From d498e4d07b14a5975bb9f7d206d1ce97dc3cba71 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 26 Feb 2020 03:48:53 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
---
 Gemfile      |  6 ++--
 Gemfile.lock | 77 ++++++++++++++++++++++++++++++----------------------
 2 files changed, 48 insertions(+), 35 deletions(-)

diff --git a/Gemfile b/Gemfile
index b41798794..565a39e18 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source 'http://rubygems.org'
 
 gem 'rails', '3.0.10'
-gem 'nokogiri'
+gem 'nokogiri', '>= 1.10.8'
 gem 'mongoid', '2.1.2'
 gem 'haml'
 gem 'will_paginate', '>=3'
@@ -11,13 +11,13 @@ gem 'lighthouse-api'
 gem 'oruen_redmine_client', :require => 'redmine_client'
 gem 'mongoid_rails_migrations'
 gem 'useragent', '~> 0.3.1'
-gem 'pivotal-tracker'
+gem 'pivotal-tracker', '>= 0.4.1'
 gem 'ruby-fogbugz', :require => 'fogbugz'
 gem 'octokit'
 gem 'inherited_resources'
 gem 'SystemTimer', :platform => :ruby_18
 gem 'hoptoad_notifier', "~> 2.4"
-gem 'actionmailer_inline_css', "~> 1.3.0"
+gem 'actionmailer_inline_css', '~> 1.3.1'
 
 platform :ruby do
   gem 'bson_ext', '~> 1.4.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 431e50953..68113ea6d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -33,7 +33,7 @@ GEM
       activemodel (= 3.0.10)
       activesupport (= 3.0.10)
     activesupport (3.0.10)
-    addressable (2.2.6)
+    addressable (2.2.8)
     archive-tar-minitar (0.5.2)
     arel (2.0.10)
     bcrypt-ruby (3.0.1)
@@ -42,7 +42,7 @@ GEM
     builder (2.1.2)
     columnize (0.3.4)
     crack (0.3.1)
-    css_parser (1.2.5)
+    css_parser (1.7.1)
       addressable
     daemons (1.1.4)
     database_cleaner (0.6.7)
@@ -51,6 +51,8 @@ GEM
       orm_adapter (~> 0.0.3)
       warden (~> 1.0.3)
     diff-lcs (1.1.3)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     email_spec (1.2.1)
       mail (~> 2.2)
       rspec (~> 2.0)
@@ -64,23 +66,23 @@ GEM
     faraday (0.7.4)
       addressable (~> 2.2.6)
       multipart-post (~> 1.1.0)
-      rack (< 2, >= 1.1.0)
+      rack (>= 1.1.0, < 2)
     faraday_middleware (0.7.0)
       faraday (~> 0.7.3)
     haml (3.1.3)
-    happymapper (0.4.0)
-      libxml-ruby (~> 2.0)
     has_scope (0.5.1)
     hashie (1.0.0)
     hoptoad_notifier (2.4.11)
       activesupport
       builder
-    htmlentities (4.3.0)
-    i18n (0.5.0)
+    htmlentities (4.3.4)
+    http-accept (1.7.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    i18n (0.5.4)
     inherited_resources (1.3.0)
       has_scope (~> 0.5.0)
       responders (~> 0.6.0)
-    libxml-ruby (2.2.2)
     lighthouse-api (2.0)
       activeresource (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -88,12 +90,13 @@ GEM
       rbx-require-relative (> 0.0.4)
     linecache19 (0.5.12)
       ruby_core_source (>= 0.1.4)
-    mail (2.2.19)
+    mail (2.2.20)
       activesupport (>= 2.3.6)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    mime-types (1.16)
+    mime-types (1.25.1)
+    mini_portile2 (2.4.0)
     mongo (1.4.0)
       bson (= 1.4.0)
     mongoid (2.1.2)
@@ -107,7 +110,11 @@ GEM
       railties (>= 3.0.0)
     multi_json (1.0.3)
     multipart-post (1.1.3)
-    nokogiri (1.5.0)
+    netrc (0.11.0)
+    nokogiri (1.10.8)
+      mini_portile2 (~> 2.4.0)
+    nokogiri-happymapper (0.8.1)
+      nokogiri (~> 1.5)
     octokit (0.6.4)
       addressable (~> 2.2.6)
       faraday (~> 0.7.3)
@@ -117,20 +124,18 @@ GEM
     orm_adapter (0.0.5)
     oruen_redmine_client (0.0.1)
       activeresource (>= 2.3.0)
-    pivotal-tracker (0.4.1)
+    pivotal-tracker (0.5.13)
       builder
-      builder
-      happymapper (>= 0.3.2)
-      happymapper (>= 0.3.2)
-      nokogiri (>= 1.4.3)
-      nokogiri (~> 1.4)
-      rest-client (~> 1.6.0)
-      rest-client (~> 1.6.0)
-    polyglot (0.3.2)
-    premailer (1.7.3)
-      css_parser (>= 1.1.9)
+      crack
+      nokogiri (>= 1.5.5)
+      nokogiri-happymapper (>= 0.5.4)
+      rest-client (>= 1.8.0)
+    polyglot (0.3.5)
+    premailer (1.11.1)
+      addressable
+      css_parser (>= 1.6.0)
       htmlentities (>= 4.0.0)
-    rack (1.2.4)
+    rack (1.2.8)
     rack-mount (0.6.14)
       rack (>= 1.0.0)
     rack-test (0.5.7)
@@ -153,8 +158,11 @@ GEM
     rbx-require-relative (0.0.5)
     rdoc (3.9.4)
     responders (0.6.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     ri_cal (0.8.8)
     rspec (2.6.0)
       rspec-core (~> 2.6.0)
@@ -192,18 +200,20 @@ GEM
       eventmachine (>= 0.12.6)
       rack (>= 1.0.0)
     thor (0.14.6)
-    treetop (1.4.10)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
     typhoeus (0.2.4)
       mime-types
-      mime-types
-    tzinfo (0.3.30)
+    tzinfo (0.3.56)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.6)
     useragent (0.3.2)
     warden (1.0.5)
       rack (>= 1.0)
     webmock (1.7.6)
-      addressable (> 2.2.5, ~> 2.2)
+      addressable (~> 2.2, > 2.2.5)
       crack (>= 0.1.7)
     will_paginate (3.0.2)
 
@@ -212,7 +222,7 @@ PLATFORMS
 
 DEPENDENCIES
   SystemTimer
-  actionmailer_inline_css (~> 1.3.0)
+  actionmailer_inline_css (~> 1.3.1)
   bson_ext (~> 1.4.0)
   database_cleaner (~> 0.6.0)
   devise (~> 1.4.0)
@@ -226,10 +236,10 @@ DEPENDENCIES
   lighthouse-api
   mongoid (= 2.1.2)
   mongoid_rails_migrations
-  nokogiri
+  nokogiri (>= 1.10.8)
   octokit
   oruen_redmine_client
-  pivotal-tracker
+  pivotal-tracker (>= 0.4.1)
   rails (= 3.0.10)
   ri_cal
   rspec (~> 2.6)
@@ -241,3 +251,6 @@ DEPENDENCIES
   useragent (~> 0.3.1)
   webmock
   will_paginate (>= 3)
+
+BUNDLED WITH
+   1.17.3