diff options
author | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2018-11-06 18:05:40 -0500 |
---|---|---|
committer | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2018-11-06 18:06:57 -0500 |
commit | e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 (patch) | |
tree | 4e877f54ddac0d36774763fb880cc8b2cf035caf /activemodel | |
parent | bb11a9acab15b87d6074fb6af9405287942a7eee (diff) | |
download | rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.gz rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.bz2 rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.zip |
Amend CVE note and security guide section wordings
Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.
[ci skip]
Diffstat (limited to 'activemodel')
-rw-r--r-- | activemodel/activemodel.gemspec | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/activemodel/activemodel.gemspec b/activemodel/activemodel.gemspec index 22ca37071c..493fca698a 100644 --- a/activemodel/activemodel.gemspec +++ b/activemodel/activemodel.gemspec @@ -2,9 +2,6 @@ version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip -# NOTE: There's no need to update dependencies for CVEs in minor -# releases when users can simply run `bundle update vulnerable_gem`. - Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.name = "activemodel" @@ -28,5 +25,8 @@ Gem::Specification.new do |s| "changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activemodel/CHANGELOG.md" } + # NOTE: Please read our dependency guidelines before updating versions: + # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves + s.add_dependency "activesupport", version end |