From f53a96680048c91b778668802fd08c244e335f68 Mon Sep 17 00:00:00 2001 From: ulferts Date: Mon, 6 Jan 2025 11:44:51 +0100 Subject: [PATCH] bump secure_headers --- Gemfile | 2 +- Gemfile.lock | 4 ++-- lib/open_project/patches/secure_headers_turbo_aware_nonce.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 357b99c3cd10..983b55ad6c12 100644 --- a/Gemfile +++ b/Gemfile @@ -137,7 +137,7 @@ gem "rack-protection", "~> 3.2.0" gem "rack-attack", "~> 6.7.0" # CSP headers -gem "secure_headers", "~> 7.0.0" +gem "secure_headers", "~> 7.1.0" # Browser detection for incompatibility checks gem "browser", "~> 6.2.0" diff --git a/Gemfile.lock b/Gemfile.lock index d1a9c219b1ff..1940a6df2b3f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1068,7 +1068,7 @@ GEM sanitize (7.0.0) crass (~> 1.0.2) nokogiri (>= 1.16.8) - secure_headers (7.0.0) + secure_headers (7.1.0) securerandom (0.4.1) selenium-devtools (0.131.0) selenium-webdriver (~> 4.2) @@ -1380,7 +1380,7 @@ DEPENDENCIES ruby-progressbar (~> 1.13.0) rubytree (~> 2.1.0) sanitize (~> 7.0.0) - secure_headers (~> 7.0.0) + secure_headers (~> 7.1.0) selenium-devtools selenium-webdriver (~> 4.20) semantic (~> 1.6.1) diff --git a/lib/open_project/patches/secure_headers_turbo_aware_nonce.rb b/lib/open_project/patches/secure_headers_turbo_aware_nonce.rb index 3f8e498cb961..4090fe089b2a 100644 --- a/lib/open_project/patches/secure_headers_turbo_aware_nonce.rb +++ b/lib/open_project/patches/secure_headers_turbo_aware_nonce.rb @@ -37,6 +37,6 @@ def content_security_policy_script_nonce(request) end end -OpenProject::Patches.patch_gem_version "secure_headers", "7.0.0" do +OpenProject::Patches.patch_gem_version "secure_headers", "7.1.0" do SecureHeaders.singleton_class.prepend OpenProject::Patches::SecureHeadersTurboAwareNonce end