Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraspace: Update ruby gems to fix CVE-2024-49761 #391891

Merged
merged 1 commit into from
Mar 24, 2025
Merged

terraspace: Update ruby gems to fix CVE-2024-49761 #391891

merged 1 commit into from
Mar 24, 2025
+133 −105

Conversation

guylamar2006
Copy link
Contributor

@guylamar2006 guylamar2006 commented Mar 21, 2025
edited
Loading

Update ruby gems to latest versions to fix ReDos vulnerability at https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@guylamar2006
Copy link
Contributor Author

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 391891

x86_64-linux

✅ 1 package built:
  • terraspace

sarcasticadmin
sarcasticadmin approved these changes Mar 21, 2025
View reviewed changes
Copy link
Member

@sarcasticadmin sarcasticadmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

built and ran on aarch64-darwin. Tested terraspace plan on a couple of test projects too. Looks good :shipit:

@sarcasticadmin sarcasticadmin added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Mar 21, 2025
@pbsds pbsds merged commit e8fbe4f into NixOS:master Mar 24, 2025
68 checks passed
@pbsds pbsds added the backport release-24.11 Backport PR automatically label Mar 24, 2025
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Mar 24, 2025

Successfully created backport PR for release-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Mar 24, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarcasticadmin sarcasticadmin

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1 12.approvals: 1 This PR was reviewed and approved by one reputable person backport release-24.11 Backport PR automatically
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guylamar2006 @sarcasticadmin @pbsds