fix: Downgrade rack-cors to 2.0.0 to fix CVE-2024-27456 (#9032)

2024-02-27 20:20:59 -08:00
parent ac249c75c4
commit dca14ef82d
5 changed files with 9 additions and 6 deletions
--- a/2
+++ b/2
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 ruby '3.2.2'

 ##-- base gems for rails --##
-gem 'rack-cors', require: 'rack/cors'
+gem 'rack-cors', '2.0.0', require: 'rack/cors'
 gem 'rails', '~> 7.0.8.1'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false