Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: Upgrade jmespath & rails-html-sanitizer
Name: jmespath Version: 1.4.0 CVE: CVE-2022-32511 GHSA: GHSA-5c5f-7vfq-3732 Criticality: Unknown URL: jmespath/jmespath.rb#55 Title: JMESPath for Ruby using JSON.load instead of JSON.parse Solution: upgrade to >= 1.6.1 Name: rails-html-sanitizer Version: 1.4.2 CVE: CVE-2022-32209 Criticality: Unknown URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s Title: Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Solution: upgrade to >= 1.4.3
- Loading branch information