diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67412b781..25e7a7a57 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: with: bundler-cache: true - name: Security audit dependencies - run: bundle exec bundler-audit --update --ignore CVE-2023-31606 CVE-2023-50724 CVE-2023-50725 CVE-2023-50727 + run: bundle exec bundler-audit --update --ignore CVE-2023-50724 CVE-2023-50725 CVE-2023-50727 - name: Security audit ruby run: bundle exec ruby-audit update && bundle exec ruby-audit check --ignore CVE-2021-33621 CVE-2024-27282 - name: Security audit application code diff --git a/CHANGELOG b/CHANGELOG index 03fff8c2a..55bfacd19 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,7 +1,7 @@ [v#.#.#] ([month] [YYYY]) - Attachments: Copy attachments when moving an evidence/note - Liquid: Make project-level collections available for Liquid syntax - - Upgraded gems: nokogiri, rails, rexml + - Upgraded gems: nokogiri, rails, redcloth, rexml - Bugs fixes: - Navigation: Restore functionality of native browser back/forward buttons - Bug tracker items: diff --git a/Gemfile b/Gemfile index 371456986..ebe24db83 100644 --- a/Gemfile +++ b/Gemfile @@ -98,7 +98,7 @@ gem 'nokogiri', '>= 1.16.2' gem 'rails-html-sanitizer', '~> 1.4.4' # Textile markup -gem 'RedCloth', '~> 4.3.2', require: 'redcloth' +gem 'RedCloth', '~> 4.3.4', require: 'redcloth' # html-pipeline dependency for auto-linking gem 'rinku' diff --git a/Gemfile.lock b/Gemfile.lock index 1116cb2a2..d927d847b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,7 +7,7 @@ PATH GEM remote: https://rubygems.org/ specs: - RedCloth (4.3.2) + RedCloth (4.3.4) actioncable (7.0.8.4) actionpack (= 7.0.8.4) activesupport (= 7.0.8.4) @@ -515,7 +515,7 @@ PLATFORMS x86_64-linux DEPENDENCIES - RedCloth (~> 4.3.2) + RedCloth (~> 4.3.4) acts_as_tree (~> 2.9.1) bcrypt (= 3.1.12) bootsnap (>= 1.12.0)