Проблема с обновлением рельсов (не удалось найти gem «rails (~> 5.2.8, >= 5.2.8.15)» в репозитории rubygems https://rubygems.org/ или установить локально.)

Итак, у меня есть следующая уязвимость безопасности в activesupport, activerecord и actionpack.

Name: actionpack
Version: 5.2.8.1
CVE: CVE-2023-22792
GHSA: GHSA-p84v-45xj-wwqj
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'

Name: activerecord
Version: 5.2.8.1
CVE: CVE-2022-44566
GHSA: GHSA-579w-22j4-4749
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'

Name: activesupport
Version: 5.2.8.1
CVE: CVE-2023-22796
GHSA: GHSA-j6gc-792m-qgm2
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Active Support’s underscore
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'

моя версия рельсов из gemfile

gem 'rails', '~> 5.2.8', '>= 5.2.8.1'

как следует из решения upgrade to '~> 5.2.8, >= 5.2.8.15' кажется следующим шагом. поэтому я изменил gemfile следующим образом:

gem 'rails', '~> 5.2.8', '>= 5.2.8.15'

а затем bundle install' | I've also done bundle update`, который дает тот же результат, что и следующий

Fetching gem metadata from https://rubygems.org/..........
Could not find gem 'rails (~> 5.2.8, >= 5.2.8.15)' in rubygems repository https://rubygems.org/ or installed locally.

The source contains the following gems matching 'rails':
  * rails-0.8.0
  * rails-0.8.5
  * rails-0.9.0
  * rails-0.9.1
  * rails-0.9.2
  * rails-0.9.3
  * rails-0.9.4
  * rails-0.9.4.1
  * rails-0.9.5
  * rails-0.10.0
  * rails-0.10.1
  * rails-0.11.0
  * rails-0.11.1
  * rails-0.12.0
  * rails-0.12.1
  * rails-0.13.0
  * rails-0.13.1
  * rails-0.14.1
  * rails-0.14.2
  * rails-0.14.3
  * rails-0.14.4
  * rails-1.0.0
  * rails-1.1.0
  * rails-1.1.1
  * rails-1.1.2
  * rails-1.1.3
  * rails-1.1.4
  * rails-1.1.5
  * rails-1.1.6
  * rails-1.2.0
  * rails-1.2.1
  * rails-1.2.2
  * rails-1.2.3
  * rails-1.2.4
  * rails-1.2.5
  * rails-1.2.6
  * rails-2.0.0
  * rails-2.0.1
  * rails-2.0.2
  * rails-2.0.4
  * rails-2.0.5
  * rails-2.1.0
  * rails-2.1.1
  * rails-2.1.2
  * rails-2.2.2
  * rails-2.2.3
  * rails-2.3.2
  * rails-2.3.3
  * rails-2.3.4
  * rails-2.3.5
  * rails-2.3.6
  * rails-2.3.7
  * rails-2.3.8.pre1
  * rails-2.3.8
  * rails-2.3.9.pre
  * rails-2.3.9
  * rails-2.3.10
  * rails-2.3.11
  * rails-2.3.12
  * rails-2.3.14
  * rails-2.3.15
  * rails-2.3.16
  * rails-2.3.17
  * rails-2.3.18
  * rails-3.0.0.beta
  * rails-3.0.0.beta2
  * rails-3.0.0.beta3
  * rails-3.0.0.beta4
  * rails-3.0.0.rc
  * rails-3.0.0.rc2
  * rails-3.0.0
  * rails-3.0.1
  * rails-3.0.2
  * rails-3.0.3
  * rails-3.0.4.rc1
  * rails-3.0.4
  * rails-3.0.5.rc1
  * rails-3.0.5
  * rails-3.0.6.rc1
  * rails-3.0.6.rc2
  * rails-3.0.6
  * rails-3.0.7.rc1
  * rails-3.0.7.rc2
  * rails-3.0.7
  * rails-3.0.8.rc1
  * rails-3.0.8.rc2
  * rails-3.0.8.rc4
  * rails-3.0.8
  * rails-3.0.9.rc1
  * rails-3.0.9.rc3
  * rails-3.0.9.rc4
  * rails-3.0.9.rc5
  * rails-3.0.9
  * rails-3.0.10.rc1
  * rails-3.0.10
  * rails-3.0.11
  * rails-3.0.12.rc1
  * rails-3.0.12
  * rails-3.0.13.rc1
  * rails-3.0.13
  * rails-3.0.14
  * rails-3.0.15
  * rails-3.0.16
  * rails-3.0.17
  * rails-3.0.18
  * rails-3.0.19
  * rails-3.0.20
  * rails-3.1.0.beta1
  * rails-3.1.0.rc1
  * rails-3.1.0.rc2
  * rails-3.1.0.rc3
  * rails-3.1.0.rc4
  * rails-3.1.0.rc5
  * rails-3.1.0.rc6
  * rails-3.1.0.rc8
  * rails-3.1.0
  * rails-3.1.1.rc1
  * rails-3.1.1.rc2
  * rails-3.1.1.rc3
  * rails-3.1.1
  * rails-3.1.2.rc1
  * rails-3.1.2.rc2
  * rails-3.1.2
  * rails-3.1.3
  * rails-3.1.4.rc1
  * rails-3.1.4
  * rails-3.1.5.rc1
  * rails-3.1.5
  * rails-3.1.6
  * rails-3.1.7
  * rails-3.1.8
  * rails-3.1.9
  * rails-3.1.10
  * rails-3.1.11
  * rails-3.1.12
  * rails-3.2.0.rc1
  * rails-3.2.0.rc2
  * rails-3.2.0
  * rails-3.2.1
  * rails-3.2.2.rc1
  * rails-3.2.2
  * rails-3.2.3.rc1
  * rails-3.2.3.rc2
  * rails-3.2.3
  * rails-3.2.4.rc1
  * rails-3.2.4
  * rails-3.2.5
  * rails-3.2.6
  * rails-3.2.7.rc1
  * rails-3.2.7
  * rails-3.2.8.rc1
  * rails-3.2.8.rc2
  * rails-3.2.8
  * rails-3.2.9.rc1
  * rails-3.2.9.rc2
  * rails-3.2.9.rc3
  * rails-3.2.9
  * rails-3.2.10
  * rails-3.2.11
  * rails-3.2.12
  * rails-3.2.13.rc1
  * rails-3.2.13.rc2
  * rails-3.2.13
  * rails-3.2.14.rc1
  * rails-3.2.14.rc2
  * rails-3.2.14
  * rails-3.2.15.rc1
  * rails-3.2.15.rc2
  * rails-3.2.15.rc3
  * rails-3.2.15
  * rails-3.2.16
  * rails-3.2.17
  * rails-3.2.18
  * rails-3.2.19
  * rails-3.2.20
  * rails-3.2.21
  * rails-3.2.22
  * rails-3.2.22.1
  * rails-3.2.22.2
  * rails-3.2.22.3
  * rails-3.2.22.4
  * rails-3.2.22.5
  * rails-4.0.0.beta1
  * rails-4.0.0.rc1
  * rails-4.0.0.rc2
  * rails-4.0.0
  * rails-4.0.1.rc1
  * rails-4.0.1.rc2
  * rails-4.0.1.rc3
  * rails-4.0.1.rc4
  * rails-4.0.1
  * rails-4.0.2
  * rails-4.0.3
  * rails-4.0.4.rc1
  * rails-4.0.4
  * rails-4.0.5
  * rails-4.0.6.rc1
  * rails-4.0.6.rc2
  * rails-4.0.6.rc3
  * rails-4.0.6
  * rails-4.0.7
  * rails-4.0.8
  * rails-4.0.9
  * rails-4.0.10.rc1
  * rails-4.0.10.rc2
  * rails-4.0.10
  * rails-4.0.11
  * rails-4.0.11.1
  * rails-4.0.12
  * rails-4.0.13.rc1
  * rails-4.0.13
  * rails-4.1.0.beta1
  * rails-4.1.0.beta2
  * rails-4.1.0.rc1
  * rails-4.1.0.rc2
  * rails-4.1.0
  * rails-4.1.1
  * rails-4.1.2.rc1
  * rails-4.1.2.rc2
  * rails-4.1.2.rc3
  * rails-4.1.2
  * rails-4.1.3
  * rails-4.1.4
  * rails-4.1.5
  * rails-4.1.6.rc1
  * rails-4.1.6.rc2
  * rails-4.1.6
  * rails-4.1.7
  * rails-4.1.7.1
  * rails-4.1.8
  * rails-4.1.9.rc1
  * rails-4.1.9
  * rails-4.1.10.rc1
  * rails-4.1.10.rc2
  * rails-4.1.10.rc3
  * rails-4.1.10.rc4
  * rails-4.1.10
  * rails-4.1.11
  * rails-4.1.12.rc1
  * rails-4.1.12
  * rails-4.1.13.rc1
  * rails-4.1.13
  * rails-4.1.14.rc1
  * rails-4.1.14.rc2
  * rails-4.1.14
  * rails-4.1.14.1
  * rails-4.1.14.2
  * rails-4.1.15.rc1
  * rails-4.1.15
  * rails-4.1.16.rc1
  * rails-4.1.16
  * rails-4.2.0.beta1
  * rails-4.2.0.beta2
  * rails-4.2.0.beta3
  * rails-4.2.0.beta4
  * rails-4.2.0.rc1
  * rails-4.2.0.rc2
  * rails-4.2.0.rc3
  * rails-4.2.0
  * rails-4.2.1.rc1
  * rails-4.2.1.rc2
  * rails-4.2.1.rc3
  * rails-4.2.1.rc4
  * rails-4.2.1
  * rails-4.2.2
  * rails-4.2.3.rc1
  * rails-4.2.3
  * rails-4.2.4.rc1
  * rails-4.2.4
  * rails-4.2.5.rc1
  * rails-4.2.5.rc2
  * rails-4.2.5
  * rails-4.2.5.1
  * rails-4.2.5.2
  * rails-4.2.6.rc1
  * rails-4.2.6
  * rails-4.2.7.rc1
  * rails-4.2.7
  * rails-4.2.7.1
  * rails-4.2.8.rc1
  * rails-4.2.8
  * rails-4.2.9.rc1
  * rails-4.2.9.rc2
  * rails-4.2.9
  * rails-4.2.10.rc1
  * rails-4.2.10
  * rails-4.2.11
  * rails-4.2.11.1
  * rails-4.2.11.2
  * rails-4.2.11.3
  * rails-5.0.0.beta1
  * rails-5.0.0.beta1.1
  * rails-5.0.0.beta2
  * rails-5.0.0.beta3
  * rails-5.0.0.beta4
  * rails-5.0.0.racecar1
  * rails-5.0.0.rc1
  * rails-5.0.0.rc2
  * rails-5.0.0
  * rails-5.0.0.1
  * rails-5.0.1.rc1
  * rails-5.0.1.rc2
  * rails-5.0.1
  * rails-5.0.2.rc1
  * rails-5.0.2
  * rails-5.0.3
  * rails-5.0.4.rc1
  * rails-5.0.4
  * rails-5.0.5.rc1
  * rails-5.0.5.rc2
  * rails-5.0.5
  * rails-5.0.6.rc1
  * rails-5.0.6
  * rails-5.0.7
  * rails-5.0.7.1
  * rails-5.0.7.2
  * rails-5.1.0.beta1
  * rails-5.1.0.rc1
  * rails-5.1.0.rc2
  * rails-5.1.0
  * rails-5.1.1
  * rails-5.1.2.rc1
  * rails-5.1.2
  * rails-5.1.3.rc1
  * rails-5.1.3.rc2
  * rails-5.1.3.rc3
  * rails-5.1.3
  * rails-5.1.4.rc1
  * rails-5.1.4
  * rails-5.1.5.rc1
  * rails-5.1.5
  * rails-5.1.6
  * rails-5.1.6.1
  * rails-5.1.6.2
  * rails-5.1.7.rc1
  * rails-5.1.7
  * rails-5.2.0.beta1
  * rails-5.2.0.beta2
  * rails-5.2.0.rc1
  * rails-5.2.0.rc2
  * rails-5.2.0
  * rails-5.2.1.rc1
  * rails-5.2.1
  * rails-5.2.1.1
  * rails-5.2.2.rc1
  * rails-5.2.2
  * rails-5.2.2.1
  * rails-5.2.3.rc1
  * rails-5.2.3
  * rails-5.2.4.rc1
  * rails-5.2.4
  * rails-5.2.4.1
  * rails-5.2.4.2
  * rails-5.2.4.3
  * rails-5.2.4.4
  * rails-5.2.4.5
  * rails-5.2.4.6
  * rails-5.2.5
  * rails-5.2.6
  * rails-5.2.6.1
  * rails-5.2.6.2
  * rails-5.2.6.3
  * rails-5.2.7
  * rails-5.2.7.1
  * rails-5.2.8
  * rails-5.2.8.1
  * rails-6.0.0.beta1
  * rails-6.0.0.beta2
  * rails-6.0.0.beta3
  * rails-6.0.0.rc1
  * rails-6.0.0.rc2
  * rails-6.0.0
  * rails-6.0.1.rc1
  * rails-6.0.1
  * rails-6.0.2.rc1
  * rails-6.0.2.rc2
  * rails-6.0.2
  * rails-6.0.2.1
  * rails-6.0.2.2
  * rails-6.0.3.rc1
  * rails-6.0.3
  * rails-6.0.3.1
  * rails-6.0.3.2
  * rails-6.0.3.3
  * rails-6.0.3.4
  * rails-6.0.3.5
  * rails-6.0.3.6
  * rails-6.0.3.7
  * rails-6.0.4
  * rails-6.0.4.1
  * rails-6.0.4.2
  * rails-6.0.4.3
  * rails-6.0.4.4
  * rails-6.0.4.5
  * rails-6.0.4.6
  * rails-6.0.4.7
  * rails-6.0.4.8
  * rails-6.0.5
  * rails-6.0.5.1
  * rails-6.0.6
  * rails-6.0.6.1
  * rails-6.1.0.rc1
  * rails-6.1.0.rc2
  * rails-6.1.0
  * rails-6.1.1
  * rails-6.1.2
  * rails-6.1.2.1
  * rails-6.1.3
  * rails-6.1.3.1
  * rails-6.1.3.2
  * rails-6.1.4
  * rails-6.1.4.1
  * rails-6.1.4.2
  * rails-6.1.4.3
  * rails-6.1.4.4
  * rails-6.1.4.5
  * rails-6.1.4.6
  * rails-6.1.4.7
  * rails-6.1.5
  * rails-6.1.5.1
  * rails-6.1.6
  * rails-6.1.6.1
  * rails-6.1.7
  * rails-6.1.7.1
  * rails-6.1.7.2
  * rails-7.0.0.alpha1
  * rails-7.0.0.alpha2
  * rails-7.0.0.rc1
  * rails-7.0.0.rc2
  * rails-7.0.0.rc3
  * rails-7.0.0
  * rails-7.0.1
  * rails-7.0.2
  * rails-7.0.2.1
  * rails-7.0.2.2
  * rails-7.0.2.3
  * rails-7.0.2.4
  * rails-7.0.3
  * rails-7.0.3.1
  * rails-7.0.4
  * rails-7.0.4.1
  * rails-7.0.4.2

Что я делаю не так. как я могу обновить эти три (activesupport, activerecord и actionpack)?

🤔 А знаете ли вы, что...
Rails включает в себя генераторы кода, которые позволяют быстро создавать структуру приложения и его компоненты.


88
2

Ответы:

Решено

После определения новых правил и версий в вашем Gemfile запустите:

bundle update rails

Это также обновит все прямые зависимости Rails.

Но! убедитесь, что версия существует на RubyGems: https://rubygems.org/gems/rails/versions (кажется, v5.2.8.15 не существует).


Я получил такое же предупреждение, я исследую и нашел эту ссылку с информацией о новых проблемах безопасности: https://makandracards.com/railslts/508019-rails-5-2-lts-changelog Я подтвердил и по этой ссылке: https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid Также Dependabot показал мне ту же информацию на GitHub.