Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency actionpack to v7.1.3.4 #33

Closed
wants to merge 1 commit into from
Closed

Update dependency actionpack to v7.1.3.4 #33

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Update Change
actionpack (source, changelog) patch 7.1.3.2 -> 7.1.3.4

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Medium Medium 6.1 CVE-2024-32464
Medium Medium 5.4 CVE-2024-28103

Release Notes

rails/rails (actionpack)

v7.1.3.4: 7.1.3.4

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types
    [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • Sanitize ActionText HTML ContentAttachment in Trix edit view
    [CVE-2024-32464]

Railties

  • No changes.

v7.1.3.3: 7.1.3.3

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • Upgrade Trix to 2.1.1 to fix CVE-2024-34341.

    Rafael Mendonça França

Railties

  • No changes.
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot requested a review from a team as a code owner June 14, 2024 07:51
@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jun 14, 2024
@dkengineering0
Copy link

This repo should be deleted and removed from Mend. @danbickford007, I don't know whom should I let know about it.

@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/actionpack-7.x-lockfile branch June 14, 2024 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dkengineering0