[前][次][番号順一覧][スレッド一覧]

ruby-changes:73460

From: Chad <ko1@a...>
Date: Wed, 7 Sep 2022 09:52:07 +0900 (JST)
Subject: [ruby-changes:73460] 1b034d66f5 (master): [ruby/psych] Bump snakeyaml from 1.28 to 1.31

https://git.ruby-lang.org/ruby.git/commit/?id=1b034d66f5

From 1b034d66f529d662b0ae61cba1fb8622dac3169c Mon Sep 17 00:00:00 2001
From: Chad Wilson <chadw@t...>
Date: Sun, 4 Sep 2022 00:18:15 +0800
Subject: [ruby/psych] Bump snakeyaml from 1.28 to 1.31

Resolves CVE-2022-25857, among other fixes.

https://github.com/ruby/psych/commit/918cd25d37
---
 ext/psych/lib/psych/versions.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb
index 0fdead154c..f39d30ce5a 100644
--- a/ext/psych/lib/psych/versions.rb
+++ b/ext/psych/lib/psych/versions.rb
@@ -5,6 +5,6 @@ module Psych https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych/versions.rb#L5
   VERSION = '5.0.0.dev'
 
   if RUBY_ENGINE == 'jruby'
-    DEFAULT_SNAKEYAML_VERSION = '1.28'.freeze
+    DEFAULT_SNAKEYAML_VERSION = '1.31'.freeze
   end
 end
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]