rails
diff --git a/‎Gemfile.lock
Lines changed: 77 additions & 72 deletions b/‎Gemfile.lock
Lines changed: 77 additions & 72 deletions
diff --git a/‎RAILS_VERSION
Lines changed: 1 addition & 1 deletion b/‎RAILS_VERSION
Lines changed: 1 addition & 1 deletion
diff --git a/‎actioncable/CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎actioncable/CHANGELOG.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎actioncable/lib/action_cable/gem_version.rb
Lines changed: 1 addition & 1 deletion b/‎actioncable/lib/action_cable/gem_version.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎actioncable/package.json
Lines changed: 1 addition & 1 deletion b/‎actioncable/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎actionmailbox/CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎actionmailbox/CHANGELOG.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎actionmailbox/lib/action_mailbox/gem_version.rb
Lines changed: 1 addition & 1 deletion b/‎actionmailbox/lib/action_mailbox/gem_version.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎actionmailer/CHANGELOG.md
Lines changed: 5 additions & 0 deletions b/‎actionmailer/CHANGELOG.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎actionmailer/lib/action_mailer/gem_version.rb
Lines changed: 1 addition & 1 deletion b/‎actionmailer/lib/action_mailer/gem_version.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎actionpack/CHANGELOG.md
Lines changed: 18 additions & 0 deletions b/‎actionpack/CHANGELOG.md
Lines changed: 18 additions & 0 deletions
@@ -24,88 +24,88 @@ GIT
 PATH
   remote: .
   specs:
-    actioncable (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    actioncable (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailbox (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      activejob (= 7.0.4.1)
+      activerecord (= 7.0.4.1)
+      activestorage (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.4)
-      actionpack (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailer (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      actionview (= 7.0.4.1)
+      activejob (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionpack (7.0.4.1)
+      actionview (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4)
-      actionpack (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    actiontext (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      activerecord (= 7.0.4.1)
+      activestorage (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+    actionview (7.0.4.1)
+      activesupport (= 7.0.4.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.4)
-      activesupport (= 7.0.4)
+    activejob (7.0.4.1)
+      activesupport (= 7.0.4.1)
       globalid (>= 0.3.6)
-    activemodel (7.0.4)
-      activesupport (= 7.0.4)
-    activerecord (7.0.4)
-      activemodel (= 7.0.4)
-      activesupport (= 7.0.4)
-    activestorage (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activesupport (= 7.0.4)
+    activemodel (7.0.4.1)
+      activesupport (= 7.0.4.1)
+    activerecord (7.0.4.1)
+      activemodel (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
+    activestorage (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      activejob (= 7.0.4.1)
+      activerecord (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.4)
+    activesupport (7.0.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    rails (7.0.4)
-      actioncable (= 7.0.4)
-      actionmailbox (= 7.0.4)
-      actionmailer (= 7.0.4)
-      actionpack (= 7.0.4)
-      actiontext (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activemodel (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    rails (7.0.4.1)
+      actioncable (= 7.0.4.1)
+      actionmailbox (= 7.0.4.1)
+      actionmailer (= 7.0.4.1)
+      actionpack (= 7.0.4.1)
+      actiontext (= 7.0.4.1)
+      actionview (= 7.0.4.1)
+      activejob (= 7.0.4.1)
+      activemodel (= 7.0.4.1)
+      activerecord (= 7.0.4.1)
+      activestorage (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       bundler (>= 1.15.0)
-      railties (= 7.0.4)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+      railties (= 7.0.4.1)
+    railties (7.0.4.1)
+      actionpack (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -197,6 +197,7 @@ GEM
     daemons (1.4.1)
     dalli (3.2.0)
     dante (0.2.0)
+    date (3.3.3)
     debug (1.4.0)
       irb (>= 1.3.6)
       reline (>= 0.2.7)
@@ -206,7 +207,6 @@ GEM
     delayed_job_active_record (4.1.6)
       activerecord (>= 3.0, < 6.2)
       delayed_job (>= 3.0, < 5)
-    digest (3.1.0)
     digest-crc (0.6.4)
       rake (>= 12.0.0, < 14.0.0)
     em-http-request (1.1.7)
@@ -217,7 +217,7 @@ GEM
       http_parser.rb (>= 0.6.0)
     em-socksify (0.3.2)
       eventmachine (>= 1.0.0.beta.4)
-    erubi (1.11.0)
+    erubi (1.12.0)
     et-orbi (1.2.6)
       tzinfo
     event_emitter (0.2.6)
@@ -326,11 +326,14 @@ GEM
     listen (3.7.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.18.0)
+    loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
+    mail (2.8.0.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
     memoist (0.16.2)
@@ -357,24 +360,23 @@ GEM
       ruby2_keywords (~> 0.0.1)
     net-http-persistent (4.0.1)
       connection_pool (~> 2.2)
-    net-imap (0.2.3)
-      digest
+    net-imap (0.3.4)
+      date
       net-protocol
-      strscan
-    net-pop (0.1.1)
-      digest
+    net-pop (0.1.2)
       net-protocol
+    net-protocol (0.2.1)
       timeout
-    net-protocol (0.1.3)
-      timeout
-    net-smtp (0.3.1)
-      digest
+    net-smtp (0.3.3)
       net-protocol
-      timeout
     nio4r (2.5.8)
     nokogiri (1.13.0)
       mini_portile2 (~> 2.7.0)
       racc (~> 1.4)
+    nokogiri (1.13.0-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.0-x86_64-linux)
+      racc (~> 1.4)
     os (1.1.4)
     parallel (1.21.0)
     parser (3.1.0.0)
@@ -403,8 +405,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.4.4)
+      loofah (~> 2.19, >= 2.19.1)
     rainbow (3.0.0)
     rake (13.0.6)
     rb-fsevent (0.11.0)
@@ -512,11 +514,14 @@ GEM
     stackprof (0.2.17)
     stimulus-rails (1.0.2)
       railties (>= 6.0.0)
-    strscan (3.0.4)
     sucker_punch (3.0.1)
       concurrent-ruby (~> 1.0)
     tailwindcss-rails (2.0.4)
       railties (>= 6.0.0)
+    tailwindcss-rails (2.0.4-x86_64-darwin)
+      railties (>= 6.0.0)
+    tailwindcss-rails (2.0.4-x86_64-linux)
+      railties (>= 6.0.0)
     terser (1.1.8)
       execjs (>= 0.3.0, < 3)
     thin (1.8.1)
@@ -525,7 +530,7 @@ GEM
       rack (>= 1, < 3)
     thor (1.2.1)
     tilt (2.0.10)
-    timeout (0.3.0)
+    timeout (0.3.1)
     trailblazer-option (0.1.2)
     turbo-rails (1.0.0)
       actionpack (>= 6.0.0)
@@ -556,7 +561,7 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.0)
+    zeitwerk (2.6.6)
 
 PLATFORMS
   ruby
 
@@ -1 +1 @@
-7.0.4
+7.0.4.1
@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 *   The Redis adapter is now compatible with redis-rb 5.0
 
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 0
     TINY  = 4
-    PRE   = nil
+    PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end
 
@@ -1,6 +1,6 @@
 {
   "name": "@rails/actioncable",
-  "version": "7.0.4",
+  "version": "7.0.4-1",
   "description": "WebSocket framework for Ruby on Rails.",
   "module": "app/assets/javascripts/actioncable.esm.js",
   "main": "app/assets/javascripts/actioncable.js",
 
@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 *   No changes.
 
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 0
     TINY  = 4
-    PRE   = nil
+    PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end
 
@@ -1,3 +1,8 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   No changes.
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 *   No changes.
 
@@ -10,7 +10,7 @@ module VERSION
     MAJOR = 7
     MINOR = 0
     TINY  = 4
-    PRE   = nil
+    PRE   = "1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end
 
@@ -1,3 +1,21 @@
+## Rails 7.0.4.1 (January 17, 2023) ##
+
+*   Fix sec issue with _url_host_allowed?
+
+    Disallow certain strings from `_url_host_allowed?` to avoid a redirect
+    to malicious sites.
+
+    [CVE-2023-22797]
+
+*   Avoid regex backtracking on If-None-Match header
+
+    [CVE-2023-22795]
+
+*   Use string#split instead of regex for domain parts
+
+    [CVE-2023-22792]
+
+
 ## Rails 7.0.4 (September 09, 2022) ##
 
 *   Prevent `ActionDispatch::ServerTiming` from overwriting existing values in `Server-Timing`.
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@rails/actioncable",`
`3`		`- "version": "7.0.4",`
	`3`	`+ "version": "7.0.4-1",`
`4`	`4`	`"description": "WebSocket framework for Ruby on Rails.",`
`5`	`5`	`"module": "app/assets/javascripts/actioncable.esm.js",`
`6`	`6`	`"main": "app/assets/javascripts/actioncable.js",`