From cf00d474fe24a99f40750777387f3eab830fc648 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 29 Nov 2018 10:51:44 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVEJOB-72640 --- Gemfile | 2 +- Gemfile.lock | 138 +++++++++++++++++++++++++-------------------------- 2 files changed, 70 insertions(+), 70 deletions(-) diff --git a/Gemfile b/Gemfile index 7da382d..24d1630 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 4.2.1' +gem 'rails', '~> 4.2.11' # Use postgresql as the database for Active Record gem 'pg' # Use SCSS for stylesheets diff --git a/Gemfile.lock b/Gemfile.lock index 379496d..8cb698c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,43 +1,42 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) + actionmailer (4.2.11) + actionpack (= 4.2.11) + actionview (= 4.2.11) + activejob (= 4.2.11) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.1) - actionview (= 4.2.1) - activesupport (= 4.2.1) + actionpack (4.2.11) + actionview (= 4.2.11) + activesupport (= 4.2.11) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.1) - activesupport (= 4.2.1) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.11) + activesupport (= 4.2.11) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.1) - activesupport (= 4.2.1) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (4.2.11) + activesupport (= 4.2.11) globalid (>= 0.3.0) - activemodel (4.2.1) - activesupport (= 4.2.1) + activemodel (4.2.11) + activesupport (= 4.2.11) builder (~> 3.1) - activerecord (4.2.1) - activemodel (= 4.2.1) - activesupport (= 4.2.1) + activerecord (4.2.11) + activemodel (= 4.2.11) + activesupport (= 4.2.11) arel (~> 6.0) - activesupport (4.2.1) + activesupport (4.2.11) i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - arel (6.0.0) - builder (3.2.2) + arel (6.0.4) + builder (3.2.3) byebug (4.0.5) columnize (= 0.9.0) coffee-rails (4.1.0) @@ -48,12 +47,14 @@ GEM execjs coffee-script-source (1.9.1) columnize (0.9.0) + concurrent-ruby (1.1.3) + crass (1.0.4) erubis (2.7.0) execjs (2.5.2) - globalid (0.3.5) - activesupport (>= 4.1.0) - hike (1.2.3) - i18n (0.7.0) + globalid (0.4.1) + activesupport (>= 4.2.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jbuilder (2.2.12) activesupport (>= 3.0.0, < 5) multi_json (~> 1.2) @@ -61,53 +62,54 @@ GEM rails-dom-testing (~> 1.0) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.2) - loofah (2.0.1) + json (1.8.6) + loofah (2.2.3) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) - mime-types (2.4.3) - mini_portile (0.6.2) - minitest (5.5.1) - multi_json (1.11.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + mail (2.7.1) + mini_mime (>= 0.1.1) + mini_mime (1.0.1) + mini_portile2 (2.3.0) + minitest (5.11.3) + multi_json (1.13.1) + nokogiri (1.8.5) + mini_portile2 (~> 2.3.0) pg (0.18.1) puma (2.11.1) rack (>= 1.1, < 2.0) - rack (1.6.0) + rack (1.6.11) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.1) - actionmailer (= 4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) - activemodel (= 4.2.1) - activerecord (= 4.2.1) - activesupport (= 4.2.1) + rails (4.2.11) + actionmailer (= 4.2.11) + actionpack (= 4.2.11) + actionview (= 4.2.11) + activejob (= 4.2.11) + activemodel (= 4.2.11) + activerecord (= 4.2.11) + activesupport (= 4.2.11) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.1) + railties (= 4.2.11) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.6) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) - loofah (~> 2.0) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.4) rails_stdout_logging (0.0.3) - railties (4.2.1) - actionpack (= 4.2.1) - activesupport (= 4.2.1) + railties (4.2.11) + actionpack (= 4.2.11) + activesupport (= 4.2.11) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rake (12.3.1) rdoc (4.2.0) sass (3.4.13) sass-rails (5.0.3) @@ -120,21 +122,19 @@ GEM json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) spring (1.3.4) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - thor (0.19.1) - thread_safe (0.3.5) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + thor (0.20.3) + thread_safe (0.3.6) tilt (1.4.1) turbolinks (2.5.3) coffee-rails - tzinfo (1.2.2) + tzinfo (1.2.5) thread_safe (~> 0.1) uglifier (2.7.1) execjs (>= 0.3.0) @@ -150,7 +150,7 @@ DEPENDENCIES jquery-rails pg puma - rails (~> 4.2.1) + rails (~> 4.2.11) rails_12factor sass-rails (~> 5.0) sdoc (~> 0.4.0) @@ -159,4 +159,4 @@ DEPENDENCIES uglifier (>= 1.3.0) BUNDLED WITH - 1.10.6 + 1.17.1