From d4800544f083324d324f961dee72e9f43ee41a72 Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Fri, 11 Feb 2022 23:17:54 +0100
Subject: [PATCH] Bump rails to fix CVE-2022-23633
closes #8336
---
Changelog.md | 6 +++-
Gemfile | 2 +-
Gemfile.lock | 84 ++++++++++++++++++++++++++--------------------------
3 files changed, 48 insertions(+), 44 deletions(-)
diff --git a/Changelog.md b/Changelog.md
index 62ddd3f856..7514bf9996 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,9 @@
# 0.7.16.0
+## Security
+
+* Update rails to fix [CVE-2022-23633](https://github.com/advisories/GHSA-wh98-p28r-vrc9) [#8336](https://github.com/diaspora/diaspora/pull/8336)
+
## Refactor
* Cache local posts/comments count for statistics [#8241](https://github.com/diaspora/diaspora/pull/8241)
* Fix html-syntax in some handlebars templates [#8251](https://github.com/diaspora/diaspora/pull/8251)
@@ -9,7 +13,7 @@
## Bug fixes
* Ensure the log folder exists [#8287](https://github.com/diaspora/diaspora/pull/8287)
-* Limit name length in header [#8313] (https://github.com/diaspora/diaspora/pull/8313)
+* Limit name length in header [#8313](https://github.com/diaspora/diaspora/pull/8313)
* Fix fallback avatar in hovercards [#8316](https://github.com/diaspora/diaspora/pull/8316)
* Use old person private key for export if relayable author migrated away [#8310](https://github.com/diaspora/diaspora/pull/8310)
diff --git a/Gemfile b/Gemfile
index 82e4295847..7dbd9f9397 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@
source "https://rubygems.org"
-gem "rails", "5.2.6"
+gem "rails", "5.2.6.2"
# Legacy Rails features, remove me!
# responders (class level)
diff --git a/Gemfile.lock b/Gemfile.lock
index 9d7f9771a2..ae2d489815 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,25 +2,25 @@ GEM
remote: https://rubygems.org/
remote: https://gems.diasporafoundation.org/
specs:
- actioncable (5.2.6)
- actionpack (= 5.2.6)
+ actioncable (5.2.6.2)
+ actionpack (= 5.2.6.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailer (5.2.6)
- actionpack (= 5.2.6)
- actionview (= 5.2.6)
- activejob (= 5.2.6)
+ actionmailer (5.2.6.2)
+ actionpack (= 5.2.6.2)
+ actionview (= 5.2.6.2)
+ activejob (= 5.2.6.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
- actionpack (5.2.6)
- actionview (= 5.2.6)
- activesupport (= 5.2.6)
+ actionpack (5.2.6.2)
+ actionview (= 5.2.6.2)
+ activesupport (= 5.2.6.2)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
- actionview (5.2.6)
- activesupport (= 5.2.6)
+ actionview (5.2.6.2)
+ activesupport (= 5.2.6.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
@@ -28,22 +28,22 @@ GEM
active_model_serializers (0.9.7)
activemodel (>= 3.2)
concurrent-ruby (~> 1.0)
- activejob (5.2.6)
- activesupport (= 5.2.6)
+ activejob (5.2.6.2)
+ activesupport (= 5.2.6.2)
globalid (>= 0.3.6)
- activemodel (5.2.6)
- activesupport (= 5.2.6)
- activerecord (5.2.6)
- activemodel (= 5.2.6)
- activesupport (= 5.2.6)
+ activemodel (5.2.6.2)
+ activesupport (= 5.2.6.2)
+ activerecord (5.2.6.2)
+ activemodel (= 5.2.6.2)
+ activesupport (= 5.2.6.2)
arel (>= 9.0)
activerecord-import (1.1.0)
activerecord (>= 3.2)
- activestorage (5.2.6)
- actionpack (= 5.2.6)
- activerecord (= 5.2.6)
+ activestorage (5.2.6.2)
+ actionpack (= 5.2.6.2)
+ activerecord (= 5.2.6.2)
marcel (~> 1.0.0)
- activesupport (5.2.6)
+ activesupport (5.2.6.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
@@ -295,7 +295,7 @@ GEM
gitlab (4.17.0)
httparty (~> 0.18)
terminal-table (~> 1.5, >= 1.5.1)
- globalid (0.5.2)
+ globalid (1.0.0)
activesupport (>= 5.0)
gon (6.4.0)
actionpack (>= 3.0.20)
@@ -337,7 +337,7 @@ GEM
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
- i18n (1.8.11)
+ i18n (1.9.1)
concurrent-ruby (~> 1.0)
i18n-inflector (2.6.7)
i18n (>= 0.4.1)
@@ -392,7 +392,7 @@ GEM
multi_json (~> 1.14)
logging-rails (0.6.0)
logging (>= 1.8)
- loofah (2.12.0)
+ loofah (2.14.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
macaddr (1.7.2)
@@ -411,7 +411,7 @@ GEM
mini_magick (4.11.0)
mini_mime (1.1.2)
mini_portile2 (2.6.1)
- minitest (5.14.4)
+ minitest (5.15.0)
mobile-fu (1.4.0)
rack-mobile-detect
rails
@@ -527,18 +527,18 @@ GEM
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
- rails (5.2.6)
- actioncable (= 5.2.6)
- actionmailer (= 5.2.6)
- actionpack (= 5.2.6)
- actionview (= 5.2.6)
- activejob (= 5.2.6)
- activemodel (= 5.2.6)
- activerecord (= 5.2.6)
- activestorage (= 5.2.6)
- activesupport (= 5.2.6)
+ rails (5.2.6.2)
+ actioncable (= 5.2.6.2)
+ actionmailer (= 5.2.6.2)
+ actionpack (= 5.2.6.2)
+ actionview (= 5.2.6.2)
+ activejob (= 5.2.6.2)
+ activemodel (= 5.2.6.2)
+ activerecord (= 5.2.6.2)
+ activestorage (= 5.2.6.2)
+ activesupport (= 5.2.6.2)
bundler (>= 1.3.0)
- railties (= 5.2.6)
+ railties (= 5.2.6.2)
sprockets-rails (>= 2.0.0)
rails-assets-autosize (4.0.2)
rails-assets-backbone (1.3.3)
@@ -602,9 +602,9 @@ GEM
rails-timeago (2.19.1)
actionpack (>= 3.1)
activesupport (>= 3.1)
- railties (5.2.6)
- actionpack (= 5.2.6)
- activesupport (= 5.2.6)
+ railties (5.2.6.2)
+ actionpack (= 5.2.6.2)
+ activesupport (= 5.2.6.2)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
@@ -730,7 +730,7 @@ GEM
unicode-display_width (~> 1.1, >= 1.1.1)
terser (1.1.7)
execjs (>= 0.3.0, < 3)
- thor (1.1.0)
+ thor (1.2.1)
thread_safe (0.3.6)
tilt (2.0.10)
timecop (0.9.4)
@@ -878,7 +878,7 @@ DEPENDENCIES
rack-piwik (= 0.3.0)
rack-rewrite (= 1.5.1)
rack-ssl (= 1.4.1)
- rails (= 5.2.6)
+ rails (= 5.2.6.2)
rails-assets-autosize (= 4.0.2)!
rails-assets-backbone (= 1.3.3)!
rails-assets-blueimp-gallery (= 2.33.0)!
--
GitLab