Merge pull request #5 from qoqa/fix_cve

update ActiveModel to 6.1.7.6
qoqa · Jan 9, 2024 · af0a52d · af0a52d
2 parents ca6aa22 + 362e978
commit af0a52d
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 13 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,27 +1,37 @@
 PATH
   remote: .
   specs:
-    swiss_bank_validator (0.6.1)
-      activemodel (~> 6.0)
+    swiss_bank_validator (1.0.1)
+      activemodel (>= 6.1.7.6)
       rexml (~> 3.2.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.1.3.2)
-      activesupport (= 6.1.3.2)
-    activesupport (6.1.3.2)
+    activemodel (7.1.2)
+      activesupport (= 7.1.2)
+    activesupport (7.1.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
     ast (2.4.1)
-    concurrent-ruby (1.1.8)
+    base64 (0.1.1)
+    bigdecimal (3.1.5)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
     diff-lcs (1.4.4)
-    i18n (1.8.10)
+    drb (2.2.0)
+      ruby2_keywords
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    minitest (5.14.4)
+    minitest (5.20.0)
+    mutex_m (0.2.0)
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
@@ -54,10 +64,10 @@ GEM
     rubocop-ast (1.3.0)
       parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
-    tzinfo (2.0.4)
+    ruby2_keywords (0.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (1.7.0)
-    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby

diff --git a/changelog.md b/changelog.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.1]
+
+- Update ActiveSupport to fix multiple CVE
+
 ## [0.6.1]
 
 - Fix Rexml vulnerabilities

diff --git a/lib/swiss_bank_validator/version.rb b/lib/swiss_bank_validator/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SwissBankValidator
-  VERSION = '1.0.0'
+  VERSION = '1.0.1'
 end
diff --git a/swiss_bank_validator.gemspec b/swiss_bank_validator.gemspec
@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'activemodel', '>= 6.0'
+  spec.add_dependency 'activemodel', '>= 6.1.7.6'
   spec.add_dependency 'rexml', '~> 3.2.5'
 
   spec.add_development_dependency 'rspec', '~> 3.0'