf_filter (1.0.7)
514514
thor (0.20.3)
@@ -542,18 +542,18 @@ GEM
542542
railties (>= 5.2)
543543
semantic_range (>= 2.3.0)
544544
webrick (1.7.0)
545-
websocket-driver (0.7.3)
545+
websocket-driver (0.7.5)
546546
websocket-extensions (>= 0.1.0)
547547
websocket-extensions (0.1.5)
548548
xpath (3.2.0)
549549
nokogiri (~> 1.8)
550-
zeitwerk (2.6.0)
550+
zeitwerk (2.6.1)
551551

552552
PLATFORMS
553553
ruby
554554

555555
DEPENDENCIES
556-
actionview (>= 6.0.3.7)
556+
actionview
557557
activerecord-import
558558
annotate (~> 2.7)
559559
bcrypt (= 3.1.13)
@@ -598,7 +598,7 @@ DEPENDENCIES
598598
rack-rewrite
599599
rack-timeout
600600
railroady (= 1.5.3)
601-
rails (~> 6.0.3.3)
601+
rails (~> 6.0.4.8)
602602
rails-controller-testing
603603
rails-erd (~> 1.6)
604604
rails-i18n (~> 6.0.0)
@@ -637,4 +637,4 @@ RUBY VERSION
637637
ruby 2.6.10p210
638638

639639
BUNDLED WITH
640-
2.1.4
640+
2.3.22

0 commit comments

Comments
 (0)