Skip to content

Commit 41afa48

Browse files
diddid
committed
upgrade Rails to 7.1.3.4 and the rexml gem to remove vulnerabilities
1 parent fc43a8e commit 41afa48

File tree

2 files changed

+102
-104
lines changed

2 files changed

+102
-104
lines changed

Gemfile

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
88
# development dependencies will be added by default to the :development group.
99
gemspec
1010

11-
gem 'rails', '~> 7.1.3.2'
11+
gem 'rails', '~> 7.1.3.4'
1212

1313
# Use Active Storage variant
1414
gem 'image_processing', '~> 1.12.2'
@@ -19,6 +19,9 @@ gem 'sprockets-rails'
1919
# Rack vulnerable to ReDoS in content type parsing
2020
gem 'rack', '~> 3.0.10'
2121

22+
# REXML contains a denial of service vulnerability
23+
gem 'rexml', '>= 3.2.7'
24+
2225
# Temporary use this branch because it solves a bug
2326
# gem 'maglev-injectable', path: '../injectable'
2427

Gemfile.lock

Lines changed: 98 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -12,71 +12,71 @@ PATH
1212
GEM
1313
remote: https://rubygems.org/
1414
specs:
15-
actioncable (7.1.3.2)
16-
actionpack (= 7.1.3.2)
17-
activesupport (= 7.1.3.2)
15+
actioncable (7.1.3.4)
16+
actionpack (= 7.1.3.4)
17+
activesupport (= 7.1.3.4)
1818
nio4r (~> 2.0)
1919
websocket-driver (>= 0.6.1)
2020
zeitwerk (~> 2.6)
21-
actionmailbox (7.1.3.2)
22-
actionpack (= 7.1.3.2)
23-
activejob (= 7.1.3.2)
24-
activerecord (= 7.1.3.2)
25-
activestorage (= 7.1.3.2)
26-
activesupport (= 7.1.3.2)
21+
actionmailbox (7.1.3.4)
22+
actionpack (= 7.1.3.4)
23+
activejob (= 7.1.3.4)
24+
activerecord (= 7.1.3.4)
25+
activestorage (= 7.1.3.4)
26+
activesupport (= 7.1.3.4)
2727
mail (>= 2.7.1)
2828
net-imap
2929
net-pop
3030
net-smtp
31-
actionmailer (7.1.3.2)
32-
actionpack (= 7.1.3.2)
33-
actionview (= 7.1.3.2)
34-
activejob (= 7.1.3.2)
35-
activesupport (= 7.1.3.2)
31+
actionmailer (7.1.3.4)
32+
actionpack (= 7.1.3.4)
33+
actionview (= 7.1.3.4)
34+
activejob (= 7.1.3.4)
35+
activesupport (= 7.1.3.4)
3636
mail (~> 2.5, >= 2.5.4)
3737
net-imap
3838
net-pop
3939
net-smtp
4040
rails-dom-testing (~> 2.2)
41-
actionpack (7.1.3.2)
42-
actionview (= 7.1.3.2)
43-
activesupport (= 7.1.3.2)
41+
actionpack (7.1.3.4)
42+
actionview (= 7.1.3.4)
43+
activesupport (= 7.1.3.4)
4444
nokogiri (>= 1.8.5)
4545
racc
4646
rack (>= 2.2.4)
4747
rack-session (>= 1.0.1)
4848
rack-test (>= 0.6.3)
4949
rails-dom-testing (~> 2.2)
5050
rails-html-sanitizer (~> 1.6)
51-
actiontext (7.1.3.2)
52-
actionpack (= 7.1.3.2)
53-
activerecord (= 7.1.3.2)
54-
activestorage (= 7.1.3.2)
55-
activesupport (= 7.1.3.2)
51+
actiontext (7.1.3.4)
52+
actionpack (= 7.1.3.4)
53+
activerecord (= 7.1.3.4)
54+
activestorage (= 7.1.3.4)
55+
activesupport (= 7.1.3.4)
5656
globalid (>= 0.6.0)
5757
nokogiri (>= 1.8.5)
58-
actionview (7.1.3.2)
59-
activesupport (= 7.1.3.2)
58+
actionview (7.1.3.4)
59+
activesupport (= 7.1.3.4)
6060
builder (~> 3.1)
6161
erubi (~> 1.11)
6262
rails-dom-testing (~> 2.2)
6363
rails-html-sanitizer (~> 1.6)
64-
activejob (7.1.3.2)
65-
activesupport (= 7.1.3.2)
64+
activejob (7.1.3.4)
65+
activesupport (= 7.1.3.4)
6666
globalid (>= 0.3.6)
67-
activemodel (7.1.3.2)
68-
activesupport (= 7.1.3.2)
69-
activerecord (7.1.3.2)
70-
activemodel (= 7.1.3.2)
71-
activesupport (= 7.1.3.2)
67+
activemodel (7.1.3.4)
68+
activesupport (= 7.1.3.4)
69+
activerecord (7.1.3.4)
70+
activemodel (= 7.1.3.4)
71+
activesupport (= 7.1.3.4)
7272
timeout (>= 0.4.0)
73-
activestorage (7.1.3.2)
74-
actionpack (= 7.1.3.2)
75-
activejob (= 7.1.3.2)
76-
activerecord (= 7.1.3.2)
77-
activesupport (= 7.1.3.2)
73+
activestorage (7.1.3.4)
74+
actionpack (= 7.1.3.4)
75+
activejob (= 7.1.3.4)
76+
activerecord (= 7.1.3.4)
77+
activesupport (= 7.1.3.4)
7878
marcel (~> 1.0)
79-
activesupport (7.1.3.2)
79+
activesupport (7.1.3.4)
8080
base64
8181
bigdecimal
8282
concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -92,41 +92,42 @@ GEM
9292
ast (2.4.2)
9393
base64 (0.2.0)
9494
bcrypt (3.1.20)
95-
bigdecimal (3.1.7)
96-
builder (3.2.4)
97-
concurrent-ruby (1.2.3)
95+
bigdecimal (3.1.8)
96+
builder (3.3.0)
97+
concurrent-ruby (1.3.3)
9898
connection_pool (2.4.1)
9999
crass (1.0.6)
100100
date (3.3.4)
101101
diff-lcs (1.5.1)
102102
docile (1.4.0)
103103
drb (2.2.1)
104104
dry-cli (1.0.0)
105-
erubi (1.12.0)
105+
erubi (1.13.0)
106106
factory_bot (6.2.1)
107107
activesupport (>= 5.0.0)
108108
factory_bot_rails (6.2.0)
109109
factory_bot (~> 6.2.0)
110110
railties (>= 5.0.0)
111-
ffi (1.16.3)
111+
ffi (1.17.0-x86_64-darwin)
112+
ffi (1.17.0-x86_64-linux-gnu)
112113
generator_spec (0.10.0)
113114
activesupport (>= 3.0.0)
114115
railties (>= 3.0.0)
115116
globalid (1.2.1)
116117
activesupport (>= 6.1)
117-
i18n (1.14.4)
118+
i18n (1.14.5)
118119
concurrent-ruby (~> 1.0)
119120
image_processing (1.12.2)
120121
mini_magick (>= 4.9.5, < 5)
121122
ruby-vips (>= 2.0.17, < 3)
122123
io-console (0.7.2)
123-
irb (1.12.0)
124-
rdoc
124+
irb (1.13.2)
125+
rdoc (>= 4.0.0)
125126
reline (>= 0.4.2)
126127
jbuilder (2.11.5)
127128
actionview (>= 5.0.0)
128129
activesupport (>= 5.0.0)
129-
json (2.7.1)
130+
json (2.7.2)
130131
kaminari (1.2.2)
131132
activesupport (>= 4.1.0)
132133
kaminari-actionview (= 1.2.2)
@@ -150,11 +151,11 @@ GEM
150151
net-pop
151152
net-smtp
152153
marcel (1.0.4)
153-
mini_magick (4.12.0)
154+
mini_magick (4.13.1)
154155
mini_mime (1.1.5)
155-
minitest (5.22.3)
156+
minitest (5.24.1)
156157
mutex_m (0.2.0)
157-
net-imap (0.4.10)
158+
net-imap (0.4.14)
158159
date
159160
net-protocol
160161
net-pop (0.1.2)
@@ -163,20 +164,20 @@ GEM
163164
timeout
164165
net-smtp (0.5.0)
165166
net-protocol
166-
nio4r (2.7.1)
167-
nokogiri (1.16.3-x86_64-darwin)
167+
nio4r (2.7.3)
168+
nokogiri (1.16.6-x86_64-darwin)
168169
racc (~> 1.4)
169-
nokogiri (1.16.3-x86_64-linux)
170+
nokogiri (1.16.6-x86_64-linux)
170171
racc (~> 1.4)
171-
parallel (1.24.0)
172-
parser (3.3.0.5)
172+
parallel (1.25.1)
173+
parser (3.3.3.0)
173174
ast (~> 2.4.1)
174175
racc
175176
pg (1.5.6)
176177
psych (5.1.2)
177178
stringio
178-
racc (1.7.3)
179-
rack (3.0.10)
179+
racc (1.8.0)
180+
rack (3.0.11)
180181
rack-proxy (0.7.7)
181182
rack
182183
rack-session (2.0.0)
@@ -186,52 +187,53 @@ GEM
186187
rackup (2.1.0)
187188
rack (>= 3)
188189
webrick (~> 1.8)
189-
rails (7.1.3.2)
190-
actioncable (= 7.1.3.2)
191-
actionmailbox (= 7.1.3.2)
192-
actionmailer (= 7.1.3.2)
193-
actionpack (= 7.1.3.2)
194-
actiontext (= 7.1.3.2)
195-
actionview (= 7.1.3.2)
196-
activejob (= 7.1.3.2)
197-
activemodel (= 7.1.3.2)
198-
activerecord (= 7.1.3.2)
199-
activestorage (= 7.1.3.2)
200-
activesupport (= 7.1.3.2)
190+
rails (7.1.3.4)
191+
actioncable (= 7.1.3.4)
192+
actionmailbox (= 7.1.3.4)
193+
actionmailer (= 7.1.3.4)
194+
actionpack (= 7.1.3.4)
195+
actiontext (= 7.1.3.4)
196+
actionview (= 7.1.3.4)
197+
activejob (= 7.1.3.4)
198+
activemodel (= 7.1.3.4)
199+
activerecord (= 7.1.3.4)
200+
activestorage (= 7.1.3.4)
201+
activesupport (= 7.1.3.4)
201202
bundler (>= 1.15.0)
202-
railties (= 7.1.3.2)
203+
railties (= 7.1.3.4)
203204
rails-dom-testing (2.2.0)
204205
activesupport (>= 5.0.0)
205206
minitest
206207
nokogiri (>= 1.6)
207208
rails-html-sanitizer (1.6.0)
208209
loofah (~> 2.21)
209210
nokogiri (~> 1.14)
210-
railties (7.1.3.2)
211-
actionpack (= 7.1.3.2)
212-
activesupport (= 7.1.3.2)
211+
railties (7.1.3.4)
212+
actionpack (= 7.1.3.4)
213+
activesupport (= 7.1.3.4)
213214
irb
214215
rackup (>= 1.0.0)
215216
rake (>= 12.2)
216217
thor (~> 1.0, >= 1.2.2)
217218
zeitwerk (~> 2.6)
218219
rainbow (3.1.1)
219-
rake (13.1.0)
220-
rdoc (6.6.3.1)
220+
rake (13.2.1)
221+
rdoc (6.7.0)
221222
psych (>= 4.0.0)
222-
regexp_parser (2.9.0)
223-
reline (0.5.0)
223+
regexp_parser (2.9.2)
224+
reline (0.5.9)
224225
io-console (~> 0.5)
225-
rexml (3.2.6)
226+
rexml (3.3.1)
227+
strscan
226228
rspec-core (3.13.0)
227229
rspec-support (~> 3.13.0)
228-
rspec-expectations (3.13.0)
230+
rspec-expectations (3.13.1)
229231
diff-lcs (>= 1.2.0, < 2.0)
230232
rspec-support (~> 3.13.0)
231-
rspec-mocks (3.13.0)
233+
rspec-mocks (3.13.1)
232234
diff-lcs (>= 1.2.0, < 2.0)
233235
rspec-support (~> 3.13.0)
234-
rspec-rails (6.1.2)
236+
rspec-rails (6.1.3)
235237
actionpack (>= 6.1)
236238
activesupport (>= 6.1)
237239
railties (>= 6.1)
@@ -240,7 +242,7 @@ GEM
240242
rspec-mocks (~> 3.13)
241243
rspec-support (~> 3.13)
242244
rspec-support (3.13.1)
243-
rubocop (1.62.1)
245+
rubocop (1.64.1)
244246
json (~> 2.3)
245247
language_server-protocol (>= 3.17.0)
246248
parallel (~> 1.10)
@@ -251,23 +253,19 @@ GEM
251253
rubocop-ast (>= 1.31.1, < 2.0)
252254
ruby-progressbar (~> 1.7)
253255
unicode-display_width (>= 2.4.0, < 3.0)
254-
rubocop-ast (1.31.2)
255-
parser (>= 3.3.0.4)
256-
rubocop-capybara (2.20.0)
257-
rubocop (~> 1.41)
258-
rubocop-factory_bot (2.25.1)
259-
rubocop (~> 1.41)
256+
rubocop-ast (1.31.3)
257+
parser (>= 3.3.1.0)
260258
rubocop-md (1.2.2)
261259
rubocop (>= 1.0)
262260
rubocop-minitest (0.35.0)
263261
rubocop (>= 1.61, < 2.0)
264262
rubocop-ast (>= 1.31.1, < 2.0)
265263
rubocop-packaging (0.5.2)
266264
rubocop (>= 1.33, < 2.0)
267-
rubocop-performance (1.21.0)
265+
rubocop-performance (1.21.1)
268266
rubocop (>= 1.48.1, < 2.0)
269267
rubocop-ast (>= 1.31.1, < 2.0)
270-
rubocop-rails (2.24.1)
268+
rubocop-rails (2.25.1)
271269
activesupport (>= 4.2.0)
272270
rack (>= 1.1)
273271
rubocop (>= 1.33.0, < 2.0)
@@ -280,13 +278,8 @@ GEM
280278
rubocop-packaging (~> 0.5)
281279
rubocop-performance (~> 1.11)
282280
rubocop-rails (~> 2.0)
283-
rubocop-rspec (2.28.0)
284-
rubocop (~> 1.40)
285-
rubocop-capybara (~> 2.17)
286-
rubocop-factory_bot (~> 2.22)
287-
rubocop-rspec_rails (~> 2.28)
288-
rubocop-rspec_rails (2.28.2)
289-
rubocop (~> 1.40)
281+
rubocop-rspec (3.0.1)
282+
rubocop (~> 1.61)
290283
ruby-progressbar (1.13.0)
291284
ruby-vips (2.2.1)
292285
ffi (~> 1.12)
@@ -299,11 +292,12 @@ GEM
299292
sprockets (4.2.1)
300293
concurrent-ruby (~> 1.0)
301294
rack (>= 2.2.4, < 4)
302-
sprockets-rails (3.4.2)
303-
actionpack (>= 5.2)
304-
activesupport (>= 5.2)
295+
sprockets-rails (3.5.1)
296+
actionpack (>= 6.1)
297+
activesupport (>= 6.1)
305298
sprockets (>= 3.0.0)
306-
stringio (3.1.0)
299+
stringio (3.1.1)
300+
strscan (3.1.0)
307301
thor (1.3.1)
308302
timeout (0.4.1)
309303
tzinfo (2.0.6)
@@ -312,15 +306,15 @@ GEM
312306
vite_rails (3.0.17)
313307
railties (>= 5.1, < 8)
314308
vite_ruby (~> 3.0, >= 3.2.2)
315-
vite_ruby (3.5.0)
309+
vite_ruby (3.6.0)
316310
dry-cli (>= 0.7, < 2)
317311
rack-proxy (~> 0.6, >= 0.6.1)
318312
zeitwerk (~> 2.2)
319313
webrick (1.8.1)
320314
websocket-driver (0.7.6)
321315
websocket-extensions (>= 0.1.0)
322316
websocket-extensions (0.1.5)
323-
zeitwerk (2.6.13)
317+
zeitwerk (2.6.16)
324318

325319
PLATFORMS
326320
x86_64-darwin-22
@@ -336,8 +330,9 @@ DEPENDENCIES
336330
nokogiri (>= 1.15.6)
337331
pg (~> 1.5.6)
338332
rack (~> 3.0.10)
339-
rails (~> 7.1.3.2)
333+
rails (~> 7.1.3.4)
340334
rdoc (>= 6.6.3.1)
335+
rexml (>= 3.2.7)
341336
rspec-rails
342337
rubocop
343338
rubocop-rails_config

0 commit comments

Comments
 (0)