From 69f11cbc1a9daf1a265ec95ac788d76139a3c337 Mon Sep 17 00:00:00 2001 From: Nicola Corti Date: Wed, 8 Feb 2023 11:23:08 -0800 Subject: [PATCH] Bump activesupport to 6.1.7.1 to address CVE-2023-22796 Summary: Just got a report that we depend on `activesupport` 6.1.7 which is marked as vulnerable as per CVE-2023-22796 https://github.com/advisories/GHSA-j6gc-792m-qgm2 I'm adding a dep on >= 6.1.7.1 in the Gemfile. Changelog: [Internal] [Changed] - Bump activesupport to 6.1.7.1 to address CVE-2023-22796 Reviewed By: yungsters Differential Revision: D43117034 fbshipit-source-id: 2c925754ca32257c9523d5bd68d6cf3bb3eb31e3 --- Gemfile | 1 + Gemfile.lock | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 567e59805c4a73..1642cc26ecaa56 100644 --- a/Gemfile +++ b/Gemfile @@ -4,3 +4,4 @@ source 'https://rubygems.org' ruby File.read(File.join(__dir__, '.ruby-version')).strip gem 'cocoapods', '~> 1.11', '>= 1.11.3' +gem 'activesupport', '>= 6.1.7.1' diff --git a/Gemfile.lock b/Gemfile.lock index 776cd69ccabdc7..2dfa05917c3de1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: CFPropertyList (3.0.5) rexml - activesupport (6.1.7) + activesupport (6.1.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -66,7 +66,7 @@ GEM i18n (1.12.0) concurrent-ruby (~> 1.0) json (2.6.2) - minitest (5.16.3) + minitest (5.17.0) molinillo (0.8.0) nanaimo (0.3.0) nap (1.1.0) @@ -76,7 +76,7 @@ GEM ruby-macho (2.5.1) typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (2.0.5) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) xcodeproj (1.22.0) CFPropertyList (>= 2.3.3, < 4.0) @@ -85,12 +85,13 @@ GEM colored2 (~> 3.1) nanaimo (~> 0.3.0) rexml (~> 3.2.4) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS ruby DEPENDENCIES + activesupport (>= 6.1.7.1) cocoapods (~> 1.11, >= 1.11.3) RUBY VERSION