mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 22:16:17 +08:00
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52 An attacker can elevate own cookie usage to bypass server cookie restrictions Technically this is a security commit, but the surface area is extremely low, we do not expect any real world impact.
This commit is contained in:
parent
8af5194e39
commit
bac25e6dd7
2
Gemfile
2
Gemfile
|
@ -128,7 +128,7 @@ gem 'mini_racer'
|
|||
# TODO: determine why highline is being held back and upgrade to latest
|
||||
gem 'highline', '~> 1.7.0', require: false
|
||||
|
||||
gem 'rack', '2.2.2'
|
||||
gem 'rack'
|
||||
|
||||
gem 'rack-protection' # security
|
||||
gem 'cbor', require: false
|
||||
|
|
|
@ -268,7 +268,7 @@ GEM
|
|||
puma (4.3.5)
|
||||
nio4r (~> 2.0)
|
||||
r2 (0.2.7)
|
||||
rack (2.2.2)
|
||||
rack (2.2.3)
|
||||
rack-mini-profiler (2.0.2)
|
||||
rack (>= 1.2.0)
|
||||
rack-protection (2.0.8.1)
|
||||
|
@ -518,7 +518,7 @@ DEPENDENCIES
|
|||
pry-rails
|
||||
puma
|
||||
r2
|
||||
rack (= 2.2.2)
|
||||
rack
|
||||
rack-mini-profiler
|
||||
rack-protection
|
||||
rails_failover
|
||||
|
|
Loading…
Reference in New Issue
Block a user