From 6f9614c99440ef6b325d73bd8cc2574632ebe833 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 12 Apr 2022 16:55:03 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 --- Gemfile | 6 ++--- Gemfile.lock | 70 +++++++++++++++++++++++++++------------------------- 2 files changed, 40 insertions(+), 36 deletions(-) diff --git a/Gemfile b/Gemfile index c4af8b4..821306d 100644 --- a/Gemfile +++ b/Gemfile @@ -8,20 +8,20 @@ end # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 5.1.6' +gem 'rails', '~> 5.1.7' # Use sqlite3 as the database for Active Record gem 'sqlite3', '~> 1.3.7' # Use Puma as the app server gem 'puma', '~> 3.12' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 5.0', '>= 5.0.7' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby # Use CoffeeScript for .coffee assets and views -gem 'coffee-rails', '~> 4.2' +gem 'coffee-rails', '~> 4.2', '>= 4.2.2' # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks gem 'turbolinks', '~> 5' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder diff --git a/Gemfile.lock b/Gemfile.lock index 857e0d5..5b28825 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,7 +38,7 @@ GEM i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) arel (8.0.0) autoprefixer-rails (10.2.4.0) @@ -49,13 +49,14 @@ GEM sassc (>= 2.0.0) builder (3.2.4) byebug (11.1.1) - capybara (3.31.0) + capybara (3.36.0) addressable + matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.5) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) childprocess (3.0.0) coderay (1.1.3) @@ -66,33 +67,33 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.10) crass (1.0.6) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - erubi (1.9.0) - execjs (2.7.0) + erubi (1.10.0) + execjs (2.8.1) faraday (1.3.0) faraday-net_http (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords faraday-net_http (1.0.1) - ffi (1.12.2) + ffi (1.15.5) figaro (1.1.1) thor (~> 0.14) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) + globalid (1.0.0) + activesupport (>= 5.0) + hashie (5.0.0) http-cookie (1.0.3) domain_name (~> 0.5) httparty (0.18.1) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.8.9) + i18n (1.10.0) concurrent-ruby (~> 1.0) jbuilder (2.10.0) activesupport (>= 5.0.0) - jquery-rails (4.3.5) + jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -100,32 +101,34 @@ GEM listen (3.2.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.4.0) + loofah (2.16.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) + matrix (0.4.2) method_source (0.9.2) mime-types (3.3.1) mime-types-data (~> 3.2015) mime-types-data (3.2021.0225) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.4) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.15.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) netrc (0.11.0) - nio4r (2.5.2) - nokogiri (1.10.8) - mini_portile2 (~> 2.4.0) + nio4r (2.5.8) + nokogiri (1.13.4) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.2) + omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -134,7 +137,7 @@ GEM omniauth (>= 1.9, < 3) omniauth-procore (0.6.0) omniauth-oauth2 (>= 1.1.1, < 2.0) - omniauth-rails_csrf_protection (1.0.0) + omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) procore (1.1.0) @@ -144,10 +147,11 @@ GEM pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (4.0.3) + public_suffix (4.0.7) puma (3.12.6) + racc (1.6.0) rack (2.2.3) - rack-protection (2.1.0) + rack-protection (2.2.0) rack rack-test (1.1.0) rack (>= 1.0, < 3) @@ -166,7 +170,7 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) railties (5.1.7) actionpack (= 5.1.7) @@ -174,11 +178,11 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rb-fsevent (0.10.3) + rake (13.0.6) + rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) - regexp_parser (1.7.0) + regexp_parser (2.3.0) rest-client (2.0.2) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) @@ -208,7 +212,7 @@ GEM sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -233,7 +237,7 @@ GEM railties (>= 5.0) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) + websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) @@ -244,7 +248,7 @@ DEPENDENCIES bootstrap-sass byebug capybara - coffee-rails (~> 4.2) + coffee-rails (~> 4.2, >= 4.2.2) figaro httparty jbuilder (~> 2.5) @@ -256,9 +260,9 @@ DEPENDENCIES procore (~> 1.1) pry puma (~> 3.12) - rails (~> 5.1.6) + rails (~> 5.1.7) rest-client - sass-rails (~> 5.0) + sass-rails (~> 5.0, >= 5.0.7) selenium-webdriver spring spring-watcher-listen @@ -269,4 +273,4 @@ DEPENDENCIES web-console BUNDLED WITH - 2.2.13 + 2.1.4