Bump activesupport to 6.1.7.1 to address CVE-2023-22796

Summary: Just got a report that we depend on `activesupport` 6.1.7 which is marked as vulnerable as per CVE-2023-22796 https://github.com/advisories/GHSA-j6gc-792m-qgm2 I'm adding a dep on >= 6.1.7.1 in the Gemfile. Changelog: [Internal] [Changed] - Bump activesupport to 6.1.7.1 to address CVE-2023-22796 Reviewed By: yungsters Differential Revision: D43117034 fbshipit-source-id: 2c925754ca32257c9523d5bd68d6cf3bb3eb31e3
2024-11-22 06:29:46 +00:00 · 2023-02-08 11:23:08 -08:00 · 2023-02-08 11:23:08 -08:00 · 69f11cbc1a
commit 69f11cbc1a
parent 3951b27807
2 changed files with 6 additions and 4 deletions
--- a/1
+++ b/1
@ -4,3 +4,4 @@ source 'https://rubygems.org'
 ruby File.read(File.join(__dir__, '.ruby-version')).strip

 gem 'cocoapods', '~> 1.11', '>= 1.11.3'
+gem 'activesupport', '>= 6.1.7.1'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -3,7 +3,7 @@ GEM
  specs:
    CFPropertyList (3.0.5)
      rexml
-    activesupport (6.1.7)
+    activesupport (6.1.7.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@ -66,7 +66,7 @@ GEM
    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
    json (2.6.2)
-    minitest (5.16.3)
+    minitest (5.17.0)
    molinillo (0.8.0)
    nanaimo (0.3.0)
    nap (1.1.0)
@ -76,7 +76,7 @@ GEM
    ruby-macho (2.5.1)
    typhoeus (1.4.0)
      ethon (>= 0.9.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    xcodeproj (1.22.0)
      CFPropertyList (>= 2.3.3, < 4.0)
@ -85,12 +85,13 @@ GEM
      colored2 (~> 3.1)
      nanaimo (~> 0.3.0)
      rexml (~> 3.2.4)
-    zeitwerk (2.6.0)
+    zeitwerk (2.6.6)

 PLATFORMS
  ruby

 DEPENDENCIES
+  activesupport (>= 6.1.7.1)
  cocoapods (~> 1.11, >= 1.11.3)

 RUBY VERSION