mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 08:43:25 +08:00
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52 An attacker can elevate own cookie usage to bypass server cookie restrictions Technically this is a security commit, but the surface area is extremely low, we do not expect any real world impact.
This commit is contained in:
parent
8af5194e39
commit
bac25e6dd7
2
Gemfile
2
Gemfile
|
@ -128,7 +128,7 @@ gem 'mini_racer'
|
||||||
# TODO: determine why highline is being held back and upgrade to latest
|
# TODO: determine why highline is being held back and upgrade to latest
|
||||||
gem 'highline', '~> 1.7.0', require: false
|
gem 'highline', '~> 1.7.0', require: false
|
||||||
|
|
||||||
gem 'rack', '2.2.2'
|
gem 'rack'
|
||||||
|
|
||||||
gem 'rack-protection' # security
|
gem 'rack-protection' # security
|
||||||
gem 'cbor', require: false
|
gem 'cbor', require: false
|
||||||
|
|
|
@ -268,7 +268,7 @@ GEM
|
||||||
puma (4.3.5)
|
puma (4.3.5)
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
r2 (0.2.7)
|
r2 (0.2.7)
|
||||||
rack (2.2.2)
|
rack (2.2.3)
|
||||||
rack-mini-profiler (2.0.2)
|
rack-mini-profiler (2.0.2)
|
||||||
rack (>= 1.2.0)
|
rack (>= 1.2.0)
|
||||||
rack-protection (2.0.8.1)
|
rack-protection (2.0.8.1)
|
||||||
|
@ -518,7 +518,7 @@ DEPENDENCIES
|
||||||
pry-rails
|
pry-rails
|
||||||
puma
|
puma
|
||||||
r2
|
r2
|
||||||
rack (= 2.2.2)
|
rack
|
||||||
rack-mini-profiler
|
rack-mini-profiler
|
||||||
rack-protection
|
rack-protection
|
||||||
rails_failover
|
rails_failover
|
||||||
|
|
Loading…
Reference in New Issue
Block a user