github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-12 22:28:14 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Bump Rails to 6.0.3.7 (#12965)

Browse Source 
This includes fixes for:
- CVE-2020-8264
- CVE-2021-22881
- CVE-2021-22885
- CVE-2021-22904
- CVE-2021-22902
This commit is contained in:
David Taylor 2021-05-06 13:37:13 +01:00 committed by GitHub
parent e34c29aa7f
commit 23ac6fc5e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Gemfile
View File

@ -18,13 +18,13 @@ else
# this allows us to include the bits of rails we use without pieces we do not. # this allows us to include the bits of rails we use without pieces we do not.
# #
# To issue a rails update bump the version number here # To issue a rails update bump the version number here
gem 'actionmailer', '6.0.3.3' gem 'actionmailer', '6.0.3.7'
gem 'actionpack', '6.0.3.3' gem 'actionpack', '6.0.3.7'
gem 'actionview', '6.0.3.3' gem 'actionview', '6.0.3.7'
gem 'activemodel', '6.0.3.3' gem 'activemodel', '6.0.3.7'
gem 'activerecord', '6.0.3.3' gem 'activerecord', '6.0.3.7'
gem 'activesupport', '6.0.3.3' gem 'activesupport', '6.0.3.7'
gem 'railties', '6.0.3.3' gem 'railties', '6.0.3.7'
gem 'sprockets-rails' gem 'sprockets-rails'
end end

86
Gemfile.lock
View File

@ -1,21 +1,21 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
actionmailer (6.0.3.3) actionmailer (6.0.3.7)
actionpack (= 6.0.3.3) actionpack (= 6.0.3.7)
actionview (= 6.0.3.3) actionview (= 6.0.3.7)
activejob (= 6.0.3.3) activejob (= 6.0.3.7)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
actionpack (6.0.3.3) actionpack (6.0.3.7)
actionview (= 6.0.3.3) actionview (= 6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
rack (~> 2.0, >= 2.0.8) rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3) rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionview (6.0.3.3) actionview (6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
builder (~> 3.1) builder (~> 3.1)
erubi (~> 1.4) erubi (~> 1.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
@ -24,15 +24,15 @@ GEM
actionview (>= 6.0.a) actionview (>= 6.0.a)
active_model_serializers (0.8.4) active_model_serializers (0.8.4)
activemodel (>= 3.0) activemodel (>= 3.0)
activejob (6.0.3.3) activejob (6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
globalid (>= 0.3.6) globalid (>= 0.3.6)
activemodel (6.0.3.3) activemodel (6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
activerecord (6.0.3.3) activerecord (6.0.3.7)
activemodel (= 6.0.3.3) activemodel (= 6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
activesupport (6.0.3.3) activesupport (6.0.3.7)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
minitest (~> 5.1) minitest (~> 5.1)
@ -84,7 +84,7 @@ GEM
chunky_png (1.3.14) chunky_png (1.3.14)
coderay (1.1.3) coderay (1.1.3)
colored2 (3.1.2) colored2 (3.1.2)
concurrent-ruby (1.1.7) concurrent-ruby (1.1.8)
connection_pool (2.2.3) connection_pool (2.2.3)
cose (1.2.0) cose (1.2.0)
cbor (~> 0.5.9) cbor (~> 0.5.9)
@ -145,7 +145,7 @@ GEM
hkdf (0.3.0) hkdf (0.3.0)
htmlentities (4.3.4) htmlentities (4.3.4)
http_accept_language (2.1.1) http_accept_language (2.1.1)
i18n (1.8.5) i18n (1.8.10)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
image_size (1.5.0) image_size (1.5.0)
in_threads (1.5.4) in_threads (1.5.4)
@ -177,7 +177,7 @@ GEM
logstash-logger (0.26.1) logstash-logger (0.26.1)
logstash-event (~> 1.2) logstash-event (~> 1.2)
logster (2.9.4) logster (2.9.4)
loofah (2.8.0) loofah (2.9.1)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.5.9) nokogiri (>= 1.5.9)
lru_redux (1.1.0) lru_redux (1.1.0)
@ -189,8 +189,8 @@ GEM
message_bus (3.3.4) message_bus (3.3.4)
rack (>= 1.1.3) rack (>= 1.1.3)
method_source (1.0.0) method_source (1.0.0)
mini_mime (1.0.2) mini_mime (1.1.0)
mini_portile2 (2.4.0) mini_portile2 (2.5.1)
mini_racer (0.3.1) mini_racer (0.3.1)
libv8 (~> 8.4.255) libv8 (~> 8.4.255)
mini_scheduler (0.12.3) mini_scheduler (0.12.3)
@ -198,7 +198,7 @@ GEM
mini_sql (0.3) mini_sql (0.3)
mini_suffix (0.3.0) mini_suffix (0.3.0)
ffi (~> 1.9) ffi (~> 1.9)
minitest (5.14.2) minitest (5.14.4)
mocha (1.11.2) mocha (1.11.2)
mock_redis (0.26.0) mock_redis (0.26.0)
msgpack (1.3.3) msgpack (1.3.3)
@ -207,8 +207,15 @@ GEM
multipart-post (2.1.1) multipart-post (2.1.1)
mustache (1.1.1) mustache (1.1.1)
nio4r (2.5.4) nio4r (2.5.4)
nokogiri (1.10.10) nokogiri (1.11.3)
mini_portile2 (~> 2.4.0) mini_portile2 (~> 2.5.0)
racc (~> 1.4)
nokogiri (1.11.3-arm64-darwin)
racc (~> 1.4)
nokogiri (1.11.3-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.11.3-x86_64-linux)
racc (~> 1.4)
nokogumbo (2.0.2) nokogumbo (2.0.2)
nokogiri (~> 1.8, >= 1.8.4) nokogiri (~> 1.8, >= 1.8.4)
oauth (0.5.4) oauth (0.5.4)
@ -268,6 +275,7 @@ GEM
puma (5.0.4) puma (5.0.4)
nio4r (~> 2.0) nio4r (~> 2.0)
r2 (0.2.7) r2 (0.2.7)
racc (1.5.2)
rack (2.2.3) rack (2.2.3)
rack-mini-profiler (2.2.0) rack-mini-profiler (2.2.0)
rack (>= 1.2.0) rack (>= 1.2.0)
@ -287,15 +295,15 @@ GEM
rails_multisite (2.5.0) rails_multisite (2.5.0)
activerecord (> 5.0, < 7) activerecord (> 5.0, < 7)
railties (> 5.0, < 7) railties (> 5.0, < 7)
railties (6.0.3.3) railties (6.0.3.7)
actionpack (= 6.0.3.3) actionpack (= 6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
method_source method_source
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0) thor (>= 0.20.3, < 2.0)
rainbow (3.0.0) rainbow (3.0.0)
raindrops (0.19.1) raindrops (0.19.1)
rake (13.0.1) rake (13.0.3)
rb-fsevent (0.10.4) rb-fsevent (0.10.4)
rb-inotify (0.10.1) rb-inotify (0.10.1)
ffi (~> 1.0) ffi (~> 1.0)
@ -408,10 +416,10 @@ GEM
sshkey (2.0.0) sshkey (2.0.0)
stackprof (0.2.16) stackprof (0.2.16)
test-prof (0.12.2) test-prof (0.12.2)
thor (1.0.1) thor (1.1.0)
thread_safe (0.3.6) thread_safe (0.3.6)
tilt (2.0.10) tilt (2.0.10)
tzinfo (1.2.8) tzinfo (1.2.9)
thread_safe (~> 0.1) thread_safe (~> 0.1)
uglifier (4.2.0) uglifier (4.2.0)
execjs (>= 0.3.0, < 3) execjs (>= 0.3.0, < 3)
@ -432,7 +440,7 @@ GEM
jwt (~> 2.0) jwt (~> 2.0)
xorcist (1.1.2) xorcist (1.1.2)
yaml-lint (0.0.10) yaml-lint (0.0.10)
zeitwerk (2.4.1) zeitwerk (2.4.2)
PLATFORMS PLATFORMS
arm64-darwin-20 arm64-darwin-20
@ -443,14 +451,14 @@ PLATFORMS
x86_64-linux x86_64-linux
DEPENDENCIES DEPENDENCIES
actionmailer (= 6.0.3.3) actionmailer (= 6.0.3.7)
actionpack (= 6.0.3.3) actionpack (= 6.0.3.7)
actionview (= 6.0.3.3) actionview (= 6.0.3.7)
actionview_precompiler actionview_precompiler
active_model_serializers (~> 0.8.3) active_model_serializers (~> 0.8.3)
activemodel (= 6.0.3.3) activemodel (= 6.0.3.7)
activerecord (= 6.0.3.3) activerecord (= 6.0.3.7)
activesupport (= 6.0.3.3) activesupport (= 6.0.3.7)
addressable addressable
annotate annotate
aws-sdk-s3 aws-sdk-s3
@ -528,7 +536,7 @@ DEPENDENCIES
rack-protection rack-protection
rails_failover rails_failover
rails_multisite rails_multisite
railties (= 6.0.3.3) railties (= 6.0.3.7)
rake rake
rb-fsevent rb-fsevent
rbtrace rbtrace