about summary refs log tree commit diff
diff options
context:
space:
mode:
authorDaigo 3 Dango <zunda@users.noreply.github.com>2021-04-09 00:31:36 +0000
committerGitHub <noreply@github.com>2021-04-09 02:31:36 +0200
commit3f8d0de82e15f80f1dfbd4d93f721b2853538774 (patch)
treef4eef45776865cdfd661ad7d5563dc5bd2970234
parent3f2533ca8e2465fbc742df02741e7dbe633d0da0 (diff)
Upgrade Ruby to 2.7.3 (#16004)
* Upgrade Ruby to 2.7.3

https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows

* Update rexml to 3.2.5

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
-rw-r--r--.ruby-version2
-rw-r--r--Dockerfile2
-rw-r--r--Gemfile.lock4
3 files changed, 4 insertions, 4 deletions
diff --git a/.ruby-version b/.ruby-version
index 37c2961c2..2c9b4ef42 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.7.2
+2.7.3
diff --git a/Dockerfile b/Dockerfile
index 962e5a8c9..ee0fc6e69 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ RUN ARCH= && \
 	mv node-v$NODE_VER-linux-$ARCH /opt/node
 
 # Install Ruby
-ENV RUBY_VER="2.7.2"
+ENV RUBY_VER="2.7.3"
 RUN apt-get update && \
   apt-get install -y --no-install-recommends build-essential \
     bison libyaml-dev libgdbm-dev libreadline-dev libjemalloc-dev \
diff --git a/Gemfile.lock b/Gemfile.lock
index 5ac7c0923..fecaee7f5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -436,7 +436,7 @@ GEM
     parallel (1.20.1)
     parallel_tests (3.6.0)
       parallel
-    parser (3.0.0.0)
+    parser (3.0.1.0)
       ast (~> 2.4.1)
     parslet (2.0.0)
     pastel (0.8.0)
@@ -529,7 +529,7 @@ GEM
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
-    rexml (3.2.4)
+    rexml (3.2.5)
     rotp (6.2.0)
     rpam2 (4.0.2)
     rqrcode (1.2.0)