From 16ed280092eab4b87a6bcaf195e227c99cc8479d Mon Sep 17 00:00:00 2001 From: Justin Smestad Date: Thu, 15 Nov 2018 16:26:07 -0700 Subject: [PATCH] Update to rack >= 2.0.6 due to XSS security vulnerability. Release 1.2.8 --- CHANGELOG.md | 4 ++-- Gemfile | 2 +- Gemfile.lock | 8 ++++---- warden.gemspec | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6359ca..4763a83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ -== Version 1.2.8 / Not released +== Version 1.2.8 / 2018-11-15 * Bugfix: Flips two lines to allow scopes authenticating from another without stepping on each other's toes. (PR #144) +* Update `rack` dependency to >= 2.0.6 due to security vulnerability * Internal: Add Rubocop Lint checking * Internal: Update RSpec to use `.rspec` file -* Internal: Update `rack` dependency to 2.x == Version 1.2.7 / 2016-10-12 * Added 'frozen_string_literal' comment, bump ruby to 2.3 diff --git a/Gemfile b/Gemfile index f22fe72..86c0191 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source 'https://rubygems.org' gemspec gem 'rake' -gem 'rack', '~> 2.0' +gem 'rack', '>= 2.0.6' group :test do gem 'rspec', '~>3' diff --git a/Gemfile.lock b/Gemfile.lock index f2c9f61..1af63eb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,13 +2,13 @@ PATH remote: . specs: warden (1.2.8) - rack (>= 1.0) + rack (>= 2.0.6) GEM remote: https://rubygems.org/ specs: diff-lcs (1.3) - rack (2.0.3) + rack (2.0.6) rack-test (0.7.0) rack (>= 1.0, < 3) rake (12.1.0) @@ -30,11 +30,11 @@ PLATFORMS ruby DEPENDENCIES - rack (~> 2.0) + rack (>= 2.0.6) rack-test rake rspec (~> 3) warden! BUNDLED WITH - 1.16.0.pre.2 + 1.17.1 diff --git a/warden.gemspec b/warden.gemspec index dba2abc..7db6e36 100644 --- a/warden.gemspec +++ b/warden.gemspec @@ -23,5 +23,5 @@ Gem::Specification.new do |spec| spec.rdoc_options = ["--charset=UTF-8"] spec.require_paths = ["lib"] spec.rubyforge_project = %q{warden} - spec.add_dependency "rack", ">= 1.0" + spec.add_dependency "rack", ">= 2.0.6" end