diff options
author | Robert Speicher <robert@gitlab.com> | 2018-09-04 18:03:08 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2018-09-04 18:03:08 +0000 |
commit | 265b49135436af9b8938c4b21b13462f0cfffdcb (patch) | |
tree | a1887ad8cb2fdf787caa7c85178a17bec1e052bf | |
parent | 3e1466d99d7ef34c0b42a07e6db3329896374b41 (diff) | |
parent | 4df16d8d5a1849d89f683b22389ebb5a93823fa0 (diff) | |
download | gitlab-ce-265b49135436af9b8938c4b21b13462f0cfffdcb.tar.gz |
Merge branch '50930-update-rubyzip-to-1-2-2' into 'master'
Update rubyzip gem to 1.2.2 (CVE-2018-1000544)
Closes #50930
See merge request gitlab-org/gitlab-ce!21460
-rw-r--r-- | Gemfile.lock | 2 | ||||
-rw-r--r-- | Gemfile.rails5.lock | 2 | ||||
-rw-r--r-- | changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml | 5 | ||||
-rw-r--r-- | qa/Gemfile.lock | 4 |
4 files changed, 9 insertions, 4 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index b9fa9c74919..91cd360e708 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -801,7 +801,7 @@ GEM sexp_processor (~> 4.1) rubyntlm (0.6.2) rubypants (0.2.0) - rubyzip (1.2.1) + rubyzip (1.2.2) rufus-scheduler (3.4.0) et-orbi (~> 1.0) rugged (0.27.4) diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock index 0171c3564e3..ba9b06a08cb 100644 --- a/Gemfile.rails5.lock +++ b/Gemfile.rails5.lock @@ -809,7 +809,7 @@ GEM sexp_processor (~> 4.1) rubyntlm (0.6.2) rubypants (0.2.0) - rubyzip (1.2.1) + rubyzip (1.2.2) rufus-scheduler (3.4.0) et-orbi (~> 1.0) rugged (0.27.4) diff --git a/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml b/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml new file mode 100644 index 00000000000..be5cc60df64 --- /dev/null +++ b/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml @@ -0,0 +1,5 @@ +--- +title: Update rubyzip to 1.2.2 (CVE-2018-1000544) +merge_request: 21460 +author: Takuya Noguchi +type: security diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 1bc424335f8..8f523e55adc 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -77,7 +77,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) rspec-support (3.7.0) - rubyzip (1.2.1) + rubyzip (1.2.2) selenium-webdriver (3.8.0) childprocess (~> 0.5) rubyzip (~> 1.0) @@ -103,4 +103,4 @@ DEPENDENCIES selenium-webdriver (~> 3.8.0) BUNDLED WITH - 1.16.1 + 1.16.4 |