From 8c1fa32559d4d35389311d304790cd39ee6c0548 Mon Sep 17 00:00:00 2001 From: Jordan Bostrom Date: Tue, 28 May 2024 12:00:18 -0400 Subject: [PATCH] rm Ruby 2.4 support to address rexml CVE --- .github/workflows/main.yml | 2 +- CHANGELOG.md | 11 ++++++++++- Gemfile.lock | 6 ++++-- lib/memo_wise/version.rb | 2 +- memo_wise.gemspec | 2 +- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 206a69d..7782634 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,7 +14,7 @@ jobs: matrix: # Due to https://github.com/actions/runner/issues/849, we have to use # quotes for '3.0' -- without quotes, CI sees '3' and runs the latest. - ruby: [2.4, 2.5, 2.6, 2.7, '3.0', 3.1, 3.2, jruby, truffleruby-head] + ruby: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, jruby, truffleruby-head] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/CHANGELOG.md b/CHANGELOG.md index ed4826c..6b96a1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,12 +5,21 @@ follows a format inspired by [Keep a Changelog](https://keepachangelog.com/en/1. This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased](https://github.com/panorama-ed/memo_wise/compare/v1.8.0...HEAD) +## [Unreleased](https://github.com/panorama-ed/memo_wise/compare/v1.9.0...HEAD) + +**Gem enhancements:** + +_No breaking changes!_ + +**Project enhancements:** + +## [v1.9.0](https://github.com/panorama-ed/memo_wise/compare/v1.8.0...v1.9.0) **Gem enhancements:** - Fixed a bug that overwrote existing self.extended method definitions. [[#324]](https://github.com/panorama-ed/memo_wise/pull/314) - Fixed a bug that overwrote existing self.inherited method definitions. [[#325]](https://github.com/panorama-ed/memo_wise/pull/315) +- Removed Ruby 2.4 (EOL) support to allow upgrading rexml dependency version from a version that includes a [CVE](https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/) [[#336]](https://github.com/panorama-ed/memo_wise/pull/336) _No breaking changes!_ diff --git a/Gemfile.lock b/Gemfile.lock index d1d00d9..a460152 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - memo_wise (1.8.0) + memo_wise (1.9.0) GEM remote: https://rubygems.org/ @@ -33,7 +33,8 @@ GEM rake (13.1.0) redcarpet (3.6.0) regexp_parser (2.8.0) - rexml (3.2.5) + rexml (3.2.8) + strscan (>= 3.0.9) rouge (4.1.0) rspec (3.13.0) rspec-core (~> 3.13.0) @@ -82,6 +83,7 @@ GEM simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) slop (3.6.0) + strscan (3.1.0) unicode-display_width (2.4.2) values (1.8.0) webrick (1.8.1) diff --git a/lib/memo_wise/version.rb b/lib/memo_wise/version.rb index 2511cc8..d30d3bc 100644 --- a/lib/memo_wise/version.rb +++ b/lib/memo_wise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module MemoWise - VERSION = "1.8.0" + VERSION = "1.9.0" end diff --git a/memo_wise.gemspec b/memo_wise.gemspec index 7d5fe41..6c951a6 100644 --- a/memo_wise.gemspec +++ b/memo_wise.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |spec| "marc@usainnov.com", ] - spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0") + spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0") # Specify which files should be added to the gem when it is released. # The `git ls-files -z` loads the files in the RubyGem that have been added