From 847191e47a882dc2efd6519abfe2d6ac19a6b7e5 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 9 Mar 2023 18:04:16 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357692
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
---
Gemfile | 4 +-
Gemfile.lock | 267 +++++++++++++++++++++++++++------------------------
2 files changed, 146 insertions(+), 125 deletions(-)
diff --git a/Gemfile b/Gemfile
index 48261559..43820817 100644
--- a/Gemfile
+++ b/Gemfile
@@ -56,7 +56,7 @@ gem 'redis'
gem 'knock', '>= 2.1.1'
gem 'apipie-rails', '>= 0.5.16'
gem 'rack-cors', require: 'rack/cors'
-gem 'nokogiri', '>= 1.10.4'
+gem 'nokogiri', '>= 1.10.5'
gem 'phony_rails'
group :development, :test do
@@ -95,7 +95,7 @@ group :test do
# TODO: fix after release
# https://github.com/thoughtbot/capybara-webkit/issues/1065
gem 'capybara-webkit', git: 'https://github.com/thoughtbot/capybara-webkit.git'
- gem 'capybara', '>= 3.26.0'
+ gem 'capybara', '>= 3.28.0'
gem 'capybara-email', '>= 3.0.1'
gem 'capybara-select2', '>= 1.0.1'
gem 'capybara-screenshot', '>= 1.0.23'
diff --git a/Gemfile.lock b/Gemfile.lock
index dff1b8db..63f4c0f8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,6 @@
GIT
remote: https://github.com/thoughtbot/capybara-webkit.git
- revision: 77fdac424cd6fdb5aa266b229a888cc58da8e95e
+ revision: f429d668568ff7349f5e23a085df7fcf1c431fa7
specs:
capybara-webkit (1.15.1)
capybara (>= 2.3, < 4.0)
@@ -35,9 +35,9 @@ GEM
active_link_to (1.0.5)
actionpack
addressable
- active_model_serializers (0.10.10)
- actionpack (>= 4.1, < 6.1)
- activemodel (>= 4.1, < 6.1)
+ active_model_serializers (0.10.13)
+ actionpack (>= 4.1, < 7.1)
+ activemodel (>= 4.1, < 7.1)
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
activejob (5.2.3)
@@ -60,19 +60,20 @@ GEM
tzinfo (~> 1.1)
acts_as_list (0.9.19)
activerecord (>= 3.0)
- addressable (2.6.0)
- public_suffix (>= 2.0.2, < 4.0)
+ addressable (2.8.1)
+ public_suffix (>= 2.0.2, < 6.0)
airbrussh (1.3.2)
sshkit (>= 1.6.1, != 1.7.0)
annotate (2.7.5)
activerecord (>= 3.2, < 7.0)
rake (>= 10.4, < 13.0)
- apipie-rails (0.5.16)
- rails (>= 4.1)
+ apipie-rails (0.9.3)
+ actionpack (>= 5.0)
+ activesupport (>= 5.0)
arel (9.0.0)
autoprefixer-rails (9.6.1)
execjs
- bcrypt (3.1.13)
+ bcrypt (3.1.18)
bindex (0.8.1)
bootsnap (1.4.4)
msgpack (~> 1.0)
@@ -81,7 +82,7 @@ GEM
bootstrap-sass (3.4.1)
autoprefixer-rails (>= 5.2.1)
sassc (>= 2.0.0)
- builder (3.2.3)
+ builder (3.2.4)
bundler-audit (0.6.1)
bundler (>= 1.2.0, < 3)
thor (~> 0.18)
@@ -104,18 +105,19 @@ GEM
sshkit (~> 1.2)
capistrano3-unicorn (0.2.1)
capistrano (~> 3.1, >= 3.1.0)
- capybara (3.28.0)
+ capybara (3.38.0)
addressable
+ matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
- regexp_parser (~> 1.5)
+ regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
- capybara-email (3.0.1)
+ capybara-email (3.0.2)
capybara (>= 2.4, < 4.0)
mail
- capybara-screenshot (1.0.23)
+ capybara-screenshot (1.0.26)
capybara (>= 1.0, < 4)
launchy
capybara-select2 (1.0.1)
@@ -126,37 +128,39 @@ GEM
chronic (0.10.2)
cocoon (1.2.14)
coderay (1.1.2)
- concurrent-ruby (1.1.5)
- crass (1.0.4)
+ concurrent-ruby (1.2.2)
+ crass (1.0.6)
database_cleaner (1.7.0)
+ date (3.3.3)
date_validator (0.9.0)
activemodel
activesupport
- devise (4.6.2)
+ devise (4.9.0)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
- railties (>= 4.1.0, < 6.0)
+ railties (>= 4.1.0)
responders
warden (~> 1.2.3)
- diff-lcs (1.3)
+ diff-lcs (1.5.0)
docile (1.3.2)
enumerize (2.3.1)
activesupport (>= 3.2)
- erubi (1.8.0)
+ erubi (1.12.0)
execjs (2.7.0)
- factory_bot (5.0.2)
- activesupport (>= 4.2.0)
- factory_bot_rails (5.0.2)
- factory_bot (~> 5.0.2)
- railties (>= 4.2.0)
+ factory_bot (6.2.1)
+ activesupport (>= 5.0.0)
+ factory_bot_rails (6.2.0)
+ factory_bot (~> 6.2.0)
+ railties (>= 5.0.0)
faker (1.9.6)
i18n (>= 0.7)
- ffi (1.11.1)
+ ffi (1.15.5)
formatador (0.2.5)
- globalid (0.4.2)
- activesupport (>= 4.2.0)
- gon (6.2.1)
- actionpack (>= 3.0)
+ globalid (1.1.0)
+ activesupport (>= 5.0)
+ gon (6.4.0)
+ actionpack (>= 3.0.20)
+ i18n (>= 0.7)
multi_json
request_store (>= 1.0)
guard (2.15.0)
@@ -182,55 +186,61 @@ GEM
concurrent-ruby (~> 1.0)
jbuilder (2.9.1)
activesupport (>= 4.2.0)
- jquery-rails (4.3.5)
+ jquery-rails (4.5.1)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
jquery-ui-rails (6.0.1)
railties (>= 3.2.16)
- json (2.2.0)
+ json (2.6.3)
jsonapi-renderer (0.2.2)
jwt (1.5.6)
- kaminari (1.1.1)
+ kaminari (1.2.2)
activesupport (>= 4.1.0)
- kaminari-actionview (= 1.1.1)
- kaminari-activerecord (= 1.1.1)
- kaminari-core (= 1.1.1)
- kaminari-actionview (1.1.1)
+ kaminari-actionview (= 1.2.2)
+ kaminari-activerecord (= 1.2.2)
+ kaminari-core (= 1.2.2)
+ kaminari-actionview (1.2.2)
actionview
- kaminari-core (= 1.1.1)
- kaminari-activerecord (1.1.1)
+ kaminari-core (= 1.2.2)
+ kaminari-activerecord (1.2.2)
activerecord
- kaminari-core (= 1.1.1)
- kaminari-core (1.1.1)
+ kaminari-core (= 1.2.2)
+ kaminari-core (1.2.2)
kgio (2.11.2)
knock (2.1.1)
bcrypt (~> 3.1)
jwt (~> 1.5)
rails (>= 4.2)
- launchy (2.4.3)
- addressable (~> 2.3)
+ launchy (2.5.2)
+ addressable (~> 2.8)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
- loofah (2.2.3)
+ loofah (2.19.1)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
lumberjack (1.0.13)
- mail (2.7.1)
+ mail (2.8.1)
mini_mime (>= 0.1.1)
+ net-imap
+ net-pop
+ net-smtp
marcel (0.3.3)
mimemagic (~> 0.3.2)
+ matrix (0.4.2)
method_source (0.9.2)
mime-types (3.2.2)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.0331)
- mimemagic (0.3.3)
- mini_mime (1.0.2)
- mini_portile2 (2.4.0)
- minitest (5.11.3)
- momentjs-rails (2.20.1)
+ mimemagic (0.3.10)
+ nokogiri (~> 1)
+ rake
+ mini_mime (1.1.2)
+ mini_portile2 (2.8.1)
+ minitest (5.18.0)
+ momentjs-rails (2.29.4.1)
railties (>= 3.1)
monetize (1.7.0)
money (~> 6.9)
@@ -242,15 +252,25 @@ GEM
money (~> 6.10.0)
railties (>= 3.0)
msgpack (1.3.0)
- multi_json (1.13.1)
+ multi_json (1.15.0)
multi_xml (0.6.0)
nenv (0.3.0)
+ net-imap (0.3.4)
+ date
+ net-protocol
+ net-pop (0.1.2)
+ net-protocol
+ net-protocol (0.2.1)
+ timeout
net-scp (2.0.0)
net-ssh (>= 2.6.5, < 6.0.0)
+ net-smtp (0.3.3)
+ net-protocol
net-ssh (5.2.0)
- nio4r (2.4.0)
- nokogiri (1.10.4)
- mini_portile2 (~> 2.4.0)
+ nio4r (2.5.8)
+ nokogiri (1.14.2)
+ mini_portile2 (~> 2.8.0)
+ racc (~> 1.4)
notiffany (0.1.1)
nenv (~> 0.1)
shellany (~> 0.0)
@@ -265,20 +285,23 @@ GEM
phony_rails (0.14.13)
activesupport (>= 3.0)
phony (> 2.15)
+ polyamorous (2.3.2)
+ activerecord (>= 5.2.1)
pry (0.12.2)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
pry-rails (0.3.9)
pry (>= 0.10.4)
- public_suffix (3.1.1)
+ public_suffix (5.0.1)
puma (4.0.1)
nio4r (~> 2.0)
pundit (2.0.1)
activesupport (>= 3.0.0)
- rack (2.0.7)
+ racc (1.6.2)
+ rack (2.2.6.3)
rack-cors (1.0.3)
- rack-test (1.1.0)
- rack (>= 1.0, < 3)
+ rack-test (2.0.2)
+ rack (>= 1.3)
rails (5.2.3)
actioncable (= 5.2.3)
actionmailer (= 5.2.3)
@@ -295,8 +318,8 @@ GEM
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
- rails-html-sanitizer (1.2.0)
- loofah (~> 2.2, >= 2.2.2)
+ rails-html-sanitizer (1.5.0)
+ loofah (~> 2.19, >= 2.19.1)
railties (5.2.3)
actionpack (= 5.2.3)
activesupport (= 5.2.3)
@@ -305,74 +328,71 @@ GEM
thor (>= 0.19.0, < 2.0)
raindrops (0.19.0)
rake (12.3.3)
- ransack (2.1.1)
- actionpack (>= 5.0)
- activerecord (>= 5.0)
- activesupport (>= 5.0)
+ ransack (2.3.2)
+ activerecord (>= 5.2.1)
+ activesupport (>= 5.2.1)
i18n
- rb-fsevent (0.10.3)
- rb-inotify (0.10.0)
+ polyamorous (= 2.3.2)
+ rb-fsevent (0.11.2)
+ rb-inotify (0.10.1)
ffi (~> 1.0)
recursive-open-struct (1.1.0)
redis (4.1.2)
- regexp_parser (1.6.0)
- request_store (1.4.1)
+ regexp_parser (2.7.0)
+ request_store (1.5.1)
rack (>= 1.4)
- responders (3.0.0)
- actionpack (>= 5.0)
- railties (>= 5.0)
+ responders (3.1.0)
+ actionpack (>= 5.2)
+ railties (>= 5.2)
rollbar (2.22.0)
- rspec (3.8.0)
- rspec-core (~> 3.8.0)
- rspec-expectations (~> 3.8.0)
- rspec-mocks (~> 3.8.0)
+ rspec (3.12.0)
+ rspec-core (~> 3.12.0)
+ rspec-expectations (~> 3.12.0)
+ rspec-mocks (~> 3.12.0)
rspec-collection_matchers (1.1.3)
rspec-expectations (>= 2.99.0.beta1)
- rspec-core (3.8.2)
- rspec-support (~> 3.8.0)
- rspec-expectations (3.8.4)
+ rspec-core (3.12.1)
+ rspec-support (~> 3.12.0)
+ rspec-expectations (3.12.2)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.8.0)
- rspec-mocks (3.8.1)
+ rspec-support (~> 3.12.0)
+ rspec-mocks (3.12.3)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.8.0)
- rspec-rails (3.8.2)
- actionpack (>= 3.0)
- activesupport (>= 3.0)
- railties (>= 3.0)
- rspec-core (~> 3.8.0)
- rspec-expectations (~> 3.8.0)
- rspec-mocks (~> 3.8.0)
- rspec-support (~> 3.8.0)
- rspec-support (3.8.2)
+ rspec-support (~> 3.12.0)
+ rspec-rails (5.1.2)
+ actionpack (>= 5.2)
+ activesupport (>= 5.2)
+ railties (>= 5.2)
+ rspec-core (~> 3.10)
+ rspec-expectations (~> 3.10)
+ rspec-mocks (~> 3.10)
+ rspec-support (~> 3.10)
+ rspec-support (3.12.0)
ruby_audit (1.2.0)
bundler-audit (~> 0.6.0)
ruby_dep (1.5.0)
russian_central_bank (1.1.1)
httparty (>= 0.10.0)
money (~> 6)
- sass (3.7.4)
- sass-listen (~> 4.0.0)
- sass-listen (4.0.0)
- rb-fsevent (~> 0.9, >= 0.9.4)
- rb-inotify (~> 0.9, >= 0.9.7)
- sass-rails (5.0.7)
- railties (>= 4.0.0, < 6)
- sass (~> 3.1)
- sprockets (>= 2.8, < 4.0)
- sprockets-rails (>= 2.0, < 4.0)
- tilt (>= 1.1, < 3)
+ sass-rails (6.0.0)
+ sassc-rails (~> 2.1, >= 2.1.1)
sassc (2.0.1)
ffi (~> 1.9)
rake
+ sassc-rails (2.1.2)
+ railties (>= 4.0.0)
+ sassc (>= 2.0)
+ sprockets (> 3.0)
+ sprockets-rails
+ tilt
select2-rails (3.5.9.3)
thor (~> 0.14)
shellany (0.0.1)
shoulda-matchers (4.1.1)
activesupport (>= 4.2.0)
- simple_form (4.1.0)
- actionpack (>= 5.0)
- activemodel (>= 5.0)
+ simple_form (5.2.0)
+ actionpack (>= 5.2)
+ activemodel (>= 5.2)
simplecov (0.17.0)
docile (~> 1.1)
json (>= 1.8, < 3)
@@ -381,51 +401,52 @@ GEM
slackistrano (0.1.12)
capistrano (>= 3.0.1)
json
- slim (4.0.1)
- temple (>= 0.7.6, < 0.9)
- tilt (>= 2.0.6, < 2.1)
- slim-rails (3.2.0)
+ slim (5.1.0)
+ temple (~> 0.10.0)
+ tilt (>= 2.0.6, < 2.2)
+ slim-rails (3.6.2)
actionpack (>= 3.1)
railties (>= 3.1)
- slim (>= 3.0, < 5.0)
+ slim (>= 3.0, < 6.0, != 5.0.0)
spring (2.1.0)
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
spring-watcher-listen (2.0.1)
listen (>= 2.7, < 4.0)
spring (>= 1.2, < 3.0)
- sprockets (3.7.2)
+ sprockets (4.2.0)
concurrent-ruby (~> 1.0)
- rack (> 1, < 3)
- sprockets-rails (3.2.1)
- actionpack (>= 4.0)
- activesupport (>= 4.0)
+ rack (>= 2.2.4, < 4)
+ sprockets-rails (3.4.2)
+ actionpack (>= 5.2)
+ activesupport (>= 5.2)
sprockets (>= 3.0.0)
sshkit (1.19.1)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
- temple (0.8.1)
+ temple (0.10.0)
thor (0.20.3)
thread_safe (0.3.6)
- tilt (2.0.9)
+ tilt (2.1.0)
timecop (0.9.1)
- tzinfo (1.2.5)
+ timeout (0.3.2)
+ tzinfo (1.2.11)
thread_safe (~> 0.1)
uglifier (4.1.20)
execjs (>= 0.3.0, < 3)
unicorn (5.5.1)
kgio (~> 2.6)
raindrops (~> 0.7)
- warden (1.2.8)
- rack (>= 2.0.6)
+ warden (1.2.9)
+ rack (>= 2.0.9)
web-console (3.7.0)
actionview (>= 5.0)
activemodel (>= 5.0)
bindex (>= 0.4.0)
railties (>= 5.0)
- websocket-driver (0.7.1)
+ websocket-driver (0.7.5)
websocket-extensions (>= 0.1.0)
- websocket-extensions (0.1.4)
+ websocket-extensions (0.1.5)
whenever (1.0.0)
chronic (>= 0.6.3)
wicked_pdf (1.1.0)
@@ -451,7 +472,7 @@ DEPENDENCIES
capistrano-rails (~> 1.1.7)
capistrano-rvm (~> 0.1.2)
capistrano3-unicorn (~> 0.2.1)
- capybara (>= 3.26.0)
+ capybara (>= 3.28.0)
capybara-email (>= 3.0.1)
capybara-screenshot (>= 1.0.23)
capybara-select2 (>= 1.0.1)
@@ -475,7 +496,7 @@ DEPENDENCIES
listen
momentjs-rails (>= 2.20.1)
money-rails (~> 1.10.0)
- nokogiri (>= 1.10.4)
+ nokogiri (>= 1.10.5)
parallel_tests
paranoia
pg