CONJSE-1914: Merge pull request #646 from Conjur-Enterprise/CONJSE-1914

codihuston · GitHub Enterprise · commit ec608ebf7118 · 2024-12-31T13:54:56.000-06:00
CONJSE-1914 Bump nokogiri, puma, openid_connect, rails
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,6 +23,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Authn-JWT: Deny access when issuer claim is missing from JWT.
   Can be disabled using the authn_jwt_ignore_missing_issuer_claim config flag.
   (CONJSE-1920)
+- Update nokogiri to 1.16.5 to address CVE-2024-34459.
+  CONJSE-1923
+- Update puma to 6.4.3 to address CVE-2024-45614.
+  CONJSE-1923
+- Update openid_connect to 2.3.1 to address CVE-2023-51774 in json-jwt.
+  CONJSE-1923
+- Update rails to 6.1.7.10 to resolve: rails-html-sanitizer to resolve
+  CVE-2024-53986, CVE-2024-53987, and CVE-2024-53988, and actionpack to resolve
+  CVE-2024-54133.
+  CONJSE-1923
 
 ### Added
 - Add JSON support for the `/` endpoint that returns the Conjur version
diff --git a/Gemfile b/Gemfile
@@ -19,10 +19,10 @@ gem 'http', '~> 4.2.0'
 gem 'iso8601'
 gem 'jbuilder', '~> 2.7.0'
 gem 'mustache'
-gem 'nokogiri', '>= 1.8.2'
-gem 'puma', '~> 6', '>= 6.4.2'
+gem 'nokogiri', '>= 1.16.5'
+gem 'puma', '~> 6', '>= 6.4.3'
 gem 'rack', '~> 2.2', '>= 2.2.8.1'
-gem 'rails', '~> 6.1', '>= 6.1.7.8'
+gem 'rails', '~> 6.1', '>= 6.1.7.9'
 gem 'rake'
 
 gem 'pg'
diff --git a/Gemfile.lock b/Gemfile.lock
