From ee07f6da7d111e46ca79454320d027c1aca7e157 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Wed, 13 Jul 2022 11:17:46 +0100 Subject: [PATCH] SECURITY: Bump Rails to 7.0.3.1 (#17469) https://discuss.rubyonrails.org/t/81017 --- Gemfile | 2 +- Gemfile.lock | 56 +++++++++++++++++++++---------------------- config/application.rb | 1 + 3 files changed, 30 insertions(+), 29 deletions(-) diff --git a/Gemfile b/Gemfile index f7271515eb..d79721ab73 100644 --- a/Gemfile +++ b/Gemfile @@ -18,7 +18,7 @@ else # this allows us to include the bits of rails we use without pieces we do not. # # To issue a rails update bump the version number here - rails_version = '7.0.3' + rails_version = '7.0.3.1' gem 'actionmailer', rails_version gem 'actionpack', rails_version gem 'actionview', rails_version diff --git a/Gemfile.lock b/Gemfile.lock index 7d9b09679f..b08b72848d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,25 +8,25 @@ GIT GEM remote: https://rubygems.org/ specs: - actionmailer (7.0.3) - actionpack (= 7.0.3) - actionview (= 7.0.3) - activejob (= 7.0.3) - activesupport (= 7.0.3) + actionmailer (7.0.3.1) + actionpack (= 7.0.3.1) + actionview (= 7.0.3.1) + activejob (= 7.0.3.1) + activesupport (= 7.0.3.1) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.3) - actionview (= 7.0.3) - activesupport (= 7.0.3) + actionpack (7.0.3.1) + actionview (= 7.0.3.1) + activesupport (= 7.0.3.1) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.3) - activesupport (= 7.0.3) + actionview (7.0.3.1) + activesupport (= 7.0.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -35,15 +35,15 @@ GEM actionview (>= 6.0.a) active_model_serializers (0.8.4) activemodel (>= 3.0) - activejob (7.0.3) - activesupport (= 7.0.3) + activejob (7.0.3.1) + activesupport (= 7.0.3.1) globalid (>= 0.3.6) - activemodel (7.0.3) - activesupport (= 7.0.3) - activerecord (7.0.3) - activemodel (= 7.0.3) - activesupport (= 7.0.3) - activesupport (7.0.3) + activemodel (7.0.3.1) + activesupport (= 7.0.3.1) + activerecord (7.0.3.1) + activemodel (= 7.0.3.1) + activesupport (= 7.0.3.1) + activesupport (7.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -349,9 +349,9 @@ GEM rails_multisite (4.0.1) activerecord (> 5.0, < 7.1) railties (> 5.0, < 7.1) - railties (7.0.3) - actionpack (= 7.0.3) - activesupport (= 7.0.3) + railties (7.0.3.1) + actionpack (= 7.0.3.1) + activesupport (= 7.0.3.1) method_source rake (>= 12.2) thor (~> 1.0) @@ -510,14 +510,14 @@ PLATFORMS x86_64-linux DEPENDENCIES - actionmailer (= 7.0.3) - actionpack (= 7.0.3) - actionview (= 7.0.3) + actionmailer (= 7.0.3.1) + actionpack (= 7.0.3.1) + actionview (= 7.0.3.1) actionview_precompiler active_model_serializers (~> 0.8.3) - activemodel (= 7.0.3) - activerecord (= 7.0.3) - activesupport (= 7.0.3) + activemodel (= 7.0.3.1) + activerecord (= 7.0.3.1) + activesupport (= 7.0.3.1) addressable annotate aws-sdk-s3 @@ -597,7 +597,7 @@ DEPENDENCIES rack-protection rails_failover rails_multisite - railties (= 7.0.3) + railties (= 7.0.3.1) rake rb-fsevent rbtrace diff --git a/config/application.rb b/config/application.rb index f31b720b85..95cc79e1d9 100644 --- a/config/application.rb +++ b/config/application.rb @@ -102,6 +102,7 @@ module Discourse config.action_controller.forgery_protection_origin_check = false config.active_record.belongs_to_required_by_default = false config.active_record.legacy_connection_handling = true + config.active_record.yaml_column_permitted_classes = [Hash, HashWithIndifferentAccess] # we skip it cause we configure it in the initializer # the railtie for message_bus would insert it in the