Skip to content
Snippets Groups Projects
Unverified Commit d0319ab2 authored by Eduardo Navarro's avatar Eduardo Navarro Committed by Andrej Shadura
Browse files

Fix Action Pack vulnerability

CVE-2022-23633: Possible exposure of information vulnerability in Action
Pack.

Update Rails to 5.2.6.2 with `bundle update rails --strict --patch`.

Cherry-picked from 65292f48
parent de62ee6e
No related branches found
No related tags found
1 merge request!5Upstream fixes from 2.10 branch
Pipeline #39220 passed
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.5)
actionpack (= 5.2.5)
actioncable (5.2.6.2)
actionpack (= 5.2.6.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.5)
actionpack (= 5.2.5)
actionview (= 5.2.5)
activejob (= 5.2.5)
actionmailer (5.2.6.2)
actionpack (= 5.2.6.2)
actionview (= 5.2.6.2)
activejob (= 5.2.6.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.5)
actionview (= 5.2.5)
activesupport (= 5.2.5)
actionpack (5.2.6.2)
actionview (= 5.2.6.2)
activesupport (= 5.2.6.2)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.5)
activesupport (= 5.2.5)
actionview (5.2.6.2)
activesupport (= 5.2.6.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.5)
activesupport (= 5.2.5)
activejob (5.2.6.2)
activesupport (= 5.2.6.2)
globalid (>= 0.3.6)
activemodel (5.2.5)
activesupport (= 5.2.5)
activemodel (5.2.6.2)
activesupport (= 5.2.6.2)
activemodel-serializers-xml (1.0.2)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
activerecord (5.2.5)
activemodel (= 5.2.5)
activesupport (= 5.2.5)
activerecord (5.2.6.2)
activemodel (= 5.2.6.2)
activesupport (= 5.2.6.2)
arel (>= 9.0)
activestorage (5.2.5)
actionpack (= 5.2.5)
activerecord (= 5.2.5)
activestorage (5.2.6.2)
actionpack (= 5.2.6.2)
activerecord (= 5.2.6.2)
marcel (~> 1.0.0)
activesupport (5.2.5)
activesupport (5.2.6.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
......@@ -160,8 +160,8 @@ GEM
jquery-rails
font-awesome-sass (5.8.1)
sassc (>= 1.11)
globalid (0.4.2)
activesupport (>= 4.2.0)
globalid (1.0.0)
activesupport (>= 5.0)
gssapi (1.3.0)
ffi (>= 1.0.1)
haml (5.1.1)
......@@ -185,7 +185,7 @@ GEM
haml (>= 4.0, < 6)
nokogiri (>= 1.6.0)
ruby_parser (~> 3.5)
i18n (1.8.10)
i18n (1.8.11)
concurrent-ruby (~> 1.0)
influxdb (0.7.0)
innertube (1.1.0)
......@@ -219,17 +219,17 @@ GEM
activesupport (>= 4)
railties (>= 4)
request_store (~> 1.0)
loofah (2.9.0)
loofah (2.9.1)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.1)
marcel (1.0.2)
metaclass (0.0.4)
method_source (0.9.2)
middleware (0.1.0)
mini_mime (1.1.0)
mini_portile2 (2.5.0)
mini_mime (1.1.2)
mini_portile2 (2.5.3)
minitest (5.14.4)
minitest-ci (3.4.0)
minitest (>= 5.0.6)
......@@ -246,8 +246,8 @@ GEM
railties (>= 3.1)
mousetrap-rails (1.4.6)
mysql2 (0.5.2)
nio4r (2.5.7)
nokogiri (1.11.2)
nio4r (2.5.8)
nokogiri (1.11.7)
mini_portile2 (~> 2.5.0)
racc (~> 1.4)
nokogumbo (2.0.1)
......@@ -292,18 +292,18 @@ GEM
rack (2.2.3)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.5)
actioncable (= 5.2.5)
actionmailer (= 5.2.5)
actionpack (= 5.2.5)
actionview (= 5.2.5)
activejob (= 5.2.5)
activemodel (= 5.2.5)
activerecord (= 5.2.5)
activestorage (= 5.2.5)
activesupport (= 5.2.5)
rails (5.2.6.2)
actioncable (= 5.2.6.2)
actionmailer (= 5.2.6.2)
actionpack (= 5.2.6.2)
actionview (= 5.2.6.2)
activejob (= 5.2.6.2)
activemodel (= 5.2.6.2)
activerecord (= 5.2.6.2)
activestorage (= 5.2.6.2)
activesupport (= 5.2.6.2)
bundler (>= 1.3.0)
railties (= 5.2.5)
railties (= 5.2.6.2)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.4)
actionpack (>= 5.0.1.x)
......@@ -319,9 +319,9 @@ GEM
activesupport (>= 3.1)
rails_tokeninput (1.7.0)
railties (>= 3.1.0)
railties (5.2.5)
actionpack (= 5.2.5)
activesupport (= 5.2.5)
railties (5.2.6.2)
actionpack (= 5.2.6.2)
activesupport (= 5.2.6.2)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
......@@ -462,7 +462,7 @@ GEM
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
websocket-driver (0.7.3)
websocket-driver (0.7.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
xmlhash (1.3.7)
......@@ -576,4 +576,4 @@ DEPENDENCIES
yajl-ruby
BUNDLED WITH
1.17.1
1.17.3
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment