41 review security alert (#43)

* 41 downgrade rack-cors due to security issue
bsm · Mar 1, 2024 · da3f62a · da3f62a
1 parent f172968
commit da3f62a
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 14 deletions.
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,7 @@ gemspec
 
 gem 'activejob'
 gem 'activerecord'
+gem 'rack-cors', '2.0.0' # https://github.com/cyu/rack-cors/issues/274
 gem 'rack-test'
 gem 'rake'
 gem 'rspec'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    grape-app (0.11.2)
+    grape-app (0.11.3)
       activesupport
       grape (>= 1.7)
       grape-entity
@@ -87,10 +87,10 @@ GEM
       ast (~> 2.4.1)
       racc
     racc (1.7.3)
-    rack (3.0.8)
+    rack (3.0.9.1)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-cors (2.0.1)
+    rack-cors (2.0.0)
       rack (>= 2.0.0)
     rack-ssl-enforcer (0.2.9)
     rack-test (2.1.0)
@@ -161,11 +161,12 @@ DEPENDENCIES
   activejob
   activerecord
   grape-app!
+  rack-cors (= 2.0.0)
   rack-test
   rake
   rspec
   rubocop-bsm
   sqlite3
 
 BUNDLED WITH
-   2.3.9
+   2.4.22
diff --git a/Gemfile.rails6 b/Gemfile.rails6
@@ -4,6 +4,7 @@ gemspec
 gem 'activejob', '~> 6.1'
 gem 'activesupport', '~> 6.1'
 gem 'activerecord', '~> 6.1'
+gem 'rack-cors', '2.0.0' # https://github.com/cyu/rack-cors/issues/274
 gem 'rack-test'
 gem 'rake'
 gem 'rspec'

diff --git a/Gemfile.rails6.lock b/Gemfile.rails6.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    grape-app (0.11.1)
+    grape-app (0.11.3)
       activesupport
       grape (>= 1.7)
       grape-entity
@@ -30,31 +30,33 @@ GEM
       zeitwerk (~> 2.3)
     ast (2.4.2)
     base64 (0.1.1)
+    bigdecimal (3.1.6)
     builder (3.2.4)
     concurrent-ruby (1.2.2)
     diff-lcs (1.5.0)
-    dry-core (1.0.0)
+    dry-core (1.0.1)
       concurrent-ruby (~> 1.0)
       zeitwerk (~> 2.6)
     dry-inflector (1.0.0)
     dry-logic (1.5.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.0, < 2)
       zeitwerk (~> 2.6)
-    dry-types (1.7.1)
+    dry-types (1.7.2)
+      bigdecimal (~> 3.0)
       concurrent-ruby (~> 1.0)
       dry-core (~> 1.0)
       dry-inflector (~> 1.0)
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
     globalid (1.1.0)
       activesupport (>= 5.0)
-    grape (1.7.1)
-      activesupport
+    grape (2.0.0)
+      activesupport (>= 5)
       builder
       dry-types (>= 1.1)
       mustermann-grape (~> 1.0.0)
-      rack (>= 1.3.0, < 3)
+      rack (>= 1.3.0)
       rack-accept
     grape-entity (1.0.0)
       activesupport (>= 3.0.0)
@@ -69,7 +71,7 @@ GEM
       ruby2_keywords (~> 0.0.1)
     mustermann-grape (1.0.2)
       mustermann (>= 1.0.0)
-    openssl (3.1.0)
+    openssl (3.2.0)
     parallel (1.23.0)
     parser (3.2.2.3)
       ast (~> 2.4.1)
@@ -78,7 +80,7 @@ GEM
     rack (2.2.8)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-cors (2.0.1)
+    rack-cors (2.0.0)
       rack (>= 2.0.0)
     rack-ssl-enforcer (0.2.9)
     rack-test (2.1.0)
@@ -135,7 +137,7 @@ GEM
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     sqlite3 (1.6.4-x86_64-linux)
-    thor (1.2.2)
+    thor (1.3.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.4.2)
@@ -149,6 +151,7 @@ DEPENDENCIES
   activerecord (~> 6.1)
   activesupport (~> 6.1)
   grape-app!
+  rack-cors (= 2.0.0)
   rack-test
   rake
   rspec

diff --git a/grape-app.gemspec b/grape-app.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'grape-app'
-  s.version       = '0.11.2'
+  s.version       = '0.11.3'
   s.authors       = ['Black Square Media Ltd']
   s.email         = ['[email protected]']
   s.summary       = %(Standalone Grape API apps)