Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update loofah gem #21499

Merged
merged 1 commit into from Mar 28, 2018
Merged

Update loofah gem #21499

merged 1 commit into from Mar 28, 2018

Conversation

ewjordan
Copy link
Contributor

Pulls in the fix for CVE-2018-8048 - Loofah XSS Vulnerability

ewjordan
ewjordan commented Mar 27, 2018
View reviewed changes
Gemfile
@@ -283,6 +283,8 @@ gem 'StreetAddress', require: "street_address"

gem 'recaptcha', require: 'recaptcha/rails'

gem 'loofah', ' ~> 2.2.1'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the right way to force this, or should I just do it in the lock file?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we version-control the lock file either is fine for bumping a version. This way makes it more explicit we're requiring a version-range for a specific reason, so slightly better.

wjordan
wjordan approved these changes Mar 27, 2018
View reviewed changes
Gemfile
@@ -283,6 +283,8 @@ gem 'StreetAddress', require: "street_address"

gem 'recaptcha', require: 'recaptcha/rails'

gem 'loofah', ' ~> 2.2.1'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we version-control the lock file either is fine for bumping a version. This way makes it more explicit we're requiring a version-range for a specific reason, so slightly better.

@ewjordan ewjordan merged commit a0b4ace into staging Mar 28, 2018
@ewjordan ewjordan deleted the update-loofah branch March 28, 2018 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wjordan wjordan wjordan approved these changes

@sureshc sureshc Awaiting requested review from sureshc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ewjordan @wjordan