Bump activesupport to 6.1.7.1 to address CVE-2023-22796

Summary: Just got a report that we depend on `activesupport` 6.1.7 which is marked as vulnerable as per CVE-2023-22796 GHSA-j6gc-792m-qgm2 I'm adding a dep on >= 6.1.7.1 in the Gemfile. Changelog: [Internal] [Changed] - Bump activesupport to 6.1.7.1 to address CVE-2023-22796 Reviewed By: yungsters Differential Revision: D43117034 fbshipit-source-id: 2c925754ca32257c9523d5bd68d6cf3bb3eb31e3
callstack · Feb 8, 2023 · 69f11cb · 69f11cb
1 parent 3951b27
commit 69f11cb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/Gemfile b/Gemfile
@@ -4,3 +4,4 @@ source 'https://rubygems.org'
 ruby File.read(File.join(__dir__, '.ruby-version')).strip
 
 gem 'cocoapods', '~> 1.11', '>= 1.11.3'
+gem 'activesupport', '>= 6.1.7.1'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -3,7 +3,7 @@ GEM
   specs:
     CFPropertyList (3.0.5)
       rexml
-    activesupport (6.1.7)
+    activesupport (6.1.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -66,7 +66,7 @@ GEM
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     json (2.6.2)
-    minitest (5.16.3)
+    minitest (5.17.0)
     molinillo (0.8.0)
     nanaimo (0.3.0)
     nap (1.1.0)
@@ -76,7 +76,7 @@ GEM
     ruby-macho (2.5.1)
     typhoeus (1.4.0)
       ethon (>= 0.9.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     xcodeproj (1.22.0)
       CFPropertyList (>= 2.3.3, < 4.0)
@@ -85,12 +85,13 @@ GEM
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
       rexml (~> 3.2.4)
-    zeitwerk (2.6.0)
+    zeitwerk (2.6.6)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
+  activesupport (>= 6.1.7.1)
   cocoapods (~> 1.11, >= 1.11.3)
 
 RUBY VERSION
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,3 +4,4 @@ source 'https://rubygems.org'
		ruby File.read(File.join(__dir__, '.ruby-version')).strip

		gem 'cocoapods', '~> 1.11', '>= 1.11.3'
		gem 'activesupport', '>= 6.1.7.1'