Merge pull request #13069 from chancancode/json_gem_version

Requires JSON gem version 1.7.7 or above as it contains an important security fix.

2 files changed, 6 insertions, 2 deletions

diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 104b5eafa1..09cee39bca 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   Requires JSON gem version 1.7.7 or above due to a security issue in older versions.
+
+    *Godfrey Chan*
+
 *   Add `ActiveSupport::Testing::TimeHelpers#travel` and `#travel_to`. These methods change current
     time to the given time or time difference by stubbing `Time.now` and `Date.today` to return the
     time or date after the difference calculation, or the time or date that got passed into the
diff --git a/activesupport/activesupport.gemspec b/activesupport/activesupport.gemspec
index c27c50e47b..4fdc697a15 100644
--- a/activesupport/activesupport.gemspec
+++ b/activesupport/activesupport.gemspec
@@ -20,8 +20,8 @@ Gem::Specification.new do |s|
 
   s.rdoc_options.concat ['--encoding',  'UTF-8']
 
-  s.add_dependency('i18n',       '~> 0.6', '>= 0.6.4')
-  s.add_dependency 'json',       '~> 1.7'
+  s.add_dependency 'i18n',       '~> 0.6', '>= 0.6.4'
+  s.add_dependency 'json',       '~> 1.7', '>= 1.7.7'
   s.add_dependency 'tzinfo',     '~> 1.1'
   s.add_dependency 'minitest',   '~> 5.0'
   s.add_dependency 'thread_safe','~> 0.1'