From 8a174c386e4c5243cbca44f024e1168060a6e968 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 29 Sep 2021 02:51:25 +0000 Subject: [PATCH] fix: api/Gemfile & api/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792 --- api/Gemfile | 12 ++-- api/Gemfile.lock | 162 +++++++++++++++++++++++------------------------ 2 files changed, 87 insertions(+), 87 deletions(-) diff --git a/api/Gemfile b/api/Gemfile index 4f49191..dee2f50 100644 --- a/api/Gemfile +++ b/api/Gemfile @@ -34,13 +34,13 @@ ruby '2.7.3' gem 'rails', '>= 6.1.3.2' -gem 'activeadmin', '>= 2.7.0' +gem 'activeadmin', '>= 2.9.0' gem 'addressable' gem 'bcrypt' gem 'cf-app-utils' -gem 'devise', '>= 4.7.2' +gem 'devise', '>= 4.8.0' gem 'friendly_id', '5.1.0' -gem 'inherited_resources', '>= 1.11.0' +gem 'inherited_resources', '>= 1.13.0' gem 'jbuilder', '>= 2.10.0' gem 'premailer-rails', '>= 1.11.1' gem 'puma', '>= 5.3.1' @@ -52,10 +52,10 @@ gem 'uglifier' gem 'jwt' group :development, :test do - gem 'dotenv-rails', '>= 2.7.5' + gem 'dotenv-rails', '>= 2.7.6' gem 'pry' gem 'pry-byebug' - gem 'rspec-rails', '>= 4.0.1' + gem 'rspec-rails', '>= 5.0.1' gem 'rubocop', require: false gem 'shoulda-matchers', '>= 4.0.1' gem 'webmock' @@ -68,7 +68,7 @@ group :development do gem 'sqlite3' gem 'bullet', '>= 6.1.0' gem 'listen' - gem 'web-console', '>= 4.0.2' + gem 'web-console', '>= 4.1.0' end group :production do diff --git a/api/Gemfile.lock b/api/Gemfile.lock index d8592de..c4e7873 100644 --- a/api/Gemfile.lock +++ b/api/Gemfile.lock @@ -3,40 +3,40 @@ GEM specs: action-cable-testing (0.6.1) actioncable (>= 5.0) - actioncable (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + actioncable (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailbox (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (>= 2.7.1) - actionmailer (6.1.3.2) - actionpack (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailer (6.1.4.1) + actionpack (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.2) - actionview (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionpack (6.1.4.1) + actionview (= 6.1.4.1) + activesupport (= 6.1.4.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.2) - actionpack (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actiontext (6.1.4.1) + actionpack (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) nokogiri (>= 1.8.5) - actionview (6.1.3.2) - activesupport (= 6.1.3.2) + actionview (6.1.4.1) + activesupport (= 6.1.4.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -50,28 +50,28 @@ GEM kaminari (~> 1.0, >= 1.2.1) railties (>= 5.2, < 6.2) ransack (~> 2.1, >= 2.1.1) - activejob (6.1.3.2) - activesupport (= 6.1.3.2) + activejob (6.1.4.1) + activesupport (= 6.1.4.1) globalid (>= 0.3.6) - activemodel (6.1.3.2) - activesupport (= 6.1.3.2) - activerecord (6.1.3.2) - activemodel (= 6.1.3.2) - activesupport (= 6.1.3.2) - activestorage (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activesupport (= 6.1.3.2) + activemodel (6.1.4.1) + activesupport (= 6.1.4.1) + activerecord (6.1.4.1) + activemodel (= 6.1.4.1) + activesupport (= 6.1.4.1) + activestorage (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activesupport (= 6.1.4.1) marcel (~> 1.0.0) - mini_mime (~> 1.0.2) - activesupport (6.1.3.2) + mini_mime (>= 1.1.0) + activesupport (6.1.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) arbre (1.4.0) activesupport (>= 3.0.0, < 6.2) @@ -87,11 +87,11 @@ GEM cf-app-utils (0.6) climate_control (1.0.0) coderay (1.1.3) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crack (0.4.5) rexml crass (1.0.6) - css_parser (1.9.0) + css_parser (1.10.0) addressable devise (4.8.0) bcrypt (~> 3.0) @@ -108,14 +108,14 @@ GEM railties (>= 3.2) erubi (1.10.0) execjs (2.8.1) - ffi (1.15.0) + ffi (1.15.4) formtastic (4.0.0) actionpack (>= 5.2.0) - formtastic_i18n (0.6.0) + formtastic_i18n (0.7.0) friendly_id (5.1.0) activerecord (>= 4.0.0) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (0.5.2) + activesupport (>= 5.0) has_scope (0.8.0) actionpack (>= 5.2) activesupport (>= 5.2) @@ -153,24 +153,24 @@ GEM listen (3.5.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.9.1) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) method_source (1.0.0) mime-types (3.3.1) mime-types-data (~> 3.2015) mime-types-data (3.2021.0225) - mini_mime (1.0.3) - mini_portile2 (2.5.1) + mini_mime (1.1.1) + mini_portile2 (2.6.1) minitest (5.14.4) mysql2 (0.5.3) netrc (0.11.0) - nio4r (2.5.7) - nokogiri (1.11.4) - mini_portile2 (~> 2.5.0) + nio4r (2.5.8) + nokogiri (1.12.5) + mini_portile2 (~> 2.6.1) racc (~> 1.4) orm_adapter (0.5.0) parallel (1.20.1) @@ -201,34 +201,34 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.2) - actioncable (= 6.1.3.2) - actionmailbox (= 6.1.3.2) - actionmailer (= 6.1.3.2) - actionpack (= 6.1.3.2) - actiontext (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activemodel (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + rails (6.1.4.1) + actioncable (= 6.1.4.1) + actionmailbox (= 6.1.4.1) + actionmailer (= 6.1.4.1) + actionpack (= 6.1.4.1) + actiontext (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activemodel (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) bundler (>= 1.15.0) - railties (= 6.1.3.2) + railties (= 6.1.4.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + railties (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) method_source - rake (>= 0.8.7) + rake (>= 0.13) thor (~> 1.0) rainbow (3.0.0) - rake (13.0.3) + rake (13.0.6) ransack (2.4.2) activerecord (>= 5.2.4) activesupport (>= 5.2.4) @@ -255,7 +255,7 @@ GEM rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-rails (5.0.1) + rspec-rails (5.0.2) actionpack (>= 5.2) activesupport (>= 5.2) railties (>= 5.2) @@ -276,7 +276,7 @@ GEM rubocop-ast (1.5.0) parser (>= 3.0.1.1) ruby-progressbar (1.11.0) - ruby2_keywords (0.0.4) + ruby2_keywords (0.0.5) sassc (2.4.0) ffi (~> 1.9) sassc-rails (2.0.0) @@ -319,7 +319,7 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) zeitwerk (2.4.2) @@ -329,16 +329,16 @@ PLATFORMS DEPENDENCIES action-cable-testing (>= 0.6.1) - activeadmin (>= 2.7.0) + activeadmin (>= 2.9.0) addressable bcrypt bullet (>= 6.1.0) cf-app-utils climate_control - devise (>= 4.7.2) - dotenv-rails (>= 2.7.5) + devise (>= 4.8.0) + dotenv-rails (>= 2.7.6) friendly_id (= 5.1.0) - inherited_resources (>= 1.11.0) + inherited_resources (>= 1.13.0) jbuilder (>= 2.10.0) jwt listen @@ -353,18 +353,18 @@ DEPENDENCIES rails (>= 6.1.3.2) redis (~> 3.3.3) rest-client - rspec-rails (>= 4.0.1) + rspec-rails (>= 5.0.1) rubocop sassc-rails (~> 2.0.0) shoulda-matchers (>= 4.0.1) sqlite3 tzinfo-data uglifier - web-console (>= 4.0.2) + web-console (>= 4.1.0) webmock RUBY VERSION ruby 2.7.3p183 BUNDLED WITH - 2.2.16 + 2.1.4