fix(security): CVE-2020-8184 and CVE-2020-10663

apiaryio · Feb 25, 2021 · e269850 · e269850
1 parent b51815b
commit e269850
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,9 +37,11 @@ Gemfile.lock
 
 # testing
 spec/fixtures/test.html
+rules.json
+functions.js
 
 # idea ide
 /.idea
 
 # netbeans IDE
-/nbproject
+/nbproject
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## 0.15.0
 * fix: change domain from docs.<subdomain>.apiary.io to <subdomain>.docs.apiary.io
+* fix(security): [CVE-2020-10663](https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/) and [CVE-2020-8184](https://nvd.nist.gov/vuln/detail/CVE-2020-8184)
 ## 0.14.1
 * fix: [update rack to 2.1.4](https://github.com/advisories/GHSA-j6w9-fv6q-3q52)
 

diff --git a/apiary.gemspec b/apiary.gemspec
@@ -24,9 +24,9 @@ Gem::Specification.new do |gem|
   gem.require_paths = ['lib']
 
   gem.add_runtime_dependency 'rest-client', '~> 2.0'
-  gem.add_runtime_dependency 'rack', '>= 2.1.4'
+  gem.add_runtime_dependency 'rack', '>= 2.2.3'
   gem.add_runtime_dependency 'thor', '~> 0.20.3'
-  gem.add_runtime_dependency 'json', '~> 2.1'
+  gem.add_runtime_dependency 'json', '>= 2.3.0'
   gem.add_runtime_dependency 'launchy', '~> 2.4'
   gem.add_runtime_dependency 'listen', '~> 3.0'