From 09f75eb834bfefa6643a676249b48161bbcf0cad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Mon, 17 Aug 2020 14:47:19 +0200
Subject: [PATCH] Replace unmaintained Erubis by Erubi.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Erubis is not maintained since 2011 and it has some unfixed security
issues. Erubi is used by Ruby on Rails, so it should be much better
choice.
Signed-off-by: Vít Ondruch <vondruch@redhat.com>
---
lib/vagrant/util/template_renderer.rb | 4 ++--
vagrant.gemspec | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/vagrant/util/template_renderer.rb b/lib/vagrant/util/template_renderer.rb
index 8b8e730ba..eec0b2362 100644
--- a/lib/vagrant/util/template_renderer.rb
+++ b/lib/vagrant/util/template_renderer.rb
@@ -1,7 +1,7 @@
require 'ostruct'
require "pathname"
-require 'erubis'
+require 'erubi'
module Vagrant
module Util
@@ -73,7 +73,7 @@ module Vagrant
#
# @return [String]
def render_string
- Erubis::Eruby.new(template, trim: true).result(binding)
+ eval(Erubi::Engine.new(template).src)
end
# Returns the full path to the template, taking into account the gem directory
diff --git a/vagrant.gemspec b/vagrant.gemspec
index 465b12805..6f2b726fa 100644
--- a/vagrant.gemspec
+++ b/vagrant.gemspec
@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
s.add_dependency "bcrypt_pbkdf", "~> 1.0.0"
s.add_dependency "childprocess", "~> 3.0.0"
s.add_dependency "ed25519", "~> 1.2.4"
- s.add_dependency "erubis", "~> 2.7.0"
+ s.add_dependency "erubi"
s.add_dependency "i18n", "~> 1.8"
s.add_dependency "listen", "~> 3.1.5"
s.add_dependency "hashicorp-checkpoint", "~> 0.1.5"
--
2.27.0