Fix remaining Dependabot security alerts by mikeland73 · Pull Request #2804 · jetify-com/devbox
- Rails example: Upgrade Rails 7.1.6 → 7.2.3.1 to fix activestorage path traversal/glob injection/DoS/content type bypass, activesupport ReDoS/DoS/XSS, and actionview XSS vulnerabilities - Django example: Update sqlparse 0.5.3 → 0.5.4 (DoS fix) - Drupal example: Update psysh v0.12.15 → v0.12.19 (privilege escalation fix) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Puma 5 is not compatible with Rack 3 which was pulled in by the Rails 7.2 upgrade. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mikeland73
deleted the
mikeland73/fix-remaining-alerts
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters