fix(pghero): update because CVE-2023-22626 (mastodon#23190)

There is a vulnerability [CVE-2023-22626](GHSA-vf99-xw26-86g5) ``` Name: pghero Version: 2.8.3 CVE: CVE-2023-22626 GHSA: GHSA-vf99-xw26-86g5 Criticality: High URL: ankane/pghero#439 Title: Information Disclosure Through EXPLAIN Feature Solution: upgrade to '>= 3.1.0' ```
atsu1125 · Dec 2, 2024 · a4ed734 · a4ed734
1 parent 8e8b6e5
commit a4ed734
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/Gemfile b/Gemfile
@@ -15,8 +15,8 @@ gem 'rack', '~> 2.2.3'
 gem 'hamlit-rails', '~> 0.2'
 gem 'pg', '~> 1.3'
 gem 'makara', '~> 0.5'
-gem 'pghero', '~> 2.8'
-gem 'dotenv-rails', '~> 2.7'
+gem 'pghero'
+gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.112', require: false
 gem 'fog-core', '<= 2.1.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -193,9 +193,9 @@ GEM
       unf (>= 0.0.5, < 1.0.0)
     doorkeeper (5.5.4)
       railties (>= 5)
-    dotenv (2.7.6)
-    dotenv-rails (2.7.6)
-      dotenv (= 2.7.6)
+    dotenv (2.8.1)
+    dotenv-rails (2.8.1)
+      dotenv (= 2.8.1)
       railties (>= 3.2)
     e2mmap (0.1.0)
     ed25519 (1.3.0)
@@ -431,10 +431,10 @@ GEM
     parslet (2.0.0)
     pastel (0.8.0)
       tty-color (~> 0.5)
-    pg (1.3.1)
-    pghero (2.8.2)
-      activerecord (>= 5)
-    pkg-config (1.4.7)
+    pg (1.4.5)
+    pghero (3.1.0)
+      activerecord (>= 6)
+    pkg-config (1.5.1)
     posix-spawn (0.3.15)
     premailer (1.14.2)
       addressable
@@ -727,7 +727,7 @@ DEPENDENCIES
   devise_pam_authenticatable2 (~> 9.2)
   discard (~> 1.2)
   doorkeeper (~> 5.5)
-  dotenv-rails (~> 2.7)
+  dotenv-rails (~> 2.8)
   ed25519 (~> 1.3)
   fabrication (~> 2.27)
   faker (~> 2.19)
@@ -771,7 +771,7 @@ DEPENDENCIES
   ox (~> 2.14)
   parslet
   pg (~> 1.3)
-  pghero (~> 2.8)
+  pghero
   pkg-config (~> 1.4)
   posix-spawn
   premailer-rails