aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
authorGannon McGibbon <gannon.mcgibbon@gmail.com>2018-11-06 18:05:40 -0500
committerGannon McGibbon <gannon.mcgibbon@gmail.com>2018-11-06 18:06:57 -0500
commite74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 (patch)
tree4e877f54ddac0d36774763fb880cc8b2cf035caf /activesupport
parentbb11a9acab15b87d6074fb6af9405287942a7eee (diff)
downloadrails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.gz
rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.bz2
rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.zip
Amend CVE note and security guide section wordings
Reword first sentence of dep management and CVE section of security guide. Also, reword and move gemspec notes above deps. [ci skip]
Diffstat (limited to 'activesupport')
-rw-r--r--activesupport/activesupport.gemspec6
1 files changed, 3 insertions, 3 deletions
diff --git a/activesupport/activesupport.gemspec b/activesupport/activesupport.gemspec
index 75b38f3552..448a2eeebb 100644
--- a/activesupport/activesupport.gemspec
+++ b/activesupport/activesupport.gemspec
@@ -2,9 +2,6 @@
version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
-# NOTE: There's no need to update dependencies for CVEs in minor
-# releases when users can simply run `bundle update vulnerable_gem`.
-
Gem::Specification.new do |s|
s.platform = Gem::Platform::RUBY
s.name = "activesupport"
@@ -30,6 +27,9 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activesupport/CHANGELOG.md"
}
+ # NOTE: Please read our dependency guidelines before updating versions:
+ # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
+
s.add_dependency "i18n", ">= 0.7", "< 2"
s.add_dependency "tzinfo", "~> 1.1"
s.add_dependency "minitest", "~> 5.1"