ODNZSL / nzsl-online

New Zealand Sign Language Dictionary
GNU General Public License v3.0
40 stars 11 forks source link

Security updates #1504

Closed hopkincame closed 1 year ago

hopkincame commented 1 year ago

This PR updates rails to fix vulnerabilities and bundle-audit which was not working locally

Name: activesupport Version: 7.0.4.2 CVE: CVE-2023-28120 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3'

Name: rack Version: 2.2.6.3 CVE: CVE-2023-27539 Criticality: Unknown URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 Title: Possible Denial of Service Vulnerability in Rack’s header parsing Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1'