Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve security alerts #308

Merged
merged 3 commits into from May 17, 2021
Merged

Resolve security alerts #308

merged 3 commits into from May 17, 2021

Conversation

mutecipher
Copy link
Contributor

@mutecipher mutecipher commented May 11, 2021
edited

Motivation

Ran bundle update rails to resolve the following security advisories:

Implementation

Ran bundle update rails which updated related dependencies. Needed to go back and lock Nokogiri at v1.10.10 as it was bumped to v1.11.0 which no longer supports Ruby 2.4.

Tests

No changes to tests, but current tests continue to pass.

@mutecipher mutecipher self-assigned this May 11, 2021
@mutecipher mutecipher requested a review from a team May 11, 2021 14:50
@mutecipher
Resolve security alerts
97f7e35 
Ran `bundle update rails` to resolve CVE-2021-22885, CVE-2021-22880,
GHSA-vr8q-g5c7-m54m, and GHSA-cfjv-5498-mph5.
@mutecipher
Bump Rails to 5.2.6 and lock nokogiri
fe1f08d 
Bumped Rails again to v5.2.6 and lock `nokogiri` to last Ruby 2.4
supported v1.10.10.

Signed-off-by: Cory Hutchison <cory.hutchison@shopify.com>
@mutecipher mutecipher requested review from rafaelfranca and a team May 14, 2021 17:55
rafaelfranca
rafaelfranca reviewed May 14, 2021
View reviewed changes
Gemfile Outdated Show resolved Hide resolved
@mutecipher @rafaelfranca
Update Gemfile
40cb403 
Co-authored-by: Rafael França <rafael.franca@shopify.com>
@mutecipher mutecipher merged commit e5cbe6b into master May 17, 2021
@mutecipher mutecipher deleted the resolve-security-alerts branch October 22, 2021 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafaelfranca rafaelfranca rafaelfranca approved these changes

@vinistock vinistock vinistock approved these changes

Assignees

@mutecipher mutecipher

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mutecipher @rafaelfranca @vinistock