From a4209d439e7429d23791f4a3a26aec9dac478ef3 Mon Sep 17 00:00:00 2001 From: aarlaud Date: Fri, 18 May 2018 12:43:51 +0200 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20255 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20262 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20271 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIVEMODEL-20260 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20270 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20228 - https://test.snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://test.snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-20225 - https://test.snyk.io/vuln/SNYK-RUBY-LOOFAH-22023 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20245 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20253 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20268 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20292 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013 - https://test.snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014 - https://test.snyk.io/vuln/SNYK-RUBY-RACK-20230 - https://test.snyk.io/vuln/SNYK-RUBY-RACK-20400 - https://test.snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20254 - https://test.snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20257 - https://test.snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20261 - https://test.snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025 - https://test.snyk.io/vuln/SNYK-RUBY-RAILTIES-20454 - https://test.snyk.io/vuln/SNYK-RUBY-TURBOLINKS-20429 - https://test.snyk.io/vuln/SNYK-RUBY-UGLIFIER-20236 --- Gemfile | 16 ++-- Gemfile.lock | 238 +++++++++++++++++++++++++++------------------------ 2 files changed, 134 insertions(+), 120 deletions(-) diff --git a/Gemfile b/Gemfile index 7da382d..7dc90ca 100644 --- a/Gemfile +++ b/Gemfile @@ -1,29 +1,29 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 4.2.1' +gem 'rails', '~> 5.0.0' # Use postgresql as the database for Active Record gem 'pg' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 5.0', '>= 5.0.5' # Use Uglifier as compressor for JavaScript assets -gem 'uglifier', '>= 1.3.0' +gem 'uglifier', '>= 2.7.2' # Use CoffeeScript for .coffee assets and views -gem 'coffee-rails', '~> 4.1.0' +gem 'coffee-rails', '~> 4.1.1' # See https://github.com/rails/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby # Use jquery as the JavaScript library -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.0.4' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks -gem 'turbolinks' +gem 'turbolinks', '>= 5.0.0' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder -gem 'jbuilder', '~> 2.0' +gem 'jbuilder', '~> 2.2', '>= 2.2.12' # bundle exec rake doc:rails generates the API under doc/api. gem 'sdoc', '~> 0.4.0', group: :doc gem 'rails_12factor', group: :production -gem 'puma' +gem 'puma', '>= 2.11.1' # Use ActiveModel has_secure_password # gem 'bcrypt', '~> 3.1.7' diff --git a/Gemfile.lock b/Gemfile.lock index 379496d..d395b18 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,162 +1,176 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) + actioncable (5.0.7) + actionpack (= 5.0.7) + nio4r (>= 1.2, < 3.0) + websocket-driver (~> 0.6.1) + actionmailer (5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.1) - actionview (= 4.2.1) - activesupport (= 4.2.1) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.1) - activesupport (= 4.2.1) + rails-dom-testing (~> 2.0) + actionpack (5.0.7) + actionview (= 5.0.7) + activesupport (= 5.0.7) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.0.7) + activesupport (= 5.0.7) builder (~> 3.1) erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.1) - activesupport (= 4.2.1) - globalid (>= 0.3.0) - activemodel (4.2.1) - activesupport (= 4.2.1) - builder (~> 3.1) - activerecord (4.2.1) - activemodel (= 4.2.1) - activesupport (= 4.2.1) - arel (~> 6.0) - activesupport (4.2.1) - i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7) + activesupport (= 5.0.7) + globalid (>= 0.3.6) + activemodel (5.0.7) + activesupport (= 5.0.7) + activerecord (5.0.7) + activemodel (= 5.0.7) + activesupport (= 5.0.7) + arel (~> 7.0) + activesupport (5.0.7) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - arel (6.0.0) - builder (3.2.2) + arel (7.1.4) + builder (3.2.3) byebug (4.0.5) columnize (= 0.9.0) - coffee-rails (4.1.0) + coffee-rails (4.1.1) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.0) + railties (>= 4.0.0, < 5.1.x) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.9.1) + coffee-script-source (1.12.2) columnize (0.9.0) + concurrent-ruby (1.0.5) + crass (1.0.4) erubis (2.7.0) - execjs (2.5.2) - globalid (0.3.5) - activesupport (>= 4.1.0) - hike (1.2.3) - i18n (0.7.0) - jbuilder (2.2.12) - activesupport (>= 3.0.0, < 5) - multi_json (~> 1.2) - jquery-rails (4.0.3) - rails-dom-testing (~> 1.0) + execjs (2.7.0) + ffi (1.9.23) + globalid (0.4.1) + activesupport (>= 4.2.0) + i18n (1.0.1) + concurrent-ruby (~> 1.0) + jbuilder (2.7.0) + activesupport (>= 4.2.0) + multi_json (>= 1.2) + jquery-rails (4.3.3) + rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.2) - loofah (2.0.1) + json (1.8.6) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) - mime-types (2.4.3) - mini_portile (0.6.2) - minitest (5.5.1) - multi_json (1.11.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + mail (2.7.0) + mini_mime (>= 0.1.1) + method_source (0.9.0) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) + multi_json (1.13.1) + nio4r (2.3.1) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) pg (0.18.1) - puma (2.11.1) - rack (>= 1.1, < 2.0) - rack (1.6.0) + puma (3.11.4) + rack (2.0.5) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.1) - actionmailer (= 4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) - activemodel (= 4.2.1) - activerecord (= 4.2.1) - activesupport (= 4.2.1) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.1) - sprockets-rails - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.6) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) - loofah (~> 2.0) + rails (5.0.7) + actioncable (= 5.0.7) + actionmailer (= 5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) + activemodel (= 5.0.7) + activerecord (= 5.0.7) + activesupport (= 5.0.7) + bundler (>= 1.3.0) + railties (= 5.0.7) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.4) rails_stdout_logging (0.0.3) - railties (4.2.1) - actionpack (= 4.2.1) - activesupport (= 4.2.1) + railties (5.0.7) + actionpack (= 5.0.7) + activesupport (= 5.0.7) + method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rake (12.3.1) + rb-fsevent (0.10.3) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) rdoc (4.2.0) - sass (3.4.13) - sass-rails (5.0.3) - railties (>= 4.0.0, < 5.0) + sass (3.5.6) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) + railties (>= 4.0.0, < 6) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) - tilt (~> 1.1) + tilt (>= 1.1, < 3) sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) spring (1.3.4) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - thor (0.19.1) - thread_safe (0.3.5) - tilt (1.4.1) - turbolinks (2.5.3) - coffee-rails - tzinfo (1.2.2) + sprockets (3.7.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + thor (0.20.0) + thread_safe (0.3.6) + tilt (2.0.8) + turbolinks (5.1.1) + turbolinks-source (~> 5.1) + turbolinks-source (5.1.0) + tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (2.7.1) - execjs (>= 0.3.0) - json (>= 1.8.0) + uglifier (4.1.10) + execjs (>= 0.3.0, < 3) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.3) PLATFORMS ruby DEPENDENCIES byebug - coffee-rails (~> 4.1.0) - jbuilder (~> 2.0) - jquery-rails + coffee-rails (~> 4.1.1) + jbuilder (~> 2.2, >= 2.2.12) + jquery-rails (>= 4.0.4) pg - puma - rails (~> 4.2.1) + puma (>= 2.11.1) + rails (~> 5.0.0) rails_12factor - sass-rails (~> 5.0) + sass-rails (~> 5.0, >= 5.0.5) sdoc (~> 0.4.0) spring - turbolinks - uglifier (>= 1.3.0) + turbolinks (>= 5.0.0) + uglifier (>= 2.7.2) BUNDLED WITH - 1.10.6 + 1.16.1