Version 6.1.7.1

Gemfile.lock

@@ -30,83 +30,83 @@ GIT
 PATH
  remote: .
  specs:
- actioncable (6.1.7)
- actionpack (= 6.1.7)
- activesupport (= 6.1.7)
+ actioncable (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  nio4r (~> 2.0)
  websocket-driver (>= 0.6.1)
- actionmailbox (6.1.7)
- actionpack (= 6.1.7)
- activejob (= 6.1.7)
- activerecord (= 6.1.7)
- activestorage (= 6.1.7)
- activesupport (= 6.1.7)
+ actionmailbox (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ activejob (= 6.1.7.1)
+ activerecord (= 6.1.7.1)
+ activestorage (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  mail (>= 2.7.1)
- actionmailer (6.1.7)
- actionpack (= 6.1.7)
- actionview (= 6.1.7)
- activejob (= 6.1.7)
- activesupport (= 6.1.7)
+ actionmailer (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ actionview (= 6.1.7.1)
+ activejob (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  mail (~> 2.5, >= 2.5.4)
  rails-dom-testing (~> 2.0)
- actionpack (6.1.7)
- actionview (= 6.1.7)
- activesupport (= 6.1.7)
+ actionpack (6.1.7.1)
+ actionview (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  rack (~> 2.0, >= 2.0.9)
  rack-test (>= 0.6.3)
  rails-dom-testing (~> 2.0)
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (6.1.7)
- actionpack (= 6.1.7)
- activerecord (= 6.1.7)
- activestorage (= 6.1.7)
- activesupport (= 6.1.7)
+ actiontext (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ activerecord (= 6.1.7.1)
+ activestorage (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  nokogiri (>= 1.8.5)
- actionview (6.1.7)
- activesupport (= 6.1.7)
+ actionview (6.1.7.1)
+ activesupport (= 6.1.7.1)
  builder (~> 3.1)
  erubi (~> 1.4)
  rails-dom-testing (~> 2.0)
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (6.1.7)
- activesupport (= 6.1.7)
+ activejob (6.1.7.1)
+ activesupport (= 6.1.7.1)
  globalid (>= 0.3.6)
- activemodel (6.1.7)
- activesupport (= 6.1.7)
- activerecord (6.1.7)
- activemodel (= 6.1.7)
- activesupport (= 6.1.7)
- activestorage (6.1.7)
- actionpack (= 6.1.7)
- activejob (= 6.1.7)
- activerecord (= 6.1.7)
- activesupport (= 6.1.7)
+ activemodel (6.1.7.1)
+ activesupport (= 6.1.7.1)
+ activerecord (6.1.7.1)
+ activemodel (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
+ activestorage (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ activejob (= 6.1.7.1)
+ activerecord (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  marcel (~> 1.0)
  mini_mime (>= 1.1.0)
- activesupport (6.1.7)
+ activesupport (6.1.7.1)
  concurrent-ruby (~> 1.0, >= 1.0.2)
  i18n (>= 1.6, < 2)
  minitest (>= 5.1)
  tzinfo (~> 2.0)
  zeitwerk (~> 2.3)
- rails (6.1.7)
- actioncable (= 6.1.7)
- actionmailbox (= 6.1.7)
- actionmailer (= 6.1.7)
- actionpack (= 6.1.7)
- actiontext (= 6.1.7)
- actionview (= 6.1.7)
- activejob (= 6.1.7)
- activemodel (= 6.1.7)
- activerecord (= 6.1.7)
- activestorage (= 6.1.7)
- activesupport (= 6.1.7)
+ rails (6.1.7.1)
+ actioncable (= 6.1.7.1)
+ actionmailbox (= 6.1.7.1)
+ actionmailer (= 6.1.7.1)
+ actionpack (= 6.1.7.1)
+ actiontext (= 6.1.7.1)
+ actionview (= 6.1.7.1)
+ activejob (= 6.1.7.1)
+ activemodel (= 6.1.7.1)
+ activerecord (= 6.1.7.1)
+ activestorage (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  bundler (>= 1.15.0)
- railties (= 6.1.7)
+ railties (= 6.1.7.1)
  sprockets-rails (>= 2.0.0)
- railties (6.1.7)
- actionpack (= 6.1.7)
- activesupport (= 6.1.7)
+ railties (6.1.7.1)
+ actionpack (= 6.1.7.1)
+ activesupport (= 6.1.7.1)
  method_source
  rake (>= 12.2)
  thor (~> 1.0)
@@ -216,7 +216,7 @@ GEM
  http_parser.rb (>= 0.6.0)
  em-socksify (0.3.2)
  eventmachine (>= 1.0.0.beta.4)
- erubi (1.11.0)
+ erubi (1.12.0)
  et-orbi (1.2.4)
  tzinfo
  event_emitter (0.2.6)
@@ -304,11 +304,14 @@ GEM
  listen (3.5.1)
  rb-fsevent (~> 0.10, >= 0.10.3)
  rb-inotify (~> 0.9, >= 0.9.10)
- loofah (2.18.0)
+ loofah (2.19.1)
  crass (~> 1.0.2)
  nokogiri (>= 1.5.9)
- mail (2.7.1)
+ mail (2.8.0)
  mini_mime (>= 0.1.1)
+ net-imap
+ net-pop
+ net-smtp
  marcel (1.0.2)
  matrix (0.4.2)
  memoist (0.16.2)
@@ -380,8 +383,8 @@ GEM
  rails-dom-testing (2.0.3)
  activesupport (>= 4.2.0)
  nokogiri (>= 1.6)
- rails-html-sanitizer (1.4.3)
- loofah (~> 2.3)
+ rails-html-sanitizer (1.4.4)
+ loofah (~> 2.19, >= 2.19.1)
  rainbow (3.0.0)
  rake (13.0.3)
  rb-fsevent (0.10.4)
@@ -535,7 +538,7 @@ GEM
  websocket-extensions (0.1.5)
  xpath (3.2.0)
  nokogiri (~> 1.8)
- zeitwerk (2.6.0)
+ zeitwerk (2.6.6)
 
 PLATFORMS
  ruby

RAILS_VERSION

@@ -1 +1 @@
-6.1.7
+6.1.7.1

actioncable/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actioncable/lib/action_cable/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actioncable/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@rails/actioncable",
- "version": "6.1.7",
+ "version": "6.1.7-1",
  "description": "WebSocket framework for Ruby on Rails.",
  "main": "app/assets/javascripts/action_cable.js",
  "files": [

actionmailbox/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actionmailbox/lib/action_mailbox/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actionmailer/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actionmailer/lib/action_mailer/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actionpack/CHANGELOG.md

@@ -1,3 +1,14 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* Avoid regex backtracking on If-None-Match header
+
+ [CVE-2023-22795]
+
+* Use string#split instead of regex for domain parts
+
+ [CVE-2023-22792]
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actionpack/lib/action_pack/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actiontext/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actiontext/lib/action_text/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actiontext/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@rails/actiontext",
- "version": "6.1.7",
+ "version": "6.1.7-1",
  "description": "Edit and display rich text in Rails applications",
  "main": "app/javascript/actiontext/index.js",
  "files": [

actionview/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

actionview/lib/action_view/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

actionview/package.json

@@ -1,6 +1,6 @@
 {
  "name": "@rails/ujs",
- "version": "6.1.7",
+ "version": "6.1.7-1",
  "description": "Ruby on Rails unobtrusive scripting adapter",
  "main": "lib/assets/compiled/rails-ujs.js",
  "files": [

activejob/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

activejob/lib/active_job/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

activemodel/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* No changes.
+
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * No changes.

activemodel/lib/active_model/gem_version.rb

@@ -10,7 +10,7 @@ module VERSION
  MAJOR = 6
  MINOR = 1
  TINY = 7
- PRE = nil
+ PRE = "1"
 
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
  end

activerecord/CHANGELOG.md

@@ -1,3 +1,33 @@
+## Rails 6.1.7.1 (January 17, 2023) ##
+
+* Make sanitize_as_sql_comment more strict
+
+ Though this method was likely never meant to take user input, it was
+ attempting sanitization. That sanitization could be bypassed with
+ carefully crafted input.
+
+ This commit makes the sanitization more robust by replacing any
+ occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
+ first pass to remove one surrounding comment to avoid compatibility
+ issues for users relying on the existing removal.
+
+ This also clarifies in the documentation of annotate that it should not
+ be provided user input.
+
+ [CVE-2023-22794]
+
+* Added integer width check to PostgreSQL::Quoting
+
+ Given a value outside the range for a 64bit signed integer type
+ PostgreSQL will treat the column type as numeric. Comparing
+ integer values against numeric values can result in a slow
+ sequential scan.
+
+ This behavior is configurable via
+ ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
+
+ [CVE-2022-44566]
+
 ## Rails 6.1.7 (September 09, 2022) ##
 
 * Symbol is allowed by default for YAML columns