fix: Downgrade rack-cors to 2.0.0 to fix CVE-2024-27456 (#9032)

2024-02-27 20:20:59 -08:00
parent ac249c75c4
commit dca14ef82d
5 changed files with 9 additions and 6 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -564,7 +564,7 @@ GEM
      rack (>= 1.0, < 4)
    rack-contrib (2.4.0)
      rack (< 4)
-    rack-cors (2.0.1)
+    rack-cors (2.0.0)
      rack (>= 2.0.0)
    rack-mini-profiler (3.2.0)
      rack (>= 1.2.0)
@@ -918,7 +918,7 @@ DEPENDENCIES
  puma
  pundit
  rack-attack (>= 6.7.0)
-  rack-cors
+  rack-cors (= 2.0.0)
  rack-mini-profiler (>= 3.2.0)
  rack-timeout
  rails (~> 7.0.8.1)