From 9b795a25cd7a014d8c08cc213031b55dff83bb69 Mon Sep 17 00:00:00 2001 From: Kaspar V Date: Sun, 22 Jan 2023 23:09:02 +0100 Subject: [PATCH] fix(pghero): update because CVE-2023-22626 (#23190) There is a vulnerability [CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5) ``` Name: pghero Version: 2.8.3 CVE: CVE-2023-22626 GHSA: GHSA-vf99-xw26-86g5 Criticality: High URL: https://github.com/ankane/pghero/issues/439 Title: Information Disclosure Through EXPLAIN Feature Solution: upgrade to '>= 3.1.0' ``` --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 6a72fec54..9c1c9586a 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'rack', '~> 2.2.6' gem 'hamlit-rails', '~> 0.2' gem 'pg', '~> 1.4' gem 'makara', '~> 0.5' -gem 'pghero', '~> 2.8' +gem 'pghero' gem 'dotenv-rails', '~> 2.8' gem 'aws-sdk-s3', '~> 1.117', require: false diff --git a/Gemfile.lock b/Gemfile.lock index d700e58c5..e922ebf21 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -468,8 +468,8 @@ GEM pastel (0.8.0) tty-color (~> 0.5) pg (1.4.5) - pghero (2.8.3) - activerecord (>= 5) + pghero (3.1.0) + activerecord (>= 6) pkg-config (1.5.1) posix-spawn (0.3.15) premailer (1.18.0) @@ -830,7 +830,7 @@ DEPENDENCIES ox (~> 2.14) parslet pg (~> 1.4) - pghero (~> 2.8) + pghero pkg-config (~> 1.5) posix-spawn premailer-rails