From c4f9e174a4faec09a4d5f4b28ecfd319e3c62b84 Mon Sep 17 00:00:00 2001
From: Daniel O'Connor <daniel.oconnor@gmail.com>
Date: Sun, 9 May 2021 11:34:16 +0930
Subject: [PATCH 1/2] CVE-2021-22885

---
 Gemfile.lock | 80 ++++++++++++++++++++++++++--------------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index ed9a186849..f08cac82e6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,47 +1,47 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.5)
-      actionpack (= 5.2.5)
+    actioncable (5.2.6)
+      actionpack (= 5.2.6)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.5)
-      actionpack (= 5.2.5)
-      actionview (= 5.2.5)
-      activejob (= 5.2.5)
+    actionmailer (5.2.6)
+      actionpack (= 5.2.6)
+      actionview (= 5.2.6)
+      activejob (= 5.2.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.5)
-      actionview (= 5.2.5)
-      activesupport (= 5.2.5)
+    actionpack (5.2.6)
+      actionview (= 5.2.6)
+      activesupport (= 5.2.6)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.5)
-      activesupport (= 5.2.5)
+    actionview (5.2.6)
+      activesupport (= 5.2.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.5)
-      activesupport (= 5.2.5)
+    activejob (5.2.6)
+      activesupport (= 5.2.6)
       globalid (>= 0.3.6)
-    activemodel (5.2.5)
-      activesupport (= 5.2.5)
+    activemodel (5.2.6)
+      activesupport (= 5.2.6)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (5.2.5)
-      activemodel (= 5.2.5)
-      activesupport (= 5.2.5)
+    activerecord (5.2.6)
+      activemodel (= 5.2.6)
+      activesupport (= 5.2.6)
       arel (>= 9.0)
-    activestorage (5.2.5)
-      actionpack (= 5.2.5)
-      activerecord (= 5.2.5)
+    activestorage (5.2.6)
+      actionpack (= 5.2.6)
+      activerecord (= 5.2.6)
       marcel (~> 1.0.0)
-    activesupport (5.2.5)
+    activesupport (5.2.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -177,7 +177,7 @@ GEM
     listen (3.5.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.9.0)
+    loofah (2.9.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.2.8)
@@ -192,7 +192,7 @@ GEM
       nokogiri (~> 1)
       rake
     mini_mime (1.1.0)
-    mini_portile2 (2.5.0)
+    mini_portile2 (2.5.1)
     minitest (5.14.4)
     msgpack (1.4.2)
     nenv (0.3.0)
@@ -200,7 +200,7 @@ GEM
       net-ssh (>= 2.6.5, < 7.0.0)
     net-ssh (6.1.0)
     nio4r (2.5.7)
-    nokogiri (1.11.2)
+    nokogiri (1.11.3)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     notiffany (0.1.3)
@@ -236,18 +236,18 @@ GEM
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.5)
-      actioncable (= 5.2.5)
-      actionmailer (= 5.2.5)
-      actionpack (= 5.2.5)
-      actionview (= 5.2.5)
-      activejob (= 5.2.5)
-      activemodel (= 5.2.5)
-      activerecord (= 5.2.5)
-      activestorage (= 5.2.5)
-      activesupport (= 5.2.5)
+    rails (5.2.6)
+      actioncable (= 5.2.6)
+      actionmailer (= 5.2.6)
+      actionpack (= 5.2.6)
+      actionview (= 5.2.6)
+      activejob (= 5.2.6)
+      activemodel (= 5.2.6)
+      activerecord (= 5.2.6)
+      activestorage (= 5.2.6)
+      activesupport (= 5.2.6)
       bundler (>= 1.3.0)
-      railties (= 5.2.5)
+      railties (= 5.2.6)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -272,9 +272,9 @@ GEM
       rails (> 3.1)
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (5.2.5)
-      actionpack (= 5.2.5)
-      activesupport (= 5.2.5)
+    railties (5.2.6)
+      actionpack (= 5.2.6)
+      activesupport (= 5.2.6)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
@@ -482,4 +482,4 @@ DEPENDENCIES
   zeus
 
 BUNDLED WITH
-   2.1.4
+   2.2.17

From 5605d8a413eb22a2cafc31d32fc7b6c66ccfb8ef Mon Sep 17 00:00:00 2001
From: Daniel O'Connor <daniel.oconnor@gmail.com>
Date: Sun, 9 May 2021 11:48:46 +0930
Subject: [PATCH 2/2] Fix specs

---
 app/views/shared/_empty.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/shared/_empty.html.haml b/app/views/shared/_empty.html.haml
index e1edb910f5..f784de835b 100644
--- a/app/views/shared/_empty.html.haml
+++ b/app/views/shared/_empty.html.haml
@@ -1,6 +1,6 @@
 - assets = controller_name
 - asset = assets.singularize
-- new_asset_path = controller.class.to_s.include?("Admin") ? url_for([:new, :admin, asset]) : url_for([:new, asset])
+- new_asset_path = url_for(action: :new, controller: controller_name)
 #empty
   - if @current_query.blank?
     == #{t(:could_not_find, t(assets.downcase))} #{link_to_inline(:"create_#{asset}", new_asset_path, plain: true, text: "#{t(:create_a_new)} #{t(asset + '_small')}")}.