Fix Action Pack vulnerability

CVE-2022-23633: Possible exposure of information vulnerability in Action Pack. Update Rails to 5.2.6.2 with `bundle update rails --strict --patch`. Cherry-picked from 65292f48

Fix Action Pack vulnerability
d0319ab2 · Eduardo Navarro · Andrej Shadura · de62ee6e · d0319ab2
Unverified Commit d0319ab2 authored 3 years ago by Eduardo Navarro Committed by Andrej Shadura 3 years ago
--- a/src/api/Gemfile.lock
+++ b/src/api/Gemfile.lock
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (5.2.5)
+    actioncable (5.2.6.2)
-      actionpack (= 5.2.5)
+      actionpack (= 5.2.6.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.5)
+    actionmailer (5.2.6.2)
-      actionpack (= 5.2.5)
+      actionpack (= 5.2.6.2)
-      actionview (= 5.2.5)
+      actionview (= 5.2.6.2)
-      activejob (= 5.2.5)
+      activejob (= 5.2.6.2)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (5.2.5)
+    actionpack (5.2.6.2)
-      actionview (= 5.2.5)
+      actionview (= 5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      rack (~> 2.0, >= 2.0.8)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.5)
+    actionview (5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.5)
+    activejob (5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      globalid (>= 0.3.6)
-    activemodel (5.2.5)
+    activemodel (5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
    activemodel-serializers-xml (1.0.2)
      activemodel (> 5.x)
      activesupport (> 5.x)
      builder (~> 3.1)
-    activerecord (5.2.5)
+    activerecord (5.2.6.2)
-      activemodel (= 5.2.5)
+      activemodel (= 5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      arel (>= 9.0)
-    activestorage (5.2.5)
+    activestorage (5.2.6.2)
-      actionpack (= 5.2.5)
+      actionpack (= 5.2.6.2)
-      activerecord (= 5.2.5)
+      activerecord (= 5.2.6.2)
      marcel (~> 1.0.0)
-    activesupport (5.2.5)
+    activesupport (5.2.6.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
@@ -160,8 +160,8 @@ GEM
      jquery-rails
    font-awesome-sass (5.8.1)
      sassc (>= 1.11)
-    globalid (0.4.2)
+    globalid (1.0.0)
-      activesupport (>= 4.2.0)
+      activesupport (>= 5.0)
    gssapi (1.3.0)
      ffi (>= 1.0.1)
    haml (5.1.1)
@@ -185,7 +185,7 @@ GEM
      haml (>= 4.0, < 6)
      nokogiri (>= 1.6.0)
      ruby_parser (~> 3.5)
-    i18n (1.8.10)
+    i18n (1.8.11)
      concurrent-ruby (~> 1.0)
    influxdb (0.7.0)
    innertube (1.1.0)
@@ -219,17 +219,17 @@ GEM
      activesupport (>= 4)
      railties (>= 4)
      request_store (~> 1.0)
-    loofah (2.9.0)
+    loofah (2.9.1)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
-    marcel (1.0.1)
+    marcel (1.0.2)
    metaclass (0.0.4)
    method_source (0.9.2)
    middleware (0.1.0)
-    mini_mime (1.1.0)
+    mini_mime (1.1.2)
-    mini_portile2 (2.5.0)
+    mini_portile2 (2.5.3)
    minitest (5.14.4)
    minitest-ci (3.4.0)
      minitest (>= 5.0.6)
@@ -246,8 +246,8 @@ GEM
      railties (>= 3.1)
    mousetrap-rails (1.4.6)
    mysql2 (0.5.2)
-    nio4r (2.5.7)
+    nio4r (2.5.8)
-    nokogiri (1.11.2)
+    nokogiri (1.11.7)
      mini_portile2 (~> 2.5.0)
      racc (~> 1.4)
    nokogumbo (2.0.1)
@@ -292,18 +292,18 @@ GEM
    rack (2.2.3)
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
-    rails (5.2.5)
+    rails (5.2.6.2)
-      actioncable (= 5.2.5)
+      actioncable (= 5.2.6.2)
-      actionmailer (= 5.2.5)
+      actionmailer (= 5.2.6.2)
-      actionpack (= 5.2.5)
+      actionpack (= 5.2.6.2)
-      actionview (= 5.2.5)
+      actionview (= 5.2.6.2)
-      activejob (= 5.2.5)
+      activejob (= 5.2.6.2)
-      activemodel (= 5.2.5)
+      activemodel (= 5.2.6.2)
-      activerecord (= 5.2.5)
+      activerecord (= 5.2.6.2)
-      activestorage (= 5.2.5)
+      activestorage (= 5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      bundler (>= 1.3.0)
-      railties (= 5.2.5)
+      railties (= 5.2.6.2)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.4)
      actionpack (>= 5.0.1.x)
@@ -319,9 +319,9 @@ GEM
      activesupport (>= 3.1)
    rails_tokeninput (1.7.0)
      railties (>= 3.1.0)
-    railties (5.2.5)
+    railties (5.2.6.2)
-      actionpack (= 5.2.5)
+      actionpack (= 5.2.6.2)
-      activesupport (= 5.2.5)
+      activesupport (= 5.2.6.2)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.19.0, < 2.0)
@@ -462,7 +462,7 @@ GEM
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.7.3)
+    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    xmlhash (1.3.7)
@@ -576,4 +576,4 @@ DEPENDENCIES
  yajl-ruby
 BUNDLED WITH
-   1.17.1
+   1.17.3