Home Explore Help
Register Sign In
RISCI_ATOM
/
mastodon
mirror of https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Files Issues 8 Wiki
Browse Source

fix(pghero): update because CVE-2023-22626 (#23190)

There is a vulnerability
[CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5)

```
Name: pghero
Version: 2.8.3
CVE: CVE-2023-22626
GHSA: GHSA-vf99-xw26-86g5
Criticality: High
URL: https://github.com/ankane/pghero/issues/439
Title: Information Disclosure Through EXPLAIN Feature
Solution: upgrade to '>= 3.1.0'
```
Kaspar V 1 year ago
parent
628dcbb732
commit
9b795a25cd
2 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 1 1
      Gemfile
  2. 3 3
      Gemfile.lock

+ 1 - 1
Gemfile
View File 

@@ -15,7 +15,7 @@ gem 'rack', '~> 2.2.6'
 
 gem 'hamlit-rails', '~> 0.2'
 
 gem 'pg', '~> 1.4'
 
 gem 'makara', '~> 0.5'
 
-gem 'pghero', '~> 2.8'
 
+gem 'pghero'
 
 gem 'dotenv-rails', '~> 2.8'
 
 
 gem 'aws-sdk-s3', '~> 1.117', require: false

+ 3 - 3
Gemfile.lock
View File 

@@ -468,8 +468,8 @@ GEM
 
     pastel (0.8.0)
 
       tty-color (~> 0.5)
 
     pg (1.4.5)
 
-    pghero (2.8.3)
 
-      activerecord (>= 5)
 
+    pghero (3.1.0)
 
+      activerecord (>= 6)
 
     pkg-config (1.5.1)
 
     posix-spawn (0.3.15)
 
     premailer (1.18.0)
 
@@ -830,7 +830,7 @@ DEPENDENCIES
 
   ox (~> 2.14)
 
   parslet
 
   pg (~> 1.4)
 
-  pghero (~> 2.8)
 
+  pghero
 
   pkg-config (~> 1.5)
 
   posix-spawn
 
   premailer-rails