Update WEBrick to v1.6.1
Ruby ships with WEBrick v1.6.0, but v1.6.1 contains a fix for a CVE: https://bugs.ruby-lang.org/issues/17201 We only use WEBrick for Sidekiq exporter to serve internal metrics, so this CVE shouldn't be a user-facing issue. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/296224
Showing
... | ... | @@ -331,6 +331,7 @@ gem 'snowplow-tracker', '~> 0.6.1' |
# Metrics | ||
group :metrics do | ||
gem 'method_source', '~> 1.0', require: false | ||
gem 'webrick', '~> 1.6.1', require: false | ||
# Prometheus | ||
gem 'prometheus-client-mmap', '~> 0.12.0' | ||
... | ... |
Please register or sign in to comment