diff --git a/CHANGELOG.md b/CHANGELOG.md index 41391e30b9..fda9931260 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. request results are sorted by resource ID. [cyberark/conjur#2702](https://github.com/cyberark/conjur/pull/2702) +### Security +- Upgraded Rails to 6.1.7.1 to resolve CVE-2023-22794 (not vulnerable) + [cyberark/conjur#2703](https://github.com/cyberark/conjur/pull/2703) + ## [1.19.1] - 2022-12-08 ### Security diff --git a/Gemfile.lock b/Gemfile.lock index 6c89e1144c..92296b4d61 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,60 +8,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.6.1) - actionpack (= 6.1.6.1) - activesupport (= 6.1.6.1) + actioncable (6.1.7.1) + actionpack (= 6.1.7.1) + activesupport (= 6.1.7.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.6.1) - actionpack (= 6.1.6.1) - activejob (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + actionmailbox (6.1.7.1) + actionpack (= 6.1.7.1) + activejob (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) mail (>= 2.7.1) - actionmailer (6.1.6.1) - actionpack (= 6.1.6.1) - actionview (= 6.1.6.1) - activejob (= 6.1.6.1) - activesupport (= 6.1.6.1) + actionmailer (6.1.7.1) + actionpack (= 6.1.7.1) + actionview (= 6.1.7.1) + activejob (= 6.1.7.1) + activesupport (= 6.1.7.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.6.1) - actionview (= 6.1.6.1) - activesupport (= 6.1.6.1) + actionpack (6.1.7.1) + actionview (= 6.1.7.1) + activesupport (= 6.1.7.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.6.1) - actionpack (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + actiontext (6.1.7.1) + actionpack (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) nokogiri (>= 1.8.5) - actionview (6.1.6.1) - activesupport (= 6.1.6.1) + actionview (6.1.7.1) + activesupport (= 6.1.7.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.6.1) - activesupport (= 6.1.6.1) + activejob (6.1.7.1) + activesupport (= 6.1.7.1) globalid (>= 0.3.6) - activemodel (6.1.6.1) - activesupport (= 6.1.6.1) - activerecord (6.1.6.1) - activemodel (= 6.1.6.1) - activesupport (= 6.1.6.1) - activestorage (6.1.6.1) - actionpack (= 6.1.6.1) - activejob (= 6.1.6.1) - activerecord (= 6.1.6.1) - activesupport (= 6.1.6.1) + activemodel (6.1.7.1) + activesupport (= 6.1.7.1) + activerecord (6.1.7.1) + activemodel (= 6.1.7.1) + activesupport (= 6.1.7.1) + activestorage (6.1.7.1) + actionpack (= 6.1.7.1) + activejob (= 6.1.7.1) + activerecord (= 6.1.7.1) + activesupport (= 6.1.7.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.6.1) + activesupport (6.1.7.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -169,6 +169,7 @@ GEM cucumber-cucumber-expressions (~> 14.0, >= 14.0.0) cucumber-messages (~> 17.1, >= 17.1.1) database_cleaner (1.8.5) + date (3.3.3) debase (0.2.5.beta2) debase-ruby_core_source (>= 0.10.12) debase-ruby_core_source (0.10.13) @@ -202,7 +203,7 @@ GEM dry-core (~> 0.5, >= 0.5) dry-inflector (~> 0.1, >= 0.1.2) dry-logic (~> 1.0, >= 1.0.2) - erubi (1.10.0) + erubi (1.12.0) event_emitter (0.2.6) eventmachine (1.2.7) excon (0.91.0) @@ -214,7 +215,7 @@ GEM ffi (>= 1.0.0) rake gli (2.21.0) - globalid (1.0.0) + globalid (1.0.1) activesupport (>= 5.0) haikunator (1.1.1) hashdiff (1.0.1) @@ -262,24 +263,36 @@ GEM loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp marcel (1.0.2) method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2022.0105) mini_mime (1.1.2) - minitest (5.16.2) + minitest (5.17.0) multi_json (1.15.0) multi_test (0.1.2) + net-imap (0.3.4) + date + net-protocol net-ldap (0.17.0) + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol net-ssh (6.1.0) netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.10-x86_64-darwin) + nokogiri (1.14.0-x86_64-darwin) racc (~> 1.4) - nokogiri (1.13.10-x86_64-linux) + nokogiri (1.14.0-x86_64-linux) racc (~> 1.4) openid_connect (1.3.0) activemodel @@ -307,8 +320,8 @@ GEM public_suffix (4.0.6) puma (5.6.4) nio4r (~> 2.0) - racc (1.6.1) - rack (2.2.4) + racc (1.6.2) + rack (2.2.6.2) rack-oauth2 (1.19.0) activesupport attr_required @@ -318,20 +331,20 @@ GEM rack-rewrite (1.5.1) rack-test (2.0.2) rack (>= 1.3) - rails (6.1.6.1) - actioncable (= 6.1.6.1) - actionmailbox (= 6.1.6.1) - actionmailer (= 6.1.6.1) - actionpack (= 6.1.6.1) - actiontext (= 6.1.6.1) - actionview (= 6.1.6.1) - activejob (= 6.1.6.1) - activemodel (= 6.1.6.1) - activerecord (= 6.1.6.1) - activestorage (= 6.1.6.1) - activesupport (= 6.1.6.1) + rails (6.1.7.1) + actioncable (= 6.1.7.1) + actionmailbox (= 6.1.7.1) + actionmailer (= 6.1.7.1) + actionpack (= 6.1.7.1) + actiontext (= 6.1.7.1) + actionview (= 6.1.7.1) + activejob (= 6.1.7.1) + activemodel (= 6.1.7.1) + activerecord (= 6.1.7.1) + activestorage (= 6.1.7.1) + activesupport (= 6.1.7.1) bundler (>= 1.15.0) - railties (= 6.1.6.1) + railties (= 6.1.7.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -348,9 +361,9 @@ GEM rails_layout (1.0.42) rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.6.1) - actionpack (= 6.1.6.1) - activesupport (= 6.1.6.1) + railties (6.1.7.1) + actionpack (= 6.1.7.1) + activesupport (= 6.1.7.1) method_source rake (>= 12.2) thor (~> 1.0) @@ -429,9 +442,9 @@ GEM spring (>= 0.9.1) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (4.1.1) + sprockets (4.2.0) concurrent-ruby (~> 1.0) - rack (> 1, < 3) + rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) @@ -444,7 +457,8 @@ GEM ffi (~> 1.1) table_print (1.5.7) thor (1.2.1) - tzinfo (2.0.4) + timeout (0.3.1) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext @@ -470,7 +484,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xdg (2.2.3) - zeitwerk (2.6.0) + zeitwerk (2.6.6) PLATFORMS x86_64-darwin-20 diff --git a/NOTICES.txt b/NOTICES.txt index 9e1f0ef97e..f4e9647e67 100644 --- a/NOTICES.txt +++ b/NOTICES.txt @@ -24,7 +24,7 @@ Section 3: BSD-3-Clause Section 4: MIT ->>> https://rubygems.org/gems/activesupport/versions/6.1.6.1 +>>> https://rubygems.org/gems/activesupport/versions/6.1.7.1 >>> https://rubygems.org/gems/anyway_config/versions/2.2.3 >>> https://rubygems.org/gems/base58/versions/0.2.3 >>> https://rubygems.org/gems/bcrypt/versions/3.1.16 @@ -45,7 +45,7 @@ Section 4: MIT >>> https://rubygems.org/gems/nokogiri/versions/1.13.10 >>> https://rubygems.org/gems/openid_connect/versions/1.3.0 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1 ->>> https://rubygems.org/gems/rails/versions/6.1.6.1 +>>> https://rubygems.org/gems/rails/versions/6.1.7.1 >>> https://rubygems.org/gems/rake/versions/13.0.6 >>> https://rubygems.org/gems/sequel/versions/5.51.0 >>> https://rubygems.org/gems/sequel-pg_advisory_locking/versions/1.0.1 @@ -247,7 +247,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. MIT License is applicable to the following component(s). ->>> https://rubygems.org/gems/activesupport/versions/6.1.6.1 +>>> https://rubygems.org/gems/activesupport/versions/6.1.7.1 Copyright (c) 2005-2018 David Heinemeier Hansson @@ -748,7 +748,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/rails/versions/6.1.6.1 +>>> https://rubygems.org/gems/rails/versions/6.1.7.1 Copyright (c) 2005-2018 David Heinemeier Hansson