Skip to content

Commit

Permalink
Merge pull request #23327 from agrare/default_cgi_version_has_cve_fix
Browse files Browse the repository at this point in the history 
Drop cgi from the Gemfile as the default in ruby 3.1.3 and 3.3 has the CVE fix
  • Loading branch information
@Fryguy
Fryguy authored Feb 5, 2025
2 parents 7e85d5b + 6ea7e04 commit 16ba169
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions Gemfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ruby ">= 3.1.1", "< 3.5.0"
ruby ">= 3.1.3", "< 3.5.0"
warn "Ruby versions >= 3.4.0 are untested!" if RUBY_VERSION >= "3.4.0"
source 'https://rubygems.org'

Expand Down Expand Up @@ -88,8 +88,6 @@ gem "terminal", :require => false
gem "wim_parser", "~>1.0", :require => false

# gems to resolve security issues
# CVE-2021-33621 fixed: ruby 3.1.4 - https://github.com/advisories/GHSA-vc47-6rqg-c7f5
gem "cgi", "~> 0.3.5"
# CVE-2023-28756 fixed: ruby 3.1.4 - https://github.com/advisories/GHSA-fg7x-g82r-94qc
gem "time", "~> 0.2.2"
# CVE-2023-36617 https://github.com/advisories/GHSA-hww2-5g85-429m
Expand Down

0 comments on commit 16ba169

Please sign in to comment.