fix vulnerability CVE-2019-16109

Name: devise Version: 4.6.2 Advisory: CVE-2019-16109 Criticality: Unknown URL: heartcombo/devise#5071 Title: Devise Gem for Ruby confirmation token validation with a blank string Solution: upgrade to >= 4.7.1
senid231 · Sep 19, 2019 · f755b26 · f755b26
1 parent 49506e2
commit f755b26
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -238,10 +238,10 @@ GEM
     delayed_job_active_record (4.1.3)
       activerecord (>= 3.0, < 5.3)
       delayed_job (>= 3.0, < 5)
-    devise (4.6.2)
+    devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 6.0)
+      railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
     diff-lcs (1.3)