mirror of
https://github.com/discourse/discourse.git
synced 2024-12-12 22:40:58 +08:00
SECURITY: Bump Rails to 6.0.3.7 (#12965)
This includes fixes for: - CVE-2020-8264 - CVE-2021-22881 - CVE-2021-22885 - CVE-2021-22904 - CVE-2021-22902
This commit is contained in:
parent
e34c29aa7f
commit
23ac6fc5e0
14
Gemfile
14
Gemfile
|
@ -18,13 +18,13 @@ else
|
|||
# this allows us to include the bits of rails we use without pieces we do not.
|
||||
#
|
||||
# To issue a rails update bump the version number here
|
||||
gem 'actionmailer', '6.0.3.3'
|
||||
gem 'actionpack', '6.0.3.3'
|
||||
gem 'actionview', '6.0.3.3'
|
||||
gem 'activemodel', '6.0.3.3'
|
||||
gem 'activerecord', '6.0.3.3'
|
||||
gem 'activesupport', '6.0.3.3'
|
||||
gem 'railties', '6.0.3.3'
|
||||
gem 'actionmailer', '6.0.3.7'
|
||||
gem 'actionpack', '6.0.3.7'
|
||||
gem 'actionview', '6.0.3.7'
|
||||
gem 'activemodel', '6.0.3.7'
|
||||
gem 'activerecord', '6.0.3.7'
|
||||
gem 'activesupport', '6.0.3.7'
|
||||
gem 'railties', '6.0.3.7'
|
||||
gem 'sprockets-rails'
|
||||
end
|
||||
|
||||
|
|
86
Gemfile.lock
86
Gemfile.lock
|
@ -1,21 +1,21 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
actionmailer (6.0.3.3)
|
||||
actionpack (= 6.0.3.3)
|
||||
actionview (= 6.0.3.3)
|
||||
activejob (= 6.0.3.3)
|
||||
actionmailer (6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
actionview (= 6.0.3.7)
|
||||
activejob (= 6.0.3.7)
|
||||
mail (~> 2.5, >= 2.5.4)
|
||||
rails-dom-testing (~> 2.0)
|
||||
actionpack (6.0.3.3)
|
||||
actionview (= 6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
actionpack (6.0.3.7)
|
||||
actionview (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
rack (~> 2.0, >= 2.0.8)
|
||||
rack-test (>= 0.6.3)
|
||||
rails-dom-testing (~> 2.0)
|
||||
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
||||
actionview (6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
actionview (6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
builder (~> 3.1)
|
||||
erubi (~> 1.4)
|
||||
rails-dom-testing (~> 2.0)
|
||||
|
@ -24,15 +24,15 @@ GEM
|
|||
actionview (>= 6.0.a)
|
||||
active_model_serializers (0.8.4)
|
||||
activemodel (>= 3.0)
|
||||
activejob (6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
activejob (6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
globalid (>= 0.3.6)
|
||||
activemodel (6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
activerecord (6.0.3.3)
|
||||
activemodel (= 6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
activesupport (6.0.3.3)
|
||||
activemodel (6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
activerecord (6.0.3.7)
|
||||
activemodel (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
activesupport (6.0.3.7)
|
||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||
i18n (>= 0.7, < 2)
|
||||
minitest (~> 5.1)
|
||||
|
@ -84,7 +84,7 @@ GEM
|
|||
chunky_png (1.3.14)
|
||||
coderay (1.1.3)
|
||||
colored2 (3.1.2)
|
||||
concurrent-ruby (1.1.7)
|
||||
concurrent-ruby (1.1.8)
|
||||
connection_pool (2.2.3)
|
||||
cose (1.2.0)
|
||||
cbor (~> 0.5.9)
|
||||
|
@ -145,7 +145,7 @@ GEM
|
|||
hkdf (0.3.0)
|
||||
htmlentities (4.3.4)
|
||||
http_accept_language (2.1.1)
|
||||
i18n (1.8.5)
|
||||
i18n (1.8.10)
|
||||
concurrent-ruby (~> 1.0)
|
||||
image_size (1.5.0)
|
||||
in_threads (1.5.4)
|
||||
|
@ -177,7 +177,7 @@ GEM
|
|||
logstash-logger (0.26.1)
|
||||
logstash-event (~> 1.2)
|
||||
logster (2.9.4)
|
||||
loofah (2.8.0)
|
||||
loofah (2.9.1)
|
||||
crass (~> 1.0.2)
|
||||
nokogiri (>= 1.5.9)
|
||||
lru_redux (1.1.0)
|
||||
|
@ -189,8 +189,8 @@ GEM
|
|||
message_bus (3.3.4)
|
||||
rack (>= 1.1.3)
|
||||
method_source (1.0.0)
|
||||
mini_mime (1.0.2)
|
||||
mini_portile2 (2.4.0)
|
||||
mini_mime (1.1.0)
|
||||
mini_portile2 (2.5.1)
|
||||
mini_racer (0.3.1)
|
||||
libv8 (~> 8.4.255)
|
||||
mini_scheduler (0.12.3)
|
||||
|
@ -198,7 +198,7 @@ GEM
|
|||
mini_sql (0.3)
|
||||
mini_suffix (0.3.0)
|
||||
ffi (~> 1.9)
|
||||
minitest (5.14.2)
|
||||
minitest (5.14.4)
|
||||
mocha (1.11.2)
|
||||
mock_redis (0.26.0)
|
||||
msgpack (1.3.3)
|
||||
|
@ -207,8 +207,15 @@ GEM
|
|||
multipart-post (2.1.1)
|
||||
mustache (1.1.1)
|
||||
nio4r (2.5.4)
|
||||
nokogiri (1.10.10)
|
||||
mini_portile2 (~> 2.4.0)
|
||||
nokogiri (1.11.3)
|
||||
mini_portile2 (~> 2.5.0)
|
||||
racc (~> 1.4)
|
||||
nokogiri (1.11.3-arm64-darwin)
|
||||
racc (~> 1.4)
|
||||
nokogiri (1.11.3-x86_64-darwin)
|
||||
racc (~> 1.4)
|
||||
nokogiri (1.11.3-x86_64-linux)
|
||||
racc (~> 1.4)
|
||||
nokogumbo (2.0.2)
|
||||
nokogiri (~> 1.8, >= 1.8.4)
|
||||
oauth (0.5.4)
|
||||
|
@ -268,6 +275,7 @@ GEM
|
|||
puma (5.0.4)
|
||||
nio4r (~> 2.0)
|
||||
r2 (0.2.7)
|
||||
racc (1.5.2)
|
||||
rack (2.2.3)
|
||||
rack-mini-profiler (2.2.0)
|
||||
rack (>= 1.2.0)
|
||||
|
@ -287,15 +295,15 @@ GEM
|
|||
rails_multisite (2.5.0)
|
||||
activerecord (> 5.0, < 7)
|
||||
railties (> 5.0, < 7)
|
||||
railties (6.0.3.3)
|
||||
actionpack (= 6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
railties (6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
method_source
|
||||
rake (>= 0.8.7)
|
||||
thor (>= 0.20.3, < 2.0)
|
||||
rainbow (3.0.0)
|
||||
raindrops (0.19.1)
|
||||
rake (13.0.1)
|
||||
rake (13.0.3)
|
||||
rb-fsevent (0.10.4)
|
||||
rb-inotify (0.10.1)
|
||||
ffi (~> 1.0)
|
||||
|
@ -408,10 +416,10 @@ GEM
|
|||
sshkey (2.0.0)
|
||||
stackprof (0.2.16)
|
||||
test-prof (0.12.2)
|
||||
thor (1.0.1)
|
||||
thor (1.1.0)
|
||||
thread_safe (0.3.6)
|
||||
tilt (2.0.10)
|
||||
tzinfo (1.2.8)
|
||||
tzinfo (1.2.9)
|
||||
thread_safe (~> 0.1)
|
||||
uglifier (4.2.0)
|
||||
execjs (>= 0.3.0, < 3)
|
||||
|
@ -432,7 +440,7 @@ GEM
|
|||
jwt (~> 2.0)
|
||||
xorcist (1.1.2)
|
||||
yaml-lint (0.0.10)
|
||||
zeitwerk (2.4.1)
|
||||
zeitwerk (2.4.2)
|
||||
|
||||
PLATFORMS
|
||||
arm64-darwin-20
|
||||
|
@ -443,14 +451,14 @@ PLATFORMS
|
|||
x86_64-linux
|
||||
|
||||
DEPENDENCIES
|
||||
actionmailer (= 6.0.3.3)
|
||||
actionpack (= 6.0.3.3)
|
||||
actionview (= 6.0.3.3)
|
||||
actionmailer (= 6.0.3.7)
|
||||
actionpack (= 6.0.3.7)
|
||||
actionview (= 6.0.3.7)
|
||||
actionview_precompiler
|
||||
active_model_serializers (~> 0.8.3)
|
||||
activemodel (= 6.0.3.3)
|
||||
activerecord (= 6.0.3.3)
|
||||
activesupport (= 6.0.3.3)
|
||||
activemodel (= 6.0.3.7)
|
||||
activerecord (= 6.0.3.7)
|
||||
activesupport (= 6.0.3.7)
|
||||
addressable
|
||||
annotate
|
||||
aws-sdk-s3
|
||||
|
@ -528,7 +536,7 @@ DEPENDENCIES
|
|||
rack-protection
|
||||
rails_failover
|
||||
rails_multisite
|
||||
railties (= 6.0.3.3)
|
||||
railties (= 6.0.3.7)
|
||||
rake
|
||||
rb-fsevent
|
||||
rbtrace
|
||||
|
|
Loading…
Reference in New Issue
Block a user