From f32d1ce6dab0c7df521b028b04583a8db04d60c3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 26 Feb 2020 03:18:15 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159 --- Gemfile | 26 +++---- Gemfile.lock | 201 +++++++++++++++++++++++++-------------------------- 2 files changed, 113 insertions(+), 114 deletions(-) diff --git a/Gemfile b/Gemfile index 298f118..1a00b12 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ git_source(:github) do |repo_name| "https://github.com/#{repo_name}.git" end -gem 'rails', '~> 5.2.2' +gem 'rails', '~> 5.2.2', '>= 5.2.2.1' gem 'sidekiq' gem 'sidekiq-scheduler' @@ -16,13 +16,13 @@ gem 'pg' gem 'puma' -gem 'font_awesome5_rails' -gem 'sassc-rails' +gem 'font_awesome5_rails', '>= 0.4.2' +gem 'sassc-rails', '>= 2.1.0' -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.3.3' gem 'turbolinks' -gem 'haml-rails' +gem 'haml-rails', '>= 1.0.0' gem 'redcarpet' gem 'bootsnap', require: false @@ -31,8 +31,8 @@ gem 'counter_culture' # WARNING: when updating public_activity # assert our patch works: models/concerns/public_activity # and the specs: specs/models/concerns/public_activity -gem 'devise' -gem 'public_activity' +gem 'devise', '>= 4.7.1' +gem 'public_activity', '>= 1.6.3' gem 'pundit' gem 'state_machines-activerecord' @@ -40,13 +40,13 @@ gem 'grape' gem 'grape-entity', github: 'ruby-grape/grape-entity', branch: 'master' group :development do - gem 'grape_on_rails_routes' + gem 'grape_on_rails_routes', '>= 0.3.2' gem 'letter_opener' gem 'seedbank' end group :development, :test do - gem 'factory_bot_rails' + gem 'factory_bot_rails', '>= 4.11.1' gem 'faker' gem 'fix-db-schema-conflicts' gem 'pry-byebug' @@ -55,13 +55,13 @@ end group :test do gem 'database_cleaner' gem 'guard-rspec' - gem 'pundit-matchers' - gem 'rails-controller-testing' - gem 'rspec-rails' + gem 'pundit-matchers', '>= 1.6.0' + gem 'rails-controller-testing', '>= 1.0.4' + gem 'rspec-rails', '>= 3.8.1' gem 'shoulda-matchers', github: 'thoughtbot/shoulda-matchers', branch: 'master' gem 'state_machines-rspec' - gem 'capybara' + gem 'capybara', '>= 3.11.1' gem 'fakeredis' gem 'launchy' gem 'selenium-webdriver' diff --git a/Gemfile.lock b/Gemfile.lock index 5bf7fb6..4322a86 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -18,49 +18,49 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (5.2.2.1) - actionpack (= 5.2.2.1) + actioncable (5.2.4.1) + actionpack (= 5.2.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.2.1) - actionpack (= 5.2.2.1) - actionview (= 5.2.2.1) - activejob (= 5.2.2.1) + actionmailer (5.2.4.1) + actionpack (= 5.2.4.1) + actionview (= 5.2.4.1) + activejob (= 5.2.4.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.2.1) - actionview (= 5.2.2.1) - activesupport (= 5.2.2.1) - rack (~> 2.0) + actionpack (5.2.4.1) + actionview (= 5.2.4.1) + activesupport (= 5.2.4.1) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.2.1) - activesupport (= 5.2.2.1) + actionview (5.2.4.1) + activesupport (= 5.2.4.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.2.1) - activesupport (= 5.2.2.1) + activejob (5.2.4.1) + activesupport (= 5.2.4.1) globalid (>= 0.3.6) - activemodel (5.2.2.1) - activesupport (= 5.2.2.1) - activerecord (5.2.2.1) - activemodel (= 5.2.2.1) - activesupport (= 5.2.2.1) + activemodel (5.2.4.1) + activesupport (= 5.2.4.1) + activerecord (5.2.4.1) + activemodel (= 5.2.4.1) + activesupport (= 5.2.4.1) arel (>= 9.0) - activestorage (5.2.2.1) - actionpack (= 5.2.2.1) - activerecord (= 5.2.2.1) + activestorage (5.2.4.1) + actionpack (= 5.2.4.1) + activerecord (= 5.2.4.1) marcel (~> 0.3.1) - activesupport (5.2.2.1) + activesupport (5.2.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) after_commit_action (1.1.0) activerecord (>= 3.0.0) activesupport (>= 3.0.0) @@ -73,28 +73,28 @@ GEM bcrypt (3.1.13) bootsnap (1.3.2) msgpack (~> 1.0) - builder (3.2.3) + builder (3.2.4) byebug (10.0.2) - capybara (3.11.1) + capybara (3.31.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.2) + regexp_parser (~> 1.5) xpath (~> 3.2) childprocess (0.9.0) ffi (~> 1.0, >= 1.0.11) coderay (1.1.2) coercible (1.0.0) descendants_tracker (~> 0.0.1) - concurrent-ruby (1.1.5) + concurrent-ruby (1.1.6) connection_pool (2.2.2) counter_culture (2.1.4) activerecord (>= 3.0.0) activesupport (>= 3.0.0) after_commit_action (~> 1.0) - crass (1.0.4) + crass (1.0.6) database_cleaner (1.7.0) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) @@ -110,20 +110,20 @@ GEM erubis (2.7.0) et-orbi (1.1.7) tzinfo - factory_bot (4.11.1) - activesupport (>= 3.0.0) - factory_bot_rails (4.11.1) - factory_bot (~> 4.11.1) - railties (>= 3.0.0) + factory_bot (5.1.1) + activesupport (>= 4.2.0) + factory_bot_rails (5.1.1) + factory_bot (~> 5.1.0) + railties (>= 4.2.0) faker (1.9.3) i18n (>= 0.7) fakeredis (0.7.0) redis (>= 3.2, < 5.0) - ffi (1.9.25) + ffi (1.12.2) fix-db-schema-conflicts (3.0.2) rubocop (>= 0.38.0) - font_awesome5_rails (0.4.2) - railties (>= 4.2, < 5.3) + font_awesome5_rails (1.0.0) + railties (>= 4.2) formatador (0.2.5) fugit (1.1.8) et-orbi (~> 1.1, >= 1.1.7) @@ -153,26 +153,26 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - haml (5.0.4) + haml (5.1.2) temple (>= 0.8.0) tilt - haml-rails (1.0.0) - actionpack (>= 4.0.1) - activesupport (>= 4.0.1) + haml-rails (2.0.1) + actionpack (>= 5.1) + activesupport (>= 5.1) haml (>= 4.0.6, < 6.0) html2haml (>= 1.0.1) - railties (>= 4.0.1) + railties (>= 5.1) hirb (0.7.3) html2haml (2.2.0) erubis (~> 2.7.0) haml (>= 4.0, < 6) nokogiri (>= 1.6.0) ruby_parser (~> 3.5) - i18n (1.6.0) + i18n (1.8.2) concurrent-ruby (~> 1.0) ice_nine (0.11.2) jaro_winkler (1.5.1) - jquery-rails (4.3.3) + jquery-rails (4.3.5) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -188,7 +188,7 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.2.3) + loofah (2.4.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) lumberjack (1.0.13) @@ -197,18 +197,18 @@ GEM marcel (0.3.3) mimemagic (~> 0.3.2) method_source (0.9.2) - mimemagic (0.3.3) - mini_mime (1.0.1) + mimemagic (0.3.4) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.12.0) + minitest (5.14.0) msgpack (1.2.4) multi_json (1.13.1) mustermann (1.0.3) mustermann-grape (1.0.0) mustermann (~> 1.0.0) nenv (0.3.0) - nio4r (2.3.1) - nokogiri (1.10.4) + nio4r (2.5.2) + nokogiri (1.10.8) mini_portile2 (~> 2.4.0) notiffany (0.1.1) nenv (~> 0.1) @@ -225,37 +225,37 @@ GEM pry-byebug (3.6.0) byebug (~> 10.0) pry (~> 0.10) - public_activity (1.6.3) + public_activity (1.6.4) actionpack (>= 3.0.0) activerecord (>= 3.0) i18n (>= 0.5.0) railties (>= 3.0.0) - public_suffix (3.0.3) + public_suffix (4.0.3) puma (3.12.1) pundit (2.0.0) activesupport (>= 3.0.0) pundit-matchers (1.6.0) rspec-rails (>= 3.0.0) raabro (1.1.6) - rack (2.0.7) + rack (2.2.2) rack-accept (0.4.5) rack (>= 0.4) rack-protection (2.0.4) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.2.1) - actioncable (= 5.2.2.1) - actionmailer (= 5.2.2.1) - actionpack (= 5.2.2.1) - actionview (= 5.2.2.1) - activejob (= 5.2.2.1) - activemodel (= 5.2.2.1) - activerecord (= 5.2.2.1) - activestorage (= 5.2.2.1) - activesupport (= 5.2.2.1) + rails (5.2.4.1) + actioncable (= 5.2.4.1) + actionmailer (= 5.2.4.1) + actionpack (= 5.2.4.1) + actionview (= 5.2.4.1) + activejob (= 5.2.4.1) + activemodel (= 5.2.4.1) + activerecord (= 5.2.4.1) + activestorage (= 5.2.4.1) + activesupport (= 5.2.4.1) bundler (>= 1.3.0) - railties (= 5.2.2.1) + railties (= 5.2.4.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -264,22 +264,22 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.2.0) - loofah (~> 2.2, >= 2.2.2) - railties (5.2.2.1) - actionpack (= 5.2.2.1) - activesupport (= 5.2.2.1) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.1) + actionpack (= 5.2.4.1) + activesupport (= 5.2.4.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.0) + rake (13.0.1) rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) redcarpet (3.4.0) redis (4.0.3) - regexp_parser (1.3.0) + regexp_parser (1.7.0) responders (3.0.0) actionpack (>= 5.0) railties (>= 5.0) @@ -287,15 +287,15 @@ GEM rspec-core (~> 3.8.0) rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) + rspec-core (3.8.2) rspec-support (~> 3.8.0) - rspec-expectations (3.8.2) + rspec-expectations (3.8.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-mocks (3.8.0) + rspec-mocks (3.8.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-rails (3.8.1) + rspec-rails (3.8.3) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) @@ -303,7 +303,7 @@ GEM rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) rspec-support (~> 3.8.0) - rspec-support (3.8.0) + rspec-support (3.8.3) rubocop (0.60.0) jaro_winkler (~> 1.5.1) parallel (~> 1.10) @@ -314,15 +314,14 @@ GEM unicode-display_width (~> 1.4.0) ruby-progressbar (1.10.0) ruby_dep (1.5.0) - ruby_parser (3.11.0) + ruby_parser (3.14.2) sexp_processor (~> 4.9) rubyzip (1.2.2) rufus-scheduler (3.5.2) fugit (~> 1.1, >= 1.1.5) - sassc (2.0.1) + sassc (2.2.1) ffi (~> 1.9) - rake - sassc-rails (2.1.0) + sassc-rails (2.1.2) railties (>= 4.0.0) sassc (>= 2.0) sprockets (> 3.0) @@ -332,7 +331,7 @@ GEM selenium-webdriver (3.141.0) childprocess (~> 0.5) rubyzip (~> 1.2, >= 1.2.2) - sexp_processor (4.11.0) + sexp_processor (4.14.1) shellany (0.0.1) sidekiq (5.2.3) connection_pool (~> 2.2, >= 2.2.2) @@ -361,14 +360,14 @@ GEM activesupport rspec (~> 3.3) state_machines - temple (0.8.0) - thor (0.20.3) + temple (0.8.2) + thor (1.0.1) thread_safe (0.3.6) - tilt (2.0.8) + tilt (2.0.10) turbolinks (5.2.0) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.5) + tzinfo (1.2.6) thread_safe (~> 0.1) unicode-display_width (1.4.0) virtus (1.0.5) @@ -378,9 +377,9 @@ GEM equalizer (~> 0.0, >= 0.0.9) warden (1.2.8) rack (>= 2.0.6) - websocket-driver (0.7.0) + websocket-driver (0.7.1) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.4) xpath (3.2.0) nokogiri (~> 1.8) @@ -389,36 +388,36 @@ PLATFORMS DEPENDENCIES bootsnap - capybara + capybara (>= 3.11.1) counter_culture database_cleaner - devise - factory_bot_rails + devise (>= 4.7.1) + factory_bot_rails (>= 4.11.1) faker fakeredis fix-db-schema-conflicts - font_awesome5_rails + font_awesome5_rails (>= 0.4.2) grape grape-entity! - grape_on_rails_routes + grape_on_rails_routes (>= 0.3.2) guard-rspec - haml-rails + haml-rails (>= 1.0.0) hirb - jquery-rails + jquery-rails (>= 4.3.3) jsonb_accessor launchy letter_opener pg pry-byebug - public_activity + public_activity (>= 1.6.3) puma pundit - pundit-matchers - rails (~> 5.2.2) - rails-controller-testing + pundit-matchers (>= 1.6.0) + rails (~> 5.2.2, >= 5.2.2.1) + rails-controller-testing (>= 1.0.4) redcarpet - rspec-rails - sassc-rails + rspec-rails (>= 3.8.1) + sassc-rails (>= 2.1.0) seedbank selenium-webdriver shoulda-matchers!