diff --git a/CHANGELOG.md b/CHANGELOG.md index 995aa3a00b..bff8fdcb2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Nothing should go in this section, please add to the latest unreleased version (and update the corresponding date), or add a new version. +## [1.17.8] - 2022-07-14 +### Security +- Updated rails to 6.1.6.1 to remove CVE-2022-32224 + [cyberark/conjurinc#2605](https://github.com/cyberark/conjur/pull/2605) + ## [1.17.7] - 2022-06-29 ### Changed diff --git a/Gemfile.lock b/Gemfile.lock index bc8e1a7863..0dc8c9fbf9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,60 +8,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.5.1) - actionpack (= 6.1.5.1) - activesupport (= 6.1.5.1) + actioncable (6.1.6.1) + actionpack (= 6.1.6.1) + activesupport (= 6.1.6.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.5.1) - actionpack (= 6.1.5.1) - activejob (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionmailbox (6.1.6.1) + actionpack (= 6.1.6.1) + activejob (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) mail (>= 2.7.1) - actionmailer (6.1.5.1) - actionpack (= 6.1.5.1) - actionview (= 6.1.5.1) - activejob (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionmailer (6.1.6.1) + actionpack (= 6.1.6.1) + actionview (= 6.1.6.1) + activejob (= 6.1.6.1) + activesupport (= 6.1.6.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.5.1) - actionview (= 6.1.5.1) - activesupport (= 6.1.5.1) + actionpack (6.1.6.1) + actionview (= 6.1.6.1) + activesupport (= 6.1.6.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.5.1) - actionpack (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + actiontext (6.1.6.1) + actionpack (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) nokogiri (>= 1.8.5) - actionview (6.1.5.1) - activesupport (= 6.1.5.1) + actionview (6.1.6.1) + activesupport (= 6.1.6.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.5.1) - activesupport (= 6.1.5.1) + activejob (6.1.6.1) + activesupport (= 6.1.6.1) globalid (>= 0.3.6) - activemodel (6.1.5.1) - activesupport (= 6.1.5.1) - activerecord (6.1.5.1) - activemodel (= 6.1.5.1) - activesupport (= 6.1.5.1) - activestorage (6.1.5.1) - actionpack (= 6.1.5.1) - activejob (= 6.1.5.1) - activerecord (= 6.1.5.1) - activesupport (= 6.1.5.1) + activemodel (6.1.6.1) + activesupport (= 6.1.6.1) + activerecord (6.1.6.1) + activemodel (= 6.1.6.1) + activesupport (= 6.1.6.1) + activestorage (6.1.6.1) + actionpack (= 6.1.6.1) + activejob (= 6.1.6.1) + activerecord (= 6.1.6.1) + activesupport (= 6.1.6.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.5.1) + activesupport (6.1.6.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -267,7 +267,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) - minitest (5.15.0) + minitest (5.16.2) multi_json (1.15.0) multi_test (0.1.2) net-ldap (0.17.0) @@ -305,7 +305,7 @@ GEM puma (5.6.4) nio4r (~> 2.0) racc (1.6.0) - rack (2.2.3.1) + rack (2.2.4) rack-oauth2 (1.19.0) activesupport attr_required @@ -313,22 +313,22 @@ GEM json-jwt (>= 1.11.0) rack (>= 2.1.0) rack-rewrite (1.5.1) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.1.5.1) - actioncable (= 6.1.5.1) - actionmailbox (= 6.1.5.1) - actionmailer (= 6.1.5.1) - actionpack (= 6.1.5.1) - actiontext (= 6.1.5.1) - actionview (= 6.1.5.1) - activejob (= 6.1.5.1) - activemodel (= 6.1.5.1) - activerecord (= 6.1.5.1) - activestorage (= 6.1.5.1) - activesupport (= 6.1.5.1) + rack-test (2.0.2) + rack (>= 1.3) + rails (6.1.6.1) + actioncable (= 6.1.6.1) + actionmailbox (= 6.1.6.1) + actionmailer (= 6.1.6.1) + actionpack (= 6.1.6.1) + actiontext (= 6.1.6.1) + actionview (= 6.1.6.1) + activejob (= 6.1.6.1) + activemodel (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) bundler (>= 1.15.0) - railties (= 6.1.5.1) + railties (= 6.1.6.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -345,9 +345,9 @@ GEM rails_layout (1.0.42) rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.5.1) - actionpack (= 6.1.5.1) - activesupport (= 6.1.5.1) + railties (6.1.6.1) + actionpack (= 6.1.6.1) + activesupport (= 6.1.6.1) method_source rake (>= 12.2) thor (~> 1.0) @@ -426,7 +426,7 @@ GEM spring (>= 0.9.1) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (4.0.3) + sprockets (4.1.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.4.2) @@ -462,7 +462,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xdg (2.2.3) - zeitwerk (2.5.4) + zeitwerk (2.6.0) PLATFORMS x86_64-darwin-20 diff --git a/NOTICES.txt b/NOTICES.txt index 20f96d09f1..cdeb670f6c 100644 --- a/NOTICES.txt +++ b/NOTICES.txt @@ -24,7 +24,7 @@ Section 3: BSD-3-Clause Section 4: MIT ->>> https://rubygems.org/gems/activesupport/versions/6.1.5.1 +>>> https://rubygems.org/gems/activesupport/versions/6.1.6.1 >>> https://rubygems.org/gems/anyway_config/versions/2.2.3 >>> https://rubygems.org/gems/base58/versions/0.2.3 >>> https://rubygems.org/gems/bcrypt/versions/3.1.16 @@ -45,7 +45,7 @@ Section 4: MIT >>> https://rubygems.org/gems/nokogiri/versions/1.13.6 >>> https://rubygems.org/gems/openid_connect/versions/1.3.0 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1 ->>> https://rubygems.org/gems/rails/versions/6.1.5.1 +>>> https://rubygems.org/gems/rails/versions/6.1.6.1 >>> https://rubygems.org/gems/rake/versions/13.0.6 >>> https://rubygems.org/gems/sequel/versions/5.51.0 >>> https://rubygems.org/gems/sequel-pg_advisory_locking/versions/1.0.1 @@ -247,7 +247,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. MIT License is applicable to the following component(s). ->>> https://rubygems.org/gems/activesupport/versions/6.1.5.1 +>>> https://rubygems.org/gems/activesupport/versions/6.1.6.1 Copyright (c) 2005-2018 David Heinemeier Hansson @@ -748,7 +748,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/rails/versions/6.1.5.1 +>>> https://rubygems.org/gems/rails/versions/6.1.6.1 Copyright (c) 2005-2018 David Heinemeier Hansson