Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow update to Devise 4.6.2 #462

Closed
Spone opened this issue Apr 1, 2019 · 5 comments
Closed

Allow update to Devise 4.6.2 #462

Spone opened this issue Apr 1, 2019 · 5 comments

Comments

@Spone
Copy link
Contributor

Spone commented Apr 1, 2019
edited
Loading

I would like to be able to update Devise to 4.6.2, since there is a security issue in earlier versions, see heartcombo/devise#4981

Why is there dependency to Devise ~> 4.4.3 and not >= 4.4.3?
@Spone Spone changed the title Allow dependency to Devise 4.2.6 Allow update to Devise 4.2.6 Apr 1, 2019
@mooreds
Copy link

mooreds commented Apr 3, 2019

I think you meant 4.6.2, right @Spone ?

@Spone Spone changed the title Allow update to Devise 4.2.6 Allow update to Devise 4.6.2 Apr 3, 2019
@Spone
Copy link
Contributor Author

Spone commented Apr 3, 2019

You're right @mooreds :)

@mooreds
Copy link

mooreds commented Apr 6, 2019

Ping

@baash05
Copy link

baash05 commented Apr 8, 2019

The 1.7.1 version of the gem allows for the updated devise. I uses a >= not the ~.
I've locked my version for now.

jamesmk added a commit that referenced this issue Apr 9, 2019
@jamesmk
fixes #462 - bump devise to latest version
1b0fa52
@jamesmk jamesmk mentioned this issue Apr 9, 2019
Closed
@jamesmk
Copy link
Member

jamesmk commented Apr 9, 2019

@Spone We are locking major dependencies to minor versions to avoid inconsistent functionality. I've opened a PR to bump the version of Devise in v2.1. You can wait until v2.1 is released or point directly to the v2.1 branch in you gemfile (although this branch is in active development).

thanks!

@jamesmk jamesmk mentioned this issue Apr 10, 2019
Merged
jamesmk added a commit that referenced this issue Apr 11, 2019
@jamesmk
Merge pull request #465 from wearefine/462-devise-version
e8708c0 
fixes #462 - bump devise to latest version
@jamesmk jamesmk closed this as completed Apr 24, 2019
jclemans pushed a commit that referenced this issue Jun 13, 2019
@jamesmk @jclemans
fixes #462 - bump devise to latest version
15923e2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Spone @mooreds @jamesmk @baash05