Relax version constraints to allow Rails 7.0.10 update

pixeltrix · postmodern · commit 0a596546572d · 2025-10-29T10:18:51.000-07:00
The ~&gt; operator on the revision triggers a false positive on the
latest patch update in the Rails 7.0.x release series.
diff --git a/gems/actionmailer/CVE-2024-47889.yml b/gems/actionmailer/CVE-2024-47889.yml
@@ -38,7 +38,7 @@ unaffected_versions:
   - "< 3.0.0"
 patched_versions:
   - "~> 6.1.7.9"
-  - "~> 7.0.8.5"
+  - "~> 7.0.8, >= 7.0.8.5"
   - "~> 7.1.4, >= 7.1.4.1"
   - ">= 7.2.1.1"
 related:
diff --git a/gems/actionpack/CVE-2024-41128.yml b/gems/actionpack/CVE-2024-41128.yml
@@ -38,7 +38,7 @@ unaffected_versions:
   - "< 3.1.0"
 patched_versions:
   - "~> 6.1.7.9"
-  - "~> 7.0.8.5"
+  - "~> 7.0.8, >= 7.0.8.5"
   - "~> 7.1.4, >= 7.1.4.1"
   - ">= 7.2.1.1"
 related:
diff --git a/gems/actionpack/CVE-2024-47887.yml b/gems/actionpack/CVE-2024-47887.yml
@@ -40,7 +40,7 @@ unaffected_versions:
   - "< 4.0.0"
 patched_versions:
   - "~> 6.1.7.9"
-  - "~> 7.0.8.5"
+  - "~> 7.0.8, >= 7.0.8.5"
   - "~> 7.1.4, >= 7.1.4.1"
   - ">= 7.2.1.1"
 related:
diff --git a/gems/actionpack/CVE-2024-54133.yml b/gems/actionpack/CVE-2024-54133.yml
@@ -34,7 +34,7 @@ cvss_v4: 2.3
 unaffected_versions:
   - "< 5.2.0"
 patched_versions:
-  - "~> 7.0.8.7"
+  - "~> 7.0.8, >= 7.0.8.7"
   - "~> 7.1.5, >= 7.1.5.1"
   - "~> 7.2.2, >= 7.2.2.1"
   - ">= 8.0.0.1"
diff --git a/gems/actiontext/CVE-2024-34341.yml b/gems/actiontext/CVE-2024-34341.yml
@@ -57,7 +57,7 @@ description: |
 unaffected_versions:
   - "< 7.0.0"
 patched_versions:
-  - "~> 7.0.8.3"
+  - "~> 7.0.8, >= 7.0.8.3"
   - ">= 7.1.3.3"
 cvss_v3: 5.4
 related:
diff --git a/gems/actiontext/CVE-2024-47888.yml b/gems/actiontext/CVE-2024-47888.yml
@@ -39,7 +39,7 @@ unaffected_versions:
   - "< 6.0.0"
 patched_versions:
   - "~> 6.1.7.9"
-  - "~> 7.0.8.5"
+  - "~> 7.0.8, >= 7.0.8.5"
   - "~> 7.1.4, >= 7.1.4.1"
   - ">= 7.2.1.1"
 related:
