From d26496204c75c047e890bb878fe2fa1b52e89a3c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 4 Jun 2020 23:13:31 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830 --- Gemfile | 4 +-- Gemfile.lock | 97 +++++++++++++++++++++++++++------------------------- 2 files changed, 52 insertions(+), 49 deletions(-) diff --git a/Gemfile b/Gemfile index cdf798137..053e352e6 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem 'jquery-datetimepicker-rails' gem 'simple_form' gem 'coffee-rails' gem 'uglifier' -gem 'octicons_helper' +gem 'octicons_helper', '>= 3.0.1' gem 'rack-canonical-host' gem 'draper', '~> 3.0.0.pre1' # pre version has rails5 support gem 'responders' @@ -51,7 +51,7 @@ group :development, :test, :cucumber do gem 'factory_girl_rails' gem 'faker' gem 'brakeman' - gem 'poltergeist' + gem 'poltergeist', '>= 1.13.0' gem 'launchy' gem 'database_cleaner' diff --git a/Gemfile.lock b/Gemfile.lock index 44e3cebc3..f4890242b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -43,8 +43,8 @@ GEM i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.0) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) arel (7.1.4) ast (2.3.0) autoprefixer-rails (6.7.6) @@ -55,15 +55,16 @@ GEM brakeman (3.5.0) buftok (0.2.0) bugsnag (5.2.0) - builder (3.2.3) + builder (3.2.4) callsite (0.0.11) - capybara (2.12.1) + capybara (3.32.2) addressable - mime-types (>= 1.16) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (~> 2.0) + mini_mime (>= 0.1.3) + nokogiri (~> 1.8) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (~> 1.5) + xpath (~> 3.2) christmas_tree_formatter (0.1.0) rspec-core (~> 3.0) cliver (0.3.2) @@ -76,9 +77,10 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.6) crack (0.4.3) safe_yaml (~> 1.0.0) + crass (1.0.6) dalli (2.7.6) database_cleaner (1.5.3) debug_inspector (0.0.2) @@ -116,8 +118,8 @@ GEM foreman (0.83.0) thor (~> 0.19.1) geocoder (1.4.3) - globalid (0.3.7) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) gmaps4rails (2.1.2) hashdiff (0.3.2) hashie (3.5.5) @@ -131,7 +133,8 @@ GEM domain_name (~> 0.5) http-form_data (1.0.1) http_parser.rb (0.6.0) - i18n (0.8.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) i18n-tasks (0.9.12) activesupport (>= 4.0.2) ast (>= 2.1.0) @@ -165,30 +168,29 @@ GEM addressable (~> 2.3) lodash-rails (4.17.4) railties (>= 3.1) - loofah (2.0.3) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) + mail (2.7.1) + mini_mime (>= 0.1.1) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) meta_request (0.4.0) callsite (~> 0.0, >= 0.0.11) rack-contrib (~> 1.1) railties (>= 3.0.0, < 5.1.0) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + method_source (1.0.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) naught (1.1.0) newrelic_rpm (3.18.1.330) - nio4r (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) oauth (0.5.1) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -196,10 +198,10 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - octicons (3.0.1) + octicons (9.6.0) nokogiri (>= 1.6.3.1) - octicons_helper (3.0.1) - octicons (~> 3.0) + octicons_helper (9.6.0) + octicons (= 9.6.0) rails octokit (4.6.2) sawyer (~> 0.8.0, >= 0.5.3) @@ -221,16 +223,16 @@ GEM parser (2.4.0.0) ast (~> 2.2) pg (0.19.0) - poltergeist (1.13.0) - capybara (~> 2.1) + poltergeist (1.18.1) + capybara (>= 2.1, < 4) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) powerpack (0.1.1) - public_suffix (2.0.5) + public_suffix (3.1.1) puma (3.7.1) rabl (0.13.1) activesupport (>= 2.3.14) - rack (2.0.1) + rack (2.2.2) rack-attack (5.0.1) rack rack-canonical-host (0.2.2) @@ -259,11 +261,11 @@ GEM actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging @@ -276,7 +278,8 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (2.2.1) - rake (12.0.0) + rake (13.0.1) + regexp_parser (1.7.0) request_store (1.3.2) responders (2.3.0) railties (>= 4.2.0, < 5.1) @@ -344,10 +347,10 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -373,7 +376,7 @@ GEM simple_oauth (~> 0.3.1) typhoeus (1.1.2) ethon (>= 0.9.0) - tzinfo (1.2.2) + tzinfo (1.2.7) thread_safe (~> 0.1) uglifier (3.1.4) execjs (>= 0.3.0, < 3) @@ -392,9 +395,9 @@ GEM hashdiff websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) - xpath (2.0.0) - nokogiri (~> 1.3) + websocket-extensions (0.1.5) + xpath (3.2.0) + nokogiri (~> 1.8) PLATFORMS ruby @@ -423,13 +426,13 @@ DEPENDENCIES lodash-rails meta_request newrelic_rpm - octicons_helper + octicons_helper (>= 3.0.1) octokit omniauth omniauth-github omniauth-twitter pg - poltergeist + poltergeist (>= 1.13.0) puma rabl rack-attack @@ -461,4 +464,4 @@ RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.6 + 1.17.3