Skip to content

Commit

Permalink
Upgrade Sprockets [CVE-2018-3760]
Browse files Browse the repository at this point in the history 
Upgrade the Sprockets gem to patch for
[CVE-2018-3760](https://nvd.nist.gov/vuln/detail/CVE-2018-3760)

The actual sprockets CVE doesn't affect Supermarket because it does
not do asset compilation during the request/response cycle. However,
this will upgrade the gem to clear a bundle-audit failure.

Fixes #1742

Signed-off-by: pwelch <pwelch@chef.io>
  • Loading branch information
pwelch committed Jul 1, 2018
1 parent 8403f4f commit a098af3
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/supermarket/Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,7 +412,7 @@ GEM
public_suffix (2.0.5)
pundit (1.1.0)
activesupport (>= 3.0.0)
rack (2.0.4)
rack (2.0.5)
rack-protection (2.0.1)
rack
rack-test (0.6.3)
Expand Down Expand Up @@ -555,7 +555,7 @@ GEM
activesupport (>= 4.2)
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
sprockets (3.7.1)
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.0)
Expand Down

0 comments on commit a098af3

Please sign in to comment.