From b1a8430258e3af5b37d03c974c4880c1f29bd59e Mon Sep 17 00:00:00 2001
From: Sony Mathew <ynos1234@gmail.com>
Date: Fri, 9 Oct 2020 11:33:51 +0530
Subject: [PATCH] fix: Security: CVE-2020-8264 (#1328) (#1329)

* fix: Security: CVE-2020-8264 (#1328)

* fix: Upgraded rails version to 6.0.3.4 for Security: CVE-2020-8264
* Fixed a rubocop linter issue with string inetrpolation also.
---
 Gemfile.lock                       | 104 ++++++++++++++---------------
 config/environments/development.rb |   2 +-
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 0c9cda2ec..a616cdf68 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -18,56 +18,56 @@ GEM
   specs:
     action-cable-testing (0.6.1)
       actioncable (>= 5.0)
-    actioncable (6.0.3.3)
-      actionpack (= 6.0.3.3)
+    actioncable (6.0.3.4)
+      actionpack (= 6.0.3.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionmailbox (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      actionview (= 6.0.3.3)
-      activejob (= 6.0.3.3)
+    actionmailer (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.3)
-      actionview (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionpack (6.0.3.4)
+      actionview (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actiontext (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionview (6.0.3.4)
+      activesupport (= 6.0.3.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.3)
-      activesupport (= 6.0.3.3)
+    activejob (6.0.3.4)
+      activesupport (= 6.0.3.4)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activerecord (6.0.3.3)
-      activemodel (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activestorage (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
+    activemodel (6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activerecord (6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activestorage (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
       marcel (~> 0.3.1)
-    activesupport (6.0.3.3)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -307,7 +307,7 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     netrc (0.11.0)
-    nio4r (2.5.3)
+    nio4r (2.5.4)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth (0.5.4)
@@ -336,29 +336,29 @@ GEM
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.3)
-      actioncable (= 6.0.3.3)
-      actionmailbox (= 6.0.3.3)
-      actionmailer (= 6.0.3.3)
-      actionpack (= 6.0.3.3)
-      actiontext (= 6.0.3.3)
-      actionview (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activemodel (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    rails (6.0.3.4)
+      actioncable (= 6.0.3.4)
+      actionmailbox (= 6.0.3.4)
+      actionmailer (= 6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actiontext (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.3)
+      railties (= 6.0.3.4)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    railties (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
@@ -481,7 +481,7 @@ GEM
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
diff --git a/config/environments/development.rb b/config/environments/development.rb
index bdba46ea3..3bdc26c99 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -102,7 +102,7 @@ Rails.application.configure do
 
   # Use a different logger for distributed setups.
   # require 'syslog/logger'
-  config.logger = ActiveSupport::Logger.new(Rails.root.join('log', Rails.env + '.log'), 1, ENV.fetch('LOG_SIZE', '1024').to_i.megabytes)
+  config.logger = ActiveSupport::Logger.new(Rails.root.join('log', "#{Rails.env}.log"), 1, ENV.fetch('LOG_SIZE', '1024').to_i.megabytes)
 
   # Bullet configuration to fix the N+1 queries
   config.after_initialize do