From 9b795a25cd7a014d8c08cc213031b55dff83bb69 Mon Sep 17 00:00:00 2001
From: Kaspar V <casaper@users.noreply.github.com>
Date: Sun, 22 Jan 2023 23:09:02 +0100
Subject: [PATCH] fix(pghero): update because CVE-2023-22626 (#23190)

There is a vulnerability
[CVE-2023-22626](https://github.com/advisories/GHSA-vf99-xw26-86g5)

```
Name: pghero
Version: 2.8.3
CVE: CVE-2023-22626
GHSA: GHSA-vf99-xw26-86g5
Criticality: High
URL: https://github.com/ankane/pghero/issues/439
Title: Information Disclosure Through EXPLAIN Feature
Solution: upgrade to '>= 3.1.0'
```
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 6a72fec549..9c1c9586a7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem 'rack', '~> 2.2.6'
 gem 'hamlit-rails', '~> 0.2'
 gem 'pg', '~> 1.4'
 gem 'makara', '~> 0.5'
-gem 'pghero', '~> 2.8'
+gem 'pghero'
 gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.117', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index d700e58c53..e922ebf211 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -468,8 +468,8 @@ GEM
     pastel (0.8.0)
       tty-color (~> 0.5)
     pg (1.4.5)
-    pghero (2.8.3)
-      activerecord (>= 5)
+    pghero (3.1.0)
+      activerecord (>= 6)
     pkg-config (1.5.1)
     posix-spawn (0.3.15)
     premailer (1.18.0)
@@ -830,7 +830,7 @@ DEPENDENCIES
   ox (~> 2.14)
   parslet
   pg (~> 1.4)
-  pghero (~> 2.8)
+  pghero
   pkg-config (~> 1.5)
   posix-spawn
   premailer-rails
-- 
GitLab