From 6274d0e0db5a4b514bbefcc56d5bb3940415287f Mon Sep 17 00:00:00 2001 From: Jordan Bostrom Date: Tue, 28 May 2024 12:00:18 -0400 Subject: [PATCH] rm Ruby 2.4 support to address rexml CVE x --- .github/workflows/main.yml | 2 +- CHANGELOG.md | 1 + Gemfile.lock | 4 +++- memo_wise.gemspec | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 206a69d..7782634 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,7 +14,7 @@ jobs: matrix: # Due to https://github.com/actions/runner/issues/849, we have to use # quotes for '3.0' -- without quotes, CI sees '3' and runs the latest. - ruby: [2.4, 2.5, 2.6, 2.7, '3.0', 3.1, 3.2, jruby, truffleruby-head] + ruby: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, jruby, truffleruby-head] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/CHANGELOG.md b/CHANGELOG.md index ed4826c..236bd9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm - Fixed a bug that overwrote existing self.extended method definitions. [[#324]](https://github.com/panorama-ed/memo_wise/pull/314) - Fixed a bug that overwrote existing self.inherited method definitions. [[#325]](https://github.com/panorama-ed/memo_wise/pull/315) +- Removed Ruby 2.4 (EOL) support to allow upgrading rexml dependency version from a version that includes a [CVE](https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/) [[#336]](https://github.com/panorama-ed/memo_wise/pull/336) _No breaking changes!_ diff --git a/Gemfile.lock b/Gemfile.lock index d1d00d9..99813f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -33,7 +33,8 @@ GEM rake (13.1.0) redcarpet (3.6.0) regexp_parser (2.8.0) - rexml (3.2.5) + rexml (3.2.8) + strscan (>= 3.0.9) rouge (4.1.0) rspec (3.13.0) rspec-core (~> 3.13.0) @@ -82,6 +83,7 @@ GEM simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) slop (3.6.0) + strscan (3.1.0) unicode-display_width (2.4.2) values (1.8.0) webrick (1.8.1) diff --git a/memo_wise.gemspec b/memo_wise.gemspec index 7d5fe41..6c951a6 100644 --- a/memo_wise.gemspec +++ b/memo_wise.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |spec| "marc@usainnov.com", ] - spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0") + spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0") # Specify which files should be added to the gem when it is released. # The `git ls-files -z` loads the files in the RubyGem that have been added