Upgrade rails to 6.1.5.1

Signed-off-by: Andy Tinkham <[email protected]>
cyberark · Apr 28, 2022 · 0ed86c3 · 0ed86c3
1 parent 29e5f35
commit 0ed86c3
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 62 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Adds `CONJUR_USERS_IN_ROOT_POLICY_ONLY` environment variable to prevent users from being created outside the root policy.
 
+### Security
+- Upgrade Rails to 6.12.5.1 to close CVE-2022-22577 and CVE-2022-27777
+  [cyberark/conjur#2553](https://github.com/cyberark/conjur/pull/2553)
+
 ## [1.17.5] - 2022-04-07
 
 ### Changed

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -8,60 +8,60 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actioncable (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionmailbox (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       mail (>= 2.7.1)
-    actionmailer (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      actionview (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionmailer (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      actionview (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.7)
-      actionview (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionpack (6.1.5.1)
+      actionview (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actiontext (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       nokogiri (>= 1.8.5)
-    actionview (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionview (6.1.5.1)
+      activesupport (= 6.1.5.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    activejob (6.1.5.1)
+      activesupport (= 6.1.5.1)
       globalid (>= 0.3.6)
-    activemodel (6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activerecord (6.1.4.7)
-      activemodel (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activestorage (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-      marcel (~> 1.0.0)
+    activemodel (6.1.5.1)
+      activesupport (= 6.1.5.1)
+    activerecord (6.1.5.1)
+      activemodel (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
+    activestorage (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
+      marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.4.7)
+    activesupport (6.1.5.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -107,7 +107,7 @@ GEM
       rspec (>= 2.14, < 4)
     coderay (1.1.3)
     command_class (0.0.2)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     conjur-api (5.3.8.pre.194)
       activesupport (>= 4.2)
       addressable (~> 2.0)
@@ -252,7 +252,7 @@ GEM
     listen (3.7.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.14.0)
+    loofah (2.16.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -311,20 +311,20 @@ GEM
     rack-rewrite (1.5.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.4.7)
-      actioncable (= 6.1.4.7)
-      actionmailbox (= 6.1.4.7)
-      actionmailer (= 6.1.4.7)
-      actionpack (= 6.1.4.7)
-      actiontext (= 6.1.4.7)
-      actionview (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activemodel (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    rails (6.1.5.1)
+      actioncable (= 6.1.5.1)
+      actionmailbox (= 6.1.5.1)
+      actionmailer (= 6.1.5.1)
+      actionpack (= 6.1.5.1)
+      actiontext (= 6.1.5.1)
+      actionview (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activemodel (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       bundler (>= 1.15.0)
-      railties (= 6.1.4.7)
+      railties (= 6.1.5.1)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -341,11 +341,11 @@ GEM
     rails_layout (1.0.42)
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    railties (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.6)
@@ -538,4 +538,4 @@ DEPENDENCIES
   websocket
 
 BUNDLED WITH
-   2.2.31
+   2.2.33
diff --git a/NOTICES.txt b/NOTICES.txt
@@ -24,7 +24,7 @@ Section 3: BSD-3-Clause
 
 Section 4: MIT
 
->>> https://rubygems.org/gems/activesupport/versions/6.1.4.7
+>>> https://rubygems.org/gems/activesupport/versions/6.1.5.1
 >>> https://rubygems.org/gems/anyway_config/versions/2.2.3
 >>> https://rubygems.org/gems/base58/versions/0.2.3
 >>> https://rubygems.org/gems/bcrypt/versions/3.1.16
@@ -45,7 +45,7 @@ Section 4: MIT
 >>> https://rubygems.org/gems/nokogiri/versions/1.13.4
 >>> https://rubygems.org/gems/openid_connect/versions/1.3.0
 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1
->>> https://rubygems.org/gems/rails/versions/6.1.4.7
+>>> https://rubygems.org/gems/rails/versions/6.1.5.1
 >>> https://rubygems.org/gems/rake/versions/13.0.6
 >>> https://rubygems.org/gems/sequel/versions/5.51.0
 >>> https://rubygems.org/gems/sequel-pg_advisory_locking/versions/1.0.1
@@ -247,7 +247,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 MIT License is applicable to the following component(s).
 
->>> https://rubygems.org/gems/activesupport/versions/6.1.4.7
+>>> https://rubygems.org/gems/activesupport/versions/6.1.5.1
 
 Copyright (c) 2005-2018 David Heinemeier Hansson
 
@@ -748,7 +748,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
->>> https://rubygems.org/gems/rails/versions/6.1.4.7
+>>> https://rubygems.org/gems/rails/versions/6.1.5.1
 
 Copyright (c) 2005-2018 David Heinemeier Hansson