Bump rails to fix CVE-2022-23633

closes #8336

Changelog.md

@@ -1,5 +1,9 @@
 # 0.7.16.0
 
+## Security
+
+* Update rails to fix [CVE-2022-23633](https://github.com/advisories/GHSA-wh98-p28r-vrc9) [#8336](https://github.com/diaspora/diaspora/pull/8336)
+
 ## Refactor
 * Cache local posts/comments count for statistics [#8241](https://github.com/diaspora/diaspora/pull/8241)
 * Fix html-syntax in some handlebars templates [#8251](https://github.com/diaspora/diaspora/pull/8251)
@@ -9,7 +13,7 @@
 
 ## Bug fixes
 * Ensure the log folder exists [#8287](https://github.com/diaspora/diaspora/pull/8287)
-* Limit name length in header [#8313] (https://github.com/diaspora/diaspora/pull/8313)
+* Limit name length in header [#8313](https://github.com/diaspora/diaspora/pull/8313)
 * Fix fallback avatar in hovercards [#8316](https://github.com/diaspora/diaspora/pull/8316)
 * Use old person private key for export if relayable author migrated away [#8310](https://github.com/diaspora/diaspora/pull/8310)
 

Gemfile

@@ -2,7 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "rails", "5.2.6"
+gem "rails", "5.2.6.2"
 
 # Legacy Rails features, remove me!
 # responders (class level)

Gemfile.lock

@@ -2,25 +2,25 @@ GEM
   remote: https://rubygems.org/
   remote: https://gems.diasporafoundation.org/
   specs:
-    actioncable (5.2.6)
+    actioncable (5.2.6.2)
-      actionpack (= 5.2.6)
+      actionpack (= 5.2.6.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.6)
+    actionmailer (5.2.6.2)
-      actionpack (= 5.2.6)
+      actionpack (= 5.2.6.2)
-      actionview (= 5.2.6)
+      actionview (= 5.2.6.2)
-      activejob (= 5.2.6)
+      activejob (= 5.2.6.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.6)
+    actionpack (5.2.6.2)
-      actionview (= 5.2.6)
+      actionview (= 5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.6)
+    actionview (5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -28,22 +28,22 @@ GEM
     active_model_serializers (0.9.7)
       activemodel (>= 3.2)
       concurrent-ruby (~> 1.0)
-    activejob (5.2.6)
+    activejob (5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.6)
+    activemodel (5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
-    activerecord (5.2.6)
+    activerecord (5.2.6.2)
-      activemodel (= 5.2.6)
+      activemodel (= 5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       arel (>= 9.0)
     activerecord-import (1.1.0)
       activerecord (>= 3.2)
-    activestorage (5.2.6)
+    activestorage (5.2.6.2)
-      actionpack (= 5.2.6)
+      actionpack (= 5.2.6.2)
-      activerecord (= 5.2.6)
+      activerecord (= 5.2.6.2)
       marcel (~> 1.0.0)
-    activesupport (5.2.6)
+    activesupport (5.2.6.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -295,7 +295,7 @@ GEM
     gitlab (4.17.0)
       httparty (~> 0.18)
       terminal-table (~> 1.5, >= 1.5.1)
-    globalid (0.5.2)
+    globalid (1.0.0)
       activesupport (>= 5.0)
     gon (6.4.0)
       actionpack (>= 3.0.20)
@@ -337,7 +337,7 @@ GEM
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
-    i18n (1.8.11)
+    i18n (1.9.1)
       concurrent-ruby (~> 1.0)
     i18n-inflector (2.6.7)
       i18n (>= 0.4.1)
@@ -392,7 +392,7 @@ GEM
       multi_json (~> 1.14)
     logging-rails (0.6.0)
       logging (>= 1.8)
-    loofah (2.12.0)
+    loofah (2.14.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     macaddr (1.7.2)
@@ -411,7 +411,7 @@ GEM
     mini_magick (4.11.0)
     mini_mime (1.1.2)
     mini_portile2 (2.6.1)
-    minitest (5.14.4)
+    minitest (5.15.0)
     mobile-fu (1.4.0)
       rack-mobile-detect
       rails
@@ -527,18 +527,18 @@ GEM
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.6)
+    rails (5.2.6.2)
-      actioncable (= 5.2.6)
+      actioncable (= 5.2.6.2)
-      actionmailer (= 5.2.6)
+      actionmailer (= 5.2.6.2)
-      actionpack (= 5.2.6)
+      actionpack (= 5.2.6.2)
-      actionview (= 5.2.6)
+      actionview (= 5.2.6.2)
-      activejob (= 5.2.6)
+      activejob (= 5.2.6.2)
-      activemodel (= 5.2.6)
+      activemodel (= 5.2.6.2)
-      activerecord (= 5.2.6)
+      activerecord (= 5.2.6.2)
-      activestorage (= 5.2.6)
+      activestorage (= 5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       bundler (>= 1.3.0)
-      railties (= 5.2.6)
+      railties (= 5.2.6.2)
       sprockets-rails (>= 2.0.0)
     rails-assets-autosize (4.0.2)
     rails-assets-backbone (1.3.3)
@@ -602,9 +602,9 @@ GEM
     rails-timeago (2.19.1)
       actionpack (>= 3.1)
       activesupport (>= 3.1)
-    railties (5.2.6)
+    railties (5.2.6.2)
-      actionpack (= 5.2.6)
+      actionpack (= 5.2.6.2)
-      activesupport (= 5.2.6)
+      activesupport (= 5.2.6.2)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
@@ -730,7 +730,7 @@ GEM
       unicode-display_width (~> 1.1, >= 1.1.1)
     terser (1.1.7)
       execjs (>= 0.3.0, < 3)
-    thor (1.1.0)
+    thor (1.2.1)
     thread_safe (0.3.6)
     tilt (2.0.10)
     timecop (0.9.4)
@@ -878,7 +878,7 @@ DEPENDENCIES
   rack-piwik (= 0.3.0)
   rack-rewrite (= 1.5.1)
   rack-ssl (= 1.4.1)
-  rails (= 5.2.6)
+  rails (= 5.2.6.2)
   rails-assets-autosize (= 4.0.2)!
   rails-assets-backbone (= 1.3.3)!
   rails-assets-blueimp-gallery (= 2.33.0)!