Security: Upgrade jmespath & rails-html-sanitizer

Name: jmespath Version: 1.4.0 CVE: CVE-2022-32511 GHSA: GHSA-5c5f-7vfq-3732 Criticality: Unknown URL: jmespath/jmespath.rb#55 Title: JMESPath for Ruby using JSON.load instead of JSON.parse Solution: upgrade to >= 1.6.1 Name: rails-html-sanitizer Version: 1.4.2 CVE: CVE-2022-32209 Criticality: Unknown URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s Title: Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Solution: upgrade to >= 1.4.3
KCSCorg · Jul 6, 2022 · 56497a6 · 56497a6
1 parent fc9f427
commit 56497a6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -186,7 +186,7 @@ GEM
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
-    jmespath (1.4.0)
+    jmespath (1.6.1)
     json (2.5.1)
     jsonapi-renderer (0.2.2)
     kramdown (2.4.0)
@@ -265,7 +265,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
     railties (6.1.6)
       actionpack (= 6.1.6)