From 4d41153c499c5bd7e3a6477db1ade5fadce64b3b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 21 May 2022 07:14:15 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 --- Gemfile | 8 +-- Gemfile.lock | 194 +++++++++++++++++++++++++-------------------------- 2 files changed, 101 insertions(+), 101 deletions(-) mode change 100755 => 100644 Gemfile diff --git a/Gemfile b/Gemfile old mode 100755 new mode 100644 index 94c1ac6..89e0ea9 --- a/Gemfile +++ b/Gemfile @@ -10,13 +10,13 @@ end ruby '2.7.5' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.0.1' +gem 'rails', '~> 6.0.3', '>= 6.0.3.6' # Use postgresql as the database for Active Record gem 'pg', '~> 0.18' # Use Puma as the app server gem 'puma', '~> 3.7' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0.7' +gem 'sass-rails', '~> 5.0.8' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes @@ -47,13 +47,13 @@ group :development, :test do gem 'selenium-webdriver' gem 'rspec_junit_formatter' - gem 'rspec-rails', '4.0.0.beta3' + gem 'rspec-rails', '4.0.0' end group :development do # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. gem 'listen', '>= 3.0.5', '< 3.2' - gem 'web-console', '>= 3.7.0' + gem 'web-console', '>= 4.1.0' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring', '~> 2.0.2' gem 'spring-watcher-listen', '~> 2.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index 3289f9a..1735d76 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,62 +1,62 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.6) - actionpack (= 6.0.3.6) + actioncable (6.0.5) + actionpack (= 6.0.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.6) - actionpack (= 6.0.3.6) - activejob (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) + actionmailbox (6.0.5) + actionpack (= 6.0.5) + activejob (= 6.0.5) + activerecord (= 6.0.5) + activestorage (= 6.0.5) + activesupport (= 6.0.5) mail (>= 2.7.1) - actionmailer (6.0.3.6) - actionpack (= 6.0.3.6) - actionview (= 6.0.3.6) - activejob (= 6.0.3.6) + actionmailer (6.0.5) + actionpack (= 6.0.5) + actionview (= 6.0.5) + activejob (= 6.0.5) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.6) - actionview (= 6.0.3.6) - activesupport (= 6.0.3.6) + actionpack (6.0.5) + actionview (= 6.0.5) + activesupport (= 6.0.5) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.6) - actionpack (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) + actiontext (6.0.5) + actionpack (= 6.0.5) + activerecord (= 6.0.5) + activestorage (= 6.0.5) + activesupport (= 6.0.5) nokogiri (>= 1.8.5) - actionview (6.0.3.6) - activesupport (= 6.0.3.6) + actionview (6.0.5) + activesupport (= 6.0.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.6) - activesupport (= 6.0.3.6) + activejob (6.0.5) + activesupport (= 6.0.5) globalid (>= 0.3.6) - activemodel (6.0.3.6) - activesupport (= 6.0.3.6) - activerecord (6.0.3.6) - activemodel (= 6.0.3.6) - activesupport (= 6.0.3.6) - activestorage (6.0.3.6) - actionpack (= 6.0.3.6) - activejob (= 6.0.3.6) - activerecord (= 6.0.3.6) - marcel (~> 1.0.0) - activesupport (6.0.3.6) + activemodel (6.0.5) + activesupport (= 6.0.5) + activerecord (6.0.5) + activemodel (= 6.0.5) + activesupport (= 6.0.5) + activestorage (6.0.5) + actionpack (= 6.0.5) + activejob (= 6.0.5) + activerecord (= 6.0.5) + marcel (~> 1.0) + activesupport (6.0.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) bindex (0.8.1) @@ -77,15 +77,15 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.10) crass (1.0.6) - diff-lcs (1.4.4) + diff-lcs (1.5.0) erubi (1.10.0) - execjs (2.7.0) - ffi (1.15.0) - globalid (0.4.2) - activesupport (>= 4.2.0) - i18n (1.8.10) + execjs (2.8.1) + ffi (1.15.5) + globalid (1.0.0) + activesupport (>= 5.0) + i18n (1.10.0) concurrent-ruby (~> 1.0) jbuilder (2.9.1) activesupport (>= 4.2.0) @@ -93,83 +93,83 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.9.1) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) method_source (1.0.0) - mime-types (3.3.1) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) - mini_mime (1.1.0) - mini_portile2 (2.5.0) - minitest (5.14.4) - nio4r (2.5.7) - nokogiri (1.11.3) - mini_portile2 (~> 2.5.0) + mime-types-data (3.2022.0105) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.15.0) + nio4r (2.5.8) + nokogiri (1.13.6) + mini_portile2 (~> 2.8.0) racc (~> 1.4) parallel (1.20.1) parser (3.0.1.0) ast (~> 2.4.1) pg (0.21.0) - public_suffix (4.0.6) + public_suffix (4.0.7) puma (3.12.6) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.6) - actioncable (= 6.0.3.6) - actionmailbox (= 6.0.3.6) - actionmailer (= 6.0.3.6) - actionpack (= 6.0.3.6) - actiontext (= 6.0.3.6) - actionview (= 6.0.3.6) - activejob (= 6.0.3.6) - activemodel (= 6.0.3.6) - activerecord (= 6.0.3.6) - activestorage (= 6.0.3.6) - activesupport (= 6.0.3.6) + rails (6.0.5) + actioncable (= 6.0.5) + actionmailbox (= 6.0.5) + actionmailer (= 6.0.5) + actionpack (= 6.0.5) + actiontext (= 6.0.5) + actionview (= 6.0.5) + activejob (= 6.0.5) + activemodel (= 6.0.5) + activerecord (= 6.0.5) + activestorage (= 6.0.5) + activesupport (= 6.0.5) bundler (>= 1.3.0) - railties (= 6.0.3.6) + railties (= 6.0.5) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.0.3.6) - actionpack (= 6.0.3.6) - activesupport (= 6.0.3.6) + railties (6.0.5) + actionpack (= 6.0.5) + activesupport (= 6.0.5) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) rainbow (3.0.0) - rake (13.0.3) - rb-fsevent (0.10.4) + rake (13.0.6) + rb-fsevent (0.11.1) rb-inotify (0.10.1) ffi (~> 1.0) regexp_parser (2.1.1) rexml (3.2.5) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (4.0.0.beta3) + rspec-support (~> 3.11.0) + rspec-rails (4.0.0) actionpack (>= 4.2) activesupport (>= 4.2) railties (>= 4.2) - rspec-core (~> 3.8) - rspec-expectations (~> 3.8) - rspec-mocks (~> 3.8) - rspec-support (~> 3.8) - rspec-support (3.10.2) + rspec-core (~> 3.9) + rspec-expectations (~> 3.9) + rspec-mocks (~> 3.9) + rspec-support (~> 3.9) + rspec-support (3.11.0) rspec_junit_formatter (0.4.1) rspec-core (>= 2, < 4, != 2.12.0) rubocop (0.89.1) @@ -208,11 +208,11 @@ GEM sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) - thor (1.1.0) + thor (1.2.1) thread_safe (0.3.6) tilt (2.0.10) turbolinks (5.2.1) @@ -223,17 +223,17 @@ GEM uglifier (4.2.0) execjs (>= 0.3.0, < 3) unicode-display_width (1.7.0) - web-console (4.1.0) + web-console (4.2.0) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (2.1.0) nokogiri (~> 1.3) - zeitwerk (2.4.2) + zeitwerk (2.5.4) PLATFORMS ruby @@ -246,18 +246,18 @@ DEPENDENCIES listen (>= 3.0.5, < 3.2) pg (~> 0.18) puma (~> 3.7) - rails (~> 6.0.1) - rspec-rails (= 4.0.0.beta3) + rails (~> 6.0.3, >= 6.0.3.6) + rspec-rails (= 4.0.0) rspec_junit_formatter rubocop (~> 0.89.0) - sass-rails (~> 5.0.7) + sass-rails (~> 5.0.8) selenium-webdriver spring (~> 2.0.2) spring-watcher-listen (~> 2.0.0) turbolinks (~> 5) tzinfo-data uglifier (>= 1.3.0) - web-console (>= 3.7.0) + web-console (>= 4.1.0) RUBY VERSION ruby 2.7.5p203