Merge pull request #168 from wardencommunity/security-vuln-patch

jsmestad · web-flow · commit 61b22a6ffb53 · 2018-11-15T16:33:00.000-07:00
Update to rack &gt;= 2.0.6 due to XSS security vulnerability.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,8 @@
-== Version 1.2.8 / Not released
+== Version 1.2.8 / 2018-11-15
 * Bugfix: Flips two lines to allow scopes authenticating from another without stepping on each other's toes. (PR #144)
+* Update `rack` dependency to >= 2.0.6 due to security vulnerability
 * Internal: Add Rubocop Lint checking
 * Internal: Update RSpec to use `.rspec` file
-* Internal: Update `rack` dependency to 2.x
 
 == Version 1.2.7 / 2016-10-12
 * Added 'frozen_string_literal' comment, bump ruby to 2.3
diff --git a/Gemfile b/Gemfile
@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'rake'
-gem 'rack', '~> 2.0'
+gem 'rack', '>= 2.0.6'
 
 group :test do
   gem 'rspec', '~>3'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,13 +2,13 @@ PATH
   remote: .
   specs:
     warden (1.2.8)
-      rack (>= 1.0)
+      rack (>= 2.0.6)
 
 GEM
   remote: https://rubygems.org/
   specs:
     diff-lcs (1.3)
-    rack (2.0.3)
+    rack (2.0.6)
     rack-test (0.7.0)
       rack (>= 1.0, < 3)
     rake (12.1.0)
@@ -30,11 +30,11 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  rack (~> 2.0)
+  rack (>= 2.0.6)
   rack-test
   rake
   rspec (~> 3)
   warden!
 
 BUNDLED WITH
-   1.16.0.pre.2
+   1.17.1
diff --git a/warden.gemspec b/warden.gemspec
@@ -23,5 +23,5 @@ Gem::Specification.new do |spec|
   spec.rdoc_options = ["--charset=UTF-8"]
   spec.require_paths = ["lib"]
   spec.rubyforge_project = %q{warden}
-  spec.add_dependency "rack", ">= 1.0"
+  spec.add_dependency "rack", ">= 2.0.6"
 end
