SECURITY: Bump Rails to 6.0.3.7 (#12965)

This includes fixes for:
- CVE-2020-8264
- CVE-2021-22881
- CVE-2021-22885
- CVE-2021-22904
- CVE-2021-22902
This commit is contained in:
David Taylor 2021-05-06 13:37:13 +01:00 committed by GitHub
parent e34c29aa7f
commit 23ac6fc5e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 46 deletions

14
Gemfile
View File

@ -18,13 +18,13 @@ else
# this allows us to include the bits of rails we use without pieces we do not.
#
# To issue a rails update bump the version number here
gem 'actionmailer', '6.0.3.3'
gem 'actionpack', '6.0.3.3'
gem 'actionview', '6.0.3.3'
gem 'activemodel', '6.0.3.3'
gem 'activerecord', '6.0.3.3'
gem 'activesupport', '6.0.3.3'
gem 'railties', '6.0.3.3'
gem 'actionmailer', '6.0.3.7'
gem 'actionpack', '6.0.3.7'
gem 'actionview', '6.0.3.7'
gem 'activemodel', '6.0.3.7'
gem 'activerecord', '6.0.3.7'
gem 'activesupport', '6.0.3.7'
gem 'railties', '6.0.3.7'
gem 'sprockets-rails'
end

View File

@ -1,21 +1,21 @@
GEM
remote: https://rubygems.org/
specs:
actionmailer (6.0.3.3)
actionpack (= 6.0.3.3)
actionview (= 6.0.3.3)
activejob (= 6.0.3.3)
actionmailer (6.0.3.7)
actionpack (= 6.0.3.7)
actionview (= 6.0.3.7)
activejob (= 6.0.3.7)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.0.3.3)
actionview (= 6.0.3.3)
activesupport (= 6.0.3.3)
actionpack (6.0.3.7)
actionview (= 6.0.3.7)
activesupport (= 6.0.3.7)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionview (6.0.3.3)
activesupport (= 6.0.3.3)
actionview (6.0.3.7)
activesupport (= 6.0.3.7)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
@ -24,15 +24,15 @@ GEM
actionview (>= 6.0.a)
active_model_serializers (0.8.4)
activemodel (>= 3.0)
activejob (6.0.3.3)
activesupport (= 6.0.3.3)
activejob (6.0.3.7)
activesupport (= 6.0.3.7)
globalid (>= 0.3.6)
activemodel (6.0.3.3)
activesupport (= 6.0.3.3)
activerecord (6.0.3.3)
activemodel (= 6.0.3.3)
activesupport (= 6.0.3.3)
activesupport (6.0.3.3)
activemodel (6.0.3.7)
activesupport (= 6.0.3.7)
activerecord (6.0.3.7)
activemodel (= 6.0.3.7)
activesupport (= 6.0.3.7)
activesupport (6.0.3.7)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
@ -84,7 +84,7 @@ GEM
chunky_png (1.3.14)
coderay (1.1.3)
colored2 (3.1.2)
concurrent-ruby (1.1.7)
concurrent-ruby (1.1.8)
connection_pool (2.2.3)
cose (1.2.0)
cbor (~> 0.5.9)
@ -145,7 +145,7 @@ GEM
hkdf (0.3.0)
htmlentities (4.3.4)
http_accept_language (2.1.1)
i18n (1.8.5)
i18n (1.8.10)
concurrent-ruby (~> 1.0)
image_size (1.5.0)
in_threads (1.5.4)
@ -177,7 +177,7 @@ GEM
logstash-logger (0.26.1)
logstash-event (~> 1.2)
logster (2.9.4)
loofah (2.8.0)
loofah (2.9.1)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
lru_redux (1.1.0)
@ -189,8 +189,8 @@ GEM
message_bus (3.3.4)
rack (>= 1.1.3)
method_source (1.0.0)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
mini_mime (1.1.0)
mini_portile2 (2.5.1)
mini_racer (0.3.1)
libv8 (~> 8.4.255)
mini_scheduler (0.12.3)
@ -198,7 +198,7 @@ GEM
mini_sql (0.3)
mini_suffix (0.3.0)
ffi (~> 1.9)
minitest (5.14.2)
minitest (5.14.4)
mocha (1.11.2)
mock_redis (0.26.0)
msgpack (1.3.3)
@ -207,8 +207,15 @@ GEM
multipart-post (2.1.1)
mustache (1.1.1)
nio4r (2.5.4)
nokogiri (1.10.10)
mini_portile2 (~> 2.4.0)
nokogiri (1.11.3)
mini_portile2 (~> 2.5.0)
racc (~> 1.4)
nokogiri (1.11.3-arm64-darwin)
racc (~> 1.4)
nokogiri (1.11.3-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.11.3-x86_64-linux)
racc (~> 1.4)
nokogumbo (2.0.2)
nokogiri (~> 1.8, >= 1.8.4)
oauth (0.5.4)
@ -268,6 +275,7 @@ GEM
puma (5.0.4)
nio4r (~> 2.0)
r2 (0.2.7)
racc (1.5.2)
rack (2.2.3)
rack-mini-profiler (2.2.0)
rack (>= 1.2.0)
@ -287,15 +295,15 @@ GEM
rails_multisite (2.5.0)
activerecord (> 5.0, < 7)
railties (> 5.0, < 7)
railties (6.0.3.3)
actionpack (= 6.0.3.3)
activesupport (= 6.0.3.3)
railties (6.0.3.7)
actionpack (= 6.0.3.7)
activesupport (= 6.0.3.7)
method_source
rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0)
rainbow (3.0.0)
raindrops (0.19.1)
rake (13.0.1)
rake (13.0.3)
rb-fsevent (0.10.4)
rb-inotify (0.10.1)
ffi (~> 1.0)
@ -408,10 +416,10 @@ GEM
sshkey (2.0.0)
stackprof (0.2.16)
test-prof (0.12.2)
thor (1.0.1)
thor (1.1.0)
thread_safe (0.3.6)
tilt (2.0.10)
tzinfo (1.2.8)
tzinfo (1.2.9)
thread_safe (~> 0.1)
uglifier (4.2.0)
execjs (>= 0.3.0, < 3)
@ -432,7 +440,7 @@ GEM
jwt (~> 2.0)
xorcist (1.1.2)
yaml-lint (0.0.10)
zeitwerk (2.4.1)
zeitwerk (2.4.2)
PLATFORMS
arm64-darwin-20
@ -443,14 +451,14 @@ PLATFORMS
x86_64-linux
DEPENDENCIES
actionmailer (= 6.0.3.3)
actionpack (= 6.0.3.3)
actionview (= 6.0.3.3)
actionmailer (= 6.0.3.7)
actionpack (= 6.0.3.7)
actionview (= 6.0.3.7)
actionview_precompiler
active_model_serializers (~> 0.8.3)
activemodel (= 6.0.3.3)
activerecord (= 6.0.3.3)
activesupport (= 6.0.3.3)
activemodel (= 6.0.3.7)
activerecord (= 6.0.3.7)
activesupport (= 6.0.3.7)
addressable
annotate
aws-sdk-s3
@ -528,7 +536,7 @@ DEPENDENCIES
rack-protection
rails_failover
rails_multisite
railties (= 6.0.3.3)
railties (= 6.0.3.7)
rake
rb-fsevent
rbtrace