Skip to content

Commit

Permalink
Updates to support newer rexml versions
Browse files Browse the repository at this point in the history
  • Loading branch information
jamgregory committed Jun 3, 2024
1 parent d76d4c0 commit 9672007
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 3 deletions.
1 change: 1 addition & 0 deletions .bundler-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ ignore:
- GHSA-xp5h-f8jf-rc8q
- GHSA-8h22-8cf7-hq6g
- GHSA-cr5q-6q9f-rq6q
- GHSA-r95h-9x8f-r3f7
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
strategy:
matrix:
# Ensure these stay in sync!
ruby-version: [2.7, 3.0, 3.1, 3.2]
ruby-version: [2.7, 3.0, 3.1, 3.2, 3.3]
runs-on: ubuntu-latest
services:
postgres:
Expand Down Expand Up @@ -47,7 +47,7 @@ jobs:
strategy:
matrix:
# Ensure these stay in sync!
ruby-version: [2.7, 3.0, 3.1, 3.2]
ruby-version: [2.7, 3.0, 3.1, 3.2, 3.3]
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand Down
21 changes: 21 additions & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,27 @@ else
gem 'mail', '>= 2.8.0'
end

# This is required by Ruby 2.x to fix rexml DoS vulnerability
ruby_major, ruby_minor, _ = RUBY_VERSION.split('.').map { |part| Integer(part) }
if ruby_major.to_i >= 3 && ruby_minor.to_i >= 3
gem 'rexml', '>= 3.2.7'
else
strscan_version = if ruby_major == 2 && ruby_minor == 7
'1.0.3'
elsif ruby_major == 3 && ruby_minor < 2
'3.0.1'
elsif ruby_major == 3 && ruby_minor == 2
'3.0.5'
elsif ruby_major == 3 && ruby_minor == 3
'3.0.7'
else
raise "strscan check doesn't support Ruby #{ruby_major}.#{ruby_minor}"
end

gem 'strscan', strscan_version
gem 'rexml', github: 'ruby/rexml', ref: 'f1df7d1'
end

# omniauth
# TODO: 2.0.0 is not supported in Devise yet
gem 'omniauth', '< 2.0.0'
Expand Down
12 changes: 11 additions & 1 deletion Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
GIT
remote: https://github.com/ruby/rexml.git
revision: f1df7d13b3e57a5e059273d2f0870163c08d7420
ref: f1df7d1
specs:
rexml (3.2.9)
strscan

GEM
remote: https://rubygems.org/
specs:
Expand Down Expand Up @@ -294,7 +302,6 @@ GEM
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.2.5)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.1)
Expand Down Expand Up @@ -349,6 +356,7 @@ GEM
sshkit (1.21.2)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
strscan (1.0.3)
terrapin (0.6.0)
climate_control (>= 0.0.3, < 1.0)
thor (1.2.1)
Expand Down Expand Up @@ -425,6 +433,7 @@ DEPENDENCIES
react-rails (~> 1.11, >= 1.11.0)
recaptcha (~> 4.0)
rest-client (~> 2.0)
rexml!
rspec-rails (>= 3.9.0)
sass-rails
select2-rails (~> 3.5)
Expand All @@ -433,6 +442,7 @@ DEPENDENCIES
simplecov
spring (~> 2.0)
sprockets (< 4.0)
strscan (= 1.0.3)
timecop
trix-rails
uglifier (~> 3.0.0)
Expand Down

0 comments on commit 9672007

Please sign in to comment.