Skip to content

Commit

Permalink
chore: update haml dependency version
Browse files Browse the repository at this point in the history 
This updates to the haml dependency relative to the current version.
haml 3 has a cross scripting security issue with ruby. To avoid glitter
installing an insecure of version haml where this is the only gem with a
haml dependency, the version is set to ~>5. This also removes the
deprecated `rubyforge_project` property in the gemspec.
  • Loading branch information
@Teyler7
Teyler7 committed May 13, 2022
1 parent db6c966 commit 8ebd3c5
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions glitter.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,9 @@ Gem::Specification.new do |s|
s.description = %q{Glitter makes it easy to publish software updates via the Sparkle framework by using S3 buckets.}
s.licenses = ['MIT']

s.rubyforge_project = "glitter"
s.required_ruby_version = ">= 2.0.0"
s.add_dependency "s3", "~> 0.3"
s.add_dependency "haml", "~> 3.0"
s.add_dependency "haml", "~> 5.0"
s.add_dependency "thor", "~> 1.0"

s.files = `git ls-files`.split("\n")
Expand Down

0 comments on commit 8ebd3c5

Please sign in to comment.