diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2018-11-06 18:23:29 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-06 18:23:29 -0500 |
| commit | 133e0ba33db5887b047c9ac8233e5b414657bca5 (patch) | |
| tree | d96fbfa7fc259a20d340727e706417efc88a77cb /railties | |
| parent | 90ee327b632f454c3cd7265be5f96a74d160c536 (diff) | |
| parent | e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 (diff) | |
| download | rails-133e0ba33db5887b047c9ac8233e5b414657bca5.tar.gz rails-133e0ba33db5887b047c9ac8233e5b414657bca5.tar.bz2 rails-133e0ba33db5887b047c9ac8233e5b414657bca5.zip | |
Merge pull request #34392 from gmcgibbon/gem_security_note_amend
Amend CVE note and security guide section wordings
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/railties.gemspec | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/railties/railties.gemspec b/railties/railties.gemspec index 98155a35e3..4e4a504c97 100644 --- a/railties/railties.gemspec +++ b/railties/railties.gemspec @@ -2,9 +2,6 @@ version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip -# NOTE: There's no need to update dependencies for CVEs in minor -# releases when users can simply run `bundle update vulnerable_gem`. - Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.name = "railties" @@ -33,6 +30,9 @@ Gem::Specification.new do |s| "changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md" } + # NOTE: Please read our dependency guidelines before updating versions: + # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves + s.add_dependency "activesupport", version s.add_dependency "actionpack", version |