Skip to content

Bundle update

Nina requested to merge nina/bundle-update into main

This PR includes minor dependency updates. Upgrading actionpack and adressable fixes two vulnerabilities and the failing bundler audit pipeline on the main branch.

$ bundle-audit check
Name: actionpack
Version: 6.1.3.2
CVE: CVE-2021-22942
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c
Title: Possible Open Redirect in Host Authorization Middleware
Solution: upgrade to ~> 6.0.4, >= 6.0.4.1, >= 6.1.4.1
Name: addressable
Version: 2.7.0
CVE: CVE-2021-32740
GHSA: GHSA-jxhc-q857-3j6g
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Title: Regular Expression Denial of Service in Addressable templates
Solution: upgrade to >= 2.8.0
Vulnerabilities found!

Merge request reports