From ac7b50667ca1a4d28683b93809df06700cfbc238 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Jul 2022 13:30:01 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-2935879 --- Gemfile | 2 +- Gemfile.lock | 209 ++++++++++++++++++++++++++------------------------- 2 files changed, 109 insertions(+), 102 deletions(-) diff --git a/Gemfile b/Gemfile index cdf798137..9d72e4d82 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ gem 'coffee-rails' gem 'uglifier' gem 'octicons_helper' gem 'rack-canonical-host' -gem 'draper', '~> 3.0.0.pre1' # pre version has rails5 support +gem 'draper', '~> 3.0.0.0' # pre version has rails5 support gem 'responders' gem 'gmaps4rails' gem 'geocoder' diff --git a/Gemfile.lock b/Gemfile.lock index 44e3cebc3..edf5232ba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,9 +29,8 @@ GEM globalid (>= 0.3.6) activemodel (5.0.2) activesupport (= 5.0.2) - activemodel-serializers-xml (1.0.1) + activemodel-serializers-xml (1.0.2) activemodel (> 5.x) - activerecord (> 5.x) activesupport (> 5.x) builder (~> 3.1) activerecord (5.0.2) @@ -49,14 +48,14 @@ GEM ast (2.3.0) autoprefixer-rails (6.7.6) execjs + bindex (0.8.1) bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) brakeman (3.5.0) buftok (0.2.0) bugsnag (5.2.0) - builder (3.2.3) - callsite (0.0.11) + builder (3.2.4) capybara (2.12.1) addressable mime-types (>= 1.16) @@ -69,24 +68,24 @@ GEM cliver (0.3.2) codeclimate-test-reporter (1.0.6) simplecov - coffee-rails (4.2.1) + coffee-rails (4.2.2) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.2.x) + railties (>= 4.0.0) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.10) crack (0.4.3) safe_yaml (~> 1.0.0) + crass (1.0.6) dalli (2.7.6) database_cleaner (1.5.3) - debug_inspector (0.0.2) - diff-lcs (1.3) + diff-lcs (1.5.0) docile (1.1.5) domain_name (0.5.20170223) unf (>= 0.0.5, < 1.0.0) - draper (3.0.0.pre1) + draper (3.0.0) actionpack (~> 5.0) activemodel (~> 5.0) activemodel-serializers-xml (~> 1.0) @@ -100,24 +99,24 @@ GEM erubis (2.7.0) ethon (0.10.1) ffi (>= 1.3.0) - execjs (2.7.0) - factory_girl (4.8.0) + execjs (2.8.1) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) faker (1.7.3) i18n (~> 0.5) faraday (0.11.0) multipart-post (>= 1.2, < 3) - ffi (1.9.18) + ffi (1.15.5) figaro (1.1.1) thor (~> 0.14) foreman (0.83.0) thor (~> 0.19.1) geocoder (1.4.3) - globalid (0.3.7) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) gmaps4rails (2.1.2) hashdiff (0.3.2) hashie (3.5.5) @@ -131,7 +130,8 @@ GEM domain_name (~> 0.5) http-form_data (1.0.1) http_parser.rb (0.6.0) - i18n (0.8.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) i18n-tasks (0.9.12) activesupport (>= 4.0.2) ast (>= 2.1.0) @@ -143,52 +143,53 @@ GEM term-ansicolor (>= 1.3.2) terminal-table (>= 1.5.1) jquery-datetimepicker-rails (2.4.1.0) - jquery-rails (4.2.2) + jquery-rails (4.5.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.0.3) jwt (1.5.6) - kaminari (1.0.1) + kaminari (1.2.2) activesupport (>= 4.1.0) - kaminari-actionview (= 1.0.1) - kaminari-activerecord (= 1.0.1) - kaminari-core (= 1.0.1) - kaminari-actionview (1.0.1) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) actionview - kaminari-core (= 1.0.1) - kaminari-activerecord (1.0.1) + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) activerecord - kaminari-core (= 1.0.1) - kaminari-core (1.0.1) + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) launchy (2.4.3) addressable (~> 2.3) - lodash-rails (4.17.4) + lodash-rails (4.17.21) railties (>= 3.1) - loofah (2.0.3) + loofah (2.18.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) + mail (2.7.1) + mini_mime (>= 0.1.1) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) - meta_request (0.4.0) - callsite (~> 0.0, >= 0.0.11) - rack-contrib (~> 1.1) - railties (>= 3.0.0, < 5.1.0) - method_source (0.8.2) - mime-types (3.1) + meta_request (0.7.3) + rack-contrib (>= 1.1, < 3) + railties (>= 3.0.0, < 7) + method_source (1.0.0) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + mime-types-data (3.2022.0105) + mini_mime (1.1.2) + mini_portile2 (2.4.0) + minitest (5.15.0) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) naught (1.1.0) newrelic_rpm (3.18.1.330) - nio4r (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nio4r (2.5.8) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) oauth (0.5.1) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -196,11 +197,11 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - octicons (3.0.1) - nokogiri (>= 1.6.3.1) - octicons_helper (3.0.1) - octicons (~> 3.0) - rails + octicons (17.3.0) + octicons_helper (17.3.0) + actionview + octicons (= 17.3.0) + railties octokit (4.6.2) sawyer (~> 0.8.0, >= 0.5.3) omniauth (1.6.1) @@ -230,14 +231,14 @@ GEM puma (3.7.1) rabl (0.13.1) activesupport (>= 2.3.14) - rack (2.0.1) + rack (2.2.4) rack-attack (5.0.1) rack rack-canonical-host (0.2.2) addressable (> 0, < 3) rack (>= 1.0.0, < 3) - rack-contrib (1.2.0) - rack (>= 0.9.1) + rack-contrib (2.3.0) + rack (~> 2.0) rack-google-analytics (1.2.0) actionpack activesupport @@ -255,15 +256,15 @@ GEM bundler (>= 1.3.0, < 2.0) railties (= 5.0.2) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.4.3) + loofah (~> 2.3) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging @@ -276,36 +277,41 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (2.2.1) - rake (12.0.0) - request_store (1.3.2) - responders (2.3.0) - railties (>= 4.2.0, < 5.1) + rake (13.0.6) + rb-fsevent (0.11.1) + rb-inotify (0.10.1) + ffi (~> 1.0) + request_store (1.5.1) + rack (>= 1.4) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) rspec-activemodel-mocks (1.0.3) activemodel (>= 3.0) activesupport (>= 3.0) rspec-mocks (>= 2.99, < 4.0) rspec-collection_matchers (1.1.3) rspec-expectations (>= 2.99.0.beta1) - rspec-core (3.5.4) - rspec-support (~> 3.5.0) - rspec-expectations (3.5.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) + rspec-support (~> 3.11.0) rspec-its (1.2.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.5.0) + rspec-mocks (3.11.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-rails (3.5.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-core (~> 3.5.0) - rspec-expectations (~> 3.5.0) - rspec-mocks (~> 3.5.0) - rspec-support (~> 3.5.0) - rspec-support (3.5.0) + rspec-support (~> 3.11.0) + rspec-rails (4.1.2) + actionpack (>= 4.2) + activesupport (>= 4.2) + railties (>= 4.2) + rspec-core (~> 3.10) + rspec-expectations (~> 3.10) + rspec-mocks (~> 3.10) + rspec-support (~> 3.10) + rspec-support (3.11.0) rubocop (0.47.1) parser (>= 2.3.3.1, < 3.0) powerpack (~> 0.1) @@ -314,16 +320,17 @@ GEM unicode-display_width (~> 1.0, >= 1.0.1) ruby-progressbar (1.8.1) safe_yaml (1.0.4) - sass (3.4.23) - sassc (1.11.2) - bundler - ffi (~> 1.9.6) - sass (>= 3.3.0) - sassc-rails (1.3.0) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) railties (>= 4.0.0) - sass - sassc (~> 1.9) - sprockets (> 2.11) + sassc (>= 2.0) + sprockets (> 3.0) sprockets-rails tilt sawyer (0.8.1) @@ -331,9 +338,9 @@ GEM faraday (~> 0.8, < 1.0) shoulda-matchers (3.1.1) activesupport (>= 4.0.0) - simple_form (3.4.0) - actionpack (> 4, < 5.1) - activemodel (> 4, < 5.1) + simple_form (5.0.3) + actionpack (>= 5.0) + activemodel (>= 5.0) simple_oauth (0.3.1) simplecov (0.13.0) docile (~> 1.1.0) @@ -344,10 +351,10 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -358,7 +365,7 @@ GEM thor (0.19.4) thread (0.2.2) thread_safe (0.3.6) - tilt (2.0.6) + tilt (2.0.10) timecop (0.8.1) tins (1.13.2) twitter (6.1.0) @@ -373,7 +380,7 @@ GEM simple_oauth (~> 0.3.1) typhoeus (1.1.2) ethon (>= 0.9.0) - tzinfo (1.2.2) + tzinfo (1.2.9) thread_safe (~> 0.1) uglifier (3.1.4) execjs (>= 0.3.0, < 3) @@ -381,10 +388,10 @@ GEM unf_ext unf_ext (0.0.7.2) unicode-display_width (1.1.3) - web-console (3.4.0) + web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) webmock (2.3.2) addressable (>= 2.3.6) @@ -392,7 +399,7 @@ GEM hashdiff websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.5) xpath (2.0.0) nokogiri (~> 1.3) @@ -408,7 +415,7 @@ DEPENDENCIES coffee-rails dalli database_cleaner - draper (~> 3.0.0.pre1) + draper (~> 3.0.0.0) factory_girl_rails faker figaro @@ -461,4 +468,4 @@ RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.6 + 1.17.3