aboutsummaryrefslogtreecommitdiffstats
path: root/activejob/activejob.gemspec
diff options
context:
space:
mode:
Diffstat (limited to 'activejob/activejob.gemspec')
-rw-r--r--activejob/activejob.gemspec6
1 files changed, 3 insertions, 3 deletions
diff --git a/activejob/activejob.gemspec b/activejob/activejob.gemspec
index cc27deb338..cd7ac210ec 100644
--- a/activejob/activejob.gemspec
+++ b/activejob/activejob.gemspec
@@ -2,9 +2,6 @@
version = File.read(File.expand_path("../RAILS_VERSION", __dir__)).strip
-# NOTE: There's no need to update dependencies for CVEs in minor
-# releases when users can simply run `bundle update vulnerable_gem`.
-
Gem::Specification.new do |s|
s.platform = Gem::Platform::RUBY
s.name = "activejob"
@@ -28,6 +25,9 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/activejob/CHANGELOG.md"
}
+ # NOTE: Please read our dependency guidelines before updating versions:
+ # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
+
s.add_dependency "activesupport", version
s.add_dependency "globalid", ">= 0.3.6"
end