[lint] Normalize indentation to two spaces.

.yamllint.yml

@@ -3,4 +3,5 @@ extends: default
 rules:
   line-length: disable
   indentation:
+    spaces: 2
     indent-sequences: consistent

gems/RedCloth/CVE-2012-6684.yml

@@ -10,9 +10,9 @@ description: 'Cross-site scripting (XSS) vulnerability in the RedCloth library 4
   via a javascript: URI.'
 cvss_v2: 4.3
 patched_versions:
-- '>= 4.3.0'
+  - '>= 4.3.0'
 related:
   url:
-  - https://github.com/jgarber/redcloth/commit/2f6dab4d6aea5cee778d2f37a135637fe3f1573c
-  - https://gist.github.com/co3k/75b3cb416c342aa1414c
-  - https://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss
+    - https://github.com/jgarber/redcloth/commit/2f6dab4d6aea5cee778d2f37a135637fe3f1573c
+    - https://gist.github.com/co3k/75b3cb416c342aa1414c
+    - https://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss

gems/actionmailer/CVE-2013-4389.yml

@@ -13,6 +13,6 @@ description: |
   that is improperly handled during construction of a log message.
 cvss_v2: 4.3
 unaffected_versions:
-- "~> 2.3.2"
+  - "~> 2.3.2"
 patched_versions:
-- ">= 3.2.15"
+  - ">= 3.2.15"

gems/actionpack-page_caching/CVE-2020-8159.yml

@@ -38,4 +38,4 @@ description: |
   Where the `show` action of the `BooksController` may be vulnerable.
 cvss_v3: 9.8
 patched_versions:
-- '>= 1.2.1'
+  - '>= 1.2.1'

gems/actionpack/CVE-2011-3186.yml

@@ -13,4 +13,4 @@ description: |
   insufficient sanitization of the values provided for response content types.
 cvss_v2: 4.3
 patched_versions:
-- ">= 2.3.13"
+  - ">= 2.3.13"

gems/actionpack/CVE-2011-4319.yml

@@ -16,5 +16,5 @@ description: |
   (application specific) sanitization of user provided input.
 cvss_v2: 4.3
 patched_versions:
-- ~> 3.0.11
-- '>= 3.1.2'
+  - ~> 3.0.11
+  - '>= 3.1.2'

gems/actionpack/CVE-2012-1099.yml

@@ -14,6 +14,6 @@ description: |
   via vectors involving certain generation of OPTION elements within SELECT elements.
 cvss_v2: 4.3
 patched_versions:
-- "~> 3.0.12"
-- "~> 3.1.4"
-- ">= 3.2.2"
+  - "~> 3.0.12"
+  - "~> 3.1.4"
+  - ">= 3.2.2"

gems/actionpack/CVE-2012-3424.yml

@@ -15,8 +15,8 @@ description: |
   helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
 cvss_v2: 5.0
 unaffected_versions:
-- ">= 2.3.5, <= 2.3.14"
+  - ">= 2.3.5, <= 2.3.14"
 patched_versions:
-- "~> 3.0.16"
-- "~> 3.1.7"
-- ">= 3.2.7"
+  - "~> 3.0.16"
+  - "~> 3.1.7"
+  - ">= 3.2.7"

gems/actionpack/CVE-2012-3463.yml

@@ -15,8 +15,8 @@ description: |
   the select_tag helper.
 cvss_v2: 4.3
 unaffected_versions:
-- "~> 2.3.0"
+  - "~> 2.3.0"
 patched_versions:
-- "~> 3.0.17"
-- "~> 3.1.8"
-- ">= 3.2.8"
+  - "~> 3.0.17"
+  - "~> 3.1.8"
+  - ">= 3.2.8"

gems/actionpack/CVE-2012-3465.yml

@@ -14,6 +14,6 @@ description: |
   via malformed HTML markup.
 cvss_v2: 4.3
 patched_versions:
-- "~> 3.0.17"
-- "~> 3.1.8"
-- ">= 3.2.8"
+  - "~> 3.0.17"
+  - "~> 3.1.8"
+  - ">= 3.2.8"

gems/actionpack/CVE-2013-0156.yml

@@ -17,7 +17,7 @@ description: |
   for (1) YAML type conversion or (2) Symbol type conversion.
 cvss_v2: 10.0
 patched_versions:
-- "~> 2.3.15"
-- "~> 3.0.19"
-- "~> 3.1.10"
-- ">= 3.2.11"
+  - "~> 2.3.15"
+  - "~> 3.0.19"
+  - "~> 3.1.10"
+  - ">= 3.2.11"

gems/actionpack/CVE-2013-1855.yml

@@ -17,6 +17,6 @@ description: |
   XSS attacks against users of an application using Action Pack.
 cvss_v2: 4.3
 patched_versions:
-- "~> 2.3.18"
-- "~> 3.1.12"
-- ">= 3.2.13"
+  - "~> 2.3.18"
+  - "~> 3.1.12"
+  - ">= 3.2.13"

gems/actionpack/CVE-2013-1857.yml

@@ -18,6 +18,6 @@ description: 'The sanitize helper in lib/action_controller/vendor/html-scanner/h
   Pack.'
 cvss_v2: 4.3
 patched_versions:
-- "~> 2.3.18"
-- "~> 3.1.12"
-- ">= 3.2.13"
+  - "~> 2.3.18"
+  - "~> 3.1.12"
+  - ">= 3.2.13"

gems/actionpack/CVE-2013-4491.yml

@@ -16,5 +16,5 @@ description: |
   been assigned the identifier CVE-2013-4492.
 cvss_v2: 4.3
 patched_versions:
-- "~> 3.2.16"
-- ">= 4.0.2"
+  - "~> 3.2.16"
+  - ">= 4.0.2"

gems/actionpack/CVE-2013-6414.yml

@@ -12,7 +12,7 @@ description: |
   Action View.
 cvss_v2: 5.0
 unaffected_versions:
-- "~> 2.3.0"
+  - "~> 2.3.0"
 patched_versions:
-- "~> 3.2.16"
-- ">= 4.0.2"
+  - "~> 3.2.16"
+  - ">= 4.0.2"

gems/actionpack/CVE-2013-6415.yml

@@ -14,5 +14,5 @@ description: |
   which pass user controlled data as the unit parameter are vulnerable to an XSS attack.
 cvss_v2: 4.3
 patched_versions:
-- "~> 3.2.16"
-- ">= 4.0.2"
+  - "~> 3.2.16"
+  - ">= 4.0.2"

gems/actionpack/CVE-2013-6416.yml

@@ -17,8 +17,8 @@ description: |
   attributes will be vulnerable to an XSS attack.
 cvss_v2: 4.3
 unaffected_versions:
-- "~> 2.3.0"
-- "~> 3.1.0"
-- "~> 3.2.0"
+  - "~> 2.3.0"
+  - "~> 3.1.0"
+  - "~> 3.2.0"
 patched_versions:
-- ">= 4.0.2"
+  - ">= 4.0.2"

gems/actionpack/CVE-2013-6417.yml

@@ -18,5 +18,5 @@ description: |
   vulnerability.
 cvss_v2: 6.4
 patched_versions:
-- "~> 3.2.16"
-- ">= 4.0.2"
+  - "~> 3.2.16"
+  - ">= 4.0.2"

gems/actionpack/CVE-2014-0081.yml

@@ -14,6 +14,6 @@ description: Multiple cross-site scripting (XSS) vulnerabilities in actionview/l
   or (c) number_to_human helper.
 cvss_v2: 4.3
 patched_versions:
-- ~> 3.2.17
-- ~> 4.0.3
-- '>= 4.1.0.beta2'
+  - ~> 3.2.17
+  - ~> 4.0.3
+  - '>= 4.1.0.beta2'

gems/actionpack/CVE-2014-0082.yml

@@ -13,6 +13,6 @@ description: actionpack/lib/action_view/template/text.rb in Action View in Ruby
   of service (memory consumption) by including these strings in headers.
 cvss_v2: 5.0
 unaffected_versions:
-- ">= 4.0.0"
+  - ">= 4.0.0"
 patched_versions:
-- ">= 3.2.17"
+  - ">= 3.2.17"

gems/actionpack/CVE-2014-0130.yml

@@ -16,6 +16,6 @@ description: |
   rails application server.
 cvss_v2: 4.3
 patched_versions:
-- "~> 3.2.18"
-- "~> 4.0.5"
-- ">= 4.1.1"
+  - "~> 3.2.18"
+  - "~> 4.0.5"
+  - ">= 4.1.1"

gems/actionpack/CVE-2014-7818.yml

@@ -13,9 +13,9 @@ description: |
   exists.
 cvss_v2: 4.3
 unaffected_versions:
-- "< 3.0.0"
+  - "< 3.0.0"
 patched_versions:
-- "~> 3.2.20"
-- "~> 4.0.11"
-- "~> 4.1.7"
-- ">= 4.2.0.beta3"
+  - "~> 3.2.20"
+  - "~> 4.0.11"
+  - "~> 4.1.7"
+  - ">= 4.2.0.beta3"

gems/actionpack/CVE-2014-7829.yml

@@ -14,10 +14,10 @@ description: |
   specially crafted string is slightly different.
 cvss_v2: 5.0
 unaffected_versions:
-- "< 3.0.0"
+  - "< 3.0.0"
 patched_versions:
-- "~> 3.2.21"
-- "~> 4.0.11.1"
-- "~> 4.0.12"
-- "~> 4.1.7.1"
-- ">= 4.1.8"
+  - "~> 3.2.21"
+  - "~> 4.0.11.1"
+  - "~> 4.0.12"
+  - "~> 4.1.7.1"
+  - ">= 4.1.8"

gems/actionpack/CVE-2015-7576.yml

@@ -110,7 +110,7 @@ description: |
 cvss_v2: 4.3
 cvss_v3: 3.7
 patched_versions:
-- '>= 5.0.0.beta1.1'
-- ~> 4.2.5, >= 4.2.5.1
-- ~> 4.1.14, >= 4.1.14.1
-- ~> 3.2.22.1
+  - '>= 5.0.0.beta1.1'
+  - ~> 4.2.5, >= 4.2.5.1
+  - ~> 4.1.14, >= 4.1.14.1
+  - ~> 3.2.22.1

gems/actionpack/CVE-2015-7581.yml

@@ -46,8 +46,8 @@ description: |
   Please note that only the 4.1.x and 4.2.x series are supported at present.  Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.
 cvss_v3: 7.5
 unaffected_versions:
-- < 4.0.0
-- '>= 5.0.0.beta1'
+  - < 4.0.0
+  - '>= 5.0.0.beta1'
 patched_versions:
-- ~> 4.2.5, >= 4.2.5.1
-- ~> 4.1.14, >= 4.1.14.1
+  - ~> 4.2.5, >= 4.2.5.1
+  - ~> 4.1.14, >= 4.1.14.1

gems/actionpack/CVE-2016-0751.yml

@@ -65,7 +65,7 @@ description: |
 cvss_v2: 5.0
 cvss_v3: 7.5
 patched_versions:
-- '>= 5.0.0.beta1.1'
-- ~> 4.2.5, >= 4.2.5.1
-- ~> 4.1.14, >= 4.1.14.1
-- ~> 3.2.22.1
+  - '>= 5.0.0.beta1.1'
+  - ~> 4.2.5, >= 4.2.5.1
+  - ~> 4.1.14, >= 4.1.14.1
+  - ~> 3.2.22.1

gems/actionpack/CVE-2016-0752.yml

@@ -84,10 +84,10 @@ description: |
   -------
   Thanks John Poulin for reporting this!
 unaffected_versions:
-- '>= 4.1.0'
+  - '>= 4.1.0'
 patched_versions:
-- '>= 5.0.0.beta1.1'
-- ~> 4.2.5, >= 4.2.5.1
-- ~> 4.1.14, >= 4.1.14.1
-- ~> 3.2.22.1
+  - '>= 5.0.0.beta1.1'
+  - ~> 4.2.5, >= 4.2.5.1
+  - ~> 4.1.14, >= 4.1.14.1
+  - ~> 3.2.22.1
 notes: Newer versions are affected, but tracked in the actionview gem.

gems/actionpack/CVE-2016-2097.yml

@@ -79,9 +79,9 @@ description: |2
   Thanks to both Jyoti Singh and Tobias Kraze from makandra for reporting this
   and working with us in the patch!
 unaffected_versions:
-- '>= 4.1.0'
+  - '>= 4.1.0'
 patched_versions:
-- ~> 3.2.22.2
-- ~> 4.1.14
-- '>= 4.1.14.2'
+  - ~> 3.2.22.2
+  - ~> 4.1.14
+  - '>= 4.1.14.2'
 notes: Newer versions are affected, but tracked in the actionview gem.

gems/actionpack/CVE-2016-2098.yml

@@ -80,8 +80,8 @@ description: |
   reporting this!
 cvss_v3: 7.3
 unaffected_versions:
-- '>= 5.0.0.beta1'
+  - '>= 5.0.0.beta1'
 patched_versions:
-- ~> 3.2.22.2
-- ~> 4.2.5, >= 4.2.5.2
-- ~> 4.1.14, >= 4.1.14.2
+  - ~> 3.2.22.2
+  - ~> 4.2.5, >= 4.2.5.2
+  - ~> 4.1.14, >= 4.1.14.2

gems/actionpack/CVE-2016-6316.yml

@@ -44,10 +44,10 @@ description: |
   content_tag(:div, "hi", title: escape_quotes(sanitize(user_input)))
   ```
 unaffected_versions:
-- < 3.0.0
-- '>= 4.1.0'
+  - < 3.0.0
+  - '>= 4.1.0'
 patched_versions:
-- ~> 3.2.22.3
-- ~> 4.2.7.1
-- '>= 5.0.0.1'
+  - ~> 3.2.22.3
+  - ~> 4.2.7.1
+  - '>= 5.0.0.1'
 notes: Newer versions are affected, but tracked in the actionview gem.

gems/actionpack/CVE-2020-8164.yml

@@ -43,7 +43,7 @@ description: |
   application.
 cvss_v3: 7.5
 unaffected_versions:
-- "< 4.0.0"
+  - "< 4.0.0"
 patched_versions:
-- "~> 5.2.4, >= 5.2.4.3"
-- ">= 6.0.3.1"
+  - "~> 5.2.4, >= 5.2.4.3"
+  - ">= 6.0.3.1"

gems/actionpack/CVE-2020-8166.yml

@@ -28,5 +28,5 @@ description: |
   until such time as the application can be upgraded.
 cvss_v3: 4.3
 patched_versions:
-- "~> 5.2.4, >= 5.2.4.3"
-- ">= 6.0.3.1"
+  - "~> 5.2.4, >= 5.2.4.3"
+  - ">= 6.0.3.1"

gems/actionpack/CVE-2020-8185.yml

@@ -36,6 +36,6 @@ description: |
   `config.middleware.delete ActionDispatch::ActionableExceptions`
 cvss_v3: 6.5
 unaffected_versions:
-- "< 6.0.0"
+  - "< 6.0.0"
 patched_versions:
-- ">= 6.0.3.2"
+  - ">= 6.0.3.2"

gems/actionpack/CVE-2020-8264.yml

@@ -31,6 +31,6 @@ description: |
   `config.middleware.delete ActionDispatch::ActionableExceptions`
 cvss_v3: 6.1
 unaffected_versions:
-- < 6.0.0
+  - < 6.0.0
 patched_versions:
-- '>= 6.0.3.4'
+  - '>= 6.0.3.4'

gems/actionpack/CVE-2021-22881.yml

@@ -61,7 +61,7 @@ description: |
   ```
 cvss_v3: 6.1
 unaffected_versions:
-- "< 6.0.0"
+  - "< 6.0.0"
 patched_versions:
-- "~> 6.0.3, >= 6.0.3.5"
-- ">= 6.1.2.1"
+  - "~> 6.0.3, >= 6.0.3.5"
+  - ">= 6.1.2.1"

gems/actionpack/CVE-2021-22885.yml

@@ -59,9 +59,9 @@ description: |
   ```
 cvss_v3: 7.5
 unaffected_versions:
-- < 2.0.0
+  - < 2.0.0
 patched_versions:
-- ~> 5.2.4.6
-- ~> 5.2.6
-- ~> 6.0.3, >= 6.0.3.7
-- '>= 6.1.3.2'
+  - ~> 5.2.4.6
+  - ~> 5.2.6
+  - ~> 6.0.3, >= 6.0.3.7
+  - '>= 6.1.3.2'