ruby-changes:73460
From: Chad <ko1@a...>
Date: Wed, 7 Sep 2022 09:52:07 +0900 (JST)
Subject: [ruby-changes:73460] 1b034d66f5 (master): [ruby/psych] Bump snakeyaml from 1.28 to 1.31
https://git.ruby-lang.org/ruby.git/commit/?id=1b034d66f5 From 1b034d66f529d662b0ae61cba1fb8622dac3169c Mon Sep 17 00:00:00 2001 From: Chad Wilson <chadw@t...> Date: Sun, 4 Sep 2022 00:18:15 +0800 Subject: [ruby/psych] Bump snakeyaml from 1.28 to 1.31 Resolves CVE-2022-25857, among other fixes. https://github.com/ruby/psych/commit/918cd25d37 --- ext/psych/lib/psych/versions.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb index 0fdead154c..f39d30ce5a 100644 --- a/ext/psych/lib/psych/versions.rb +++ b/ext/psych/lib/psych/versions.rb @@ -5,6 +5,6 @@ module Psych https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych/versions.rb#L5 VERSION = '5.0.0.dev' if RUBY_ENGINE == 'jruby' - DEFAULT_SNAKEYAML_VERSION = '1.28'.freeze + DEFAULT_SNAKEYAML_VERSION = '1.31'.freeze end end -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/