From 56497a65b774528d0462d83963feb0ddf6002621 Mon Sep 17 00:00:00 2001
From: Luke Pearce <luke.pearce@kulesolutions.com>
Date: Wed, 6 Jul 2022 23:01:06 +0100
Subject: [PATCH] Security: Upgrade jmespath & rails-html-sanitizer

Name: jmespath
Version: 1.4.0
CVE: CVE-2022-32511
GHSA: GHSA-5c5f-7vfq-3732
Criticality: Unknown
URL: https://github.com/jmespath/jmespath.rb/pull/55
Title: JMESPath for Ruby using JSON.load instead of JSON.parse
Solution: upgrade to >= 1.6.1

Name: rails-html-sanitizer
Version: 1.4.2
CVE: CVE-2022-32209
Criticality: Unknown
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Title: Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Solution: upgrade to >= 1.4.3
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index a9f56d5..565be41 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -186,7 +186,7 @@ GEM
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
-    jmespath (1.4.0)
+    jmespath (1.6.1)
     json (2.5.1)
     jsonapi-renderer (0.2.2)
     kramdown (2.4.0)
@@ -265,7 +265,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
     railties (6.1.6)
       actionpack (= 6.1.6)