From 77ff16f26648d85eb56d376b2a1b84279c676f61 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Sep 2020 23:13:48 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514 --- Gemfile | 32 ++--- Gemfile.lock | 332 +++++++++++++++++++++++++++------------------------ 2 files changed, 190 insertions(+), 174 deletions(-) diff --git a/Gemfile b/Gemfile index cdf798137..c254e147b 100644 --- a/Gemfile +++ b/Gemfile @@ -1,31 +1,31 @@ source 'https://rubygems.org' ruby '2.4.0' -gem 'rails', '5.0.2' +gem 'rails', '5.2.4.4' -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.2.2' gem 'pg' gem 'omniauth' gem 'omniauth-github' gem 'omniauth-twitter' gem 'octokit' gem 'rabl' -gem 'kaminari' +gem 'kaminari', '>= 1.0.1' gem 'twitter' gem 'bootstrap-sass' gem 'jquery-datetimepicker-rails' -gem 'simple_form' -gem 'coffee-rails' +gem 'simple_form', '>= 4.0.0' +gem 'coffee-rails', '>= 4.2.2' gem 'uglifier' -gem 'octicons_helper' +gem 'octicons_helper', '>= 3.0.1' gem 'rack-canonical-host' -gem 'draper', '~> 3.0.0.pre1' # pre version has rails5 support -gem 'responders' +gem 'draper', '~> 3.0.0.0' # pre version has rails5 support +gem 'responders', '>= 2.4.0' gem 'gmaps4rails' gem 'geocoder' -gem 'lodash-rails' +gem 'lodash-rails', '>= 4.17.4' gem 'typhoeus' -gem 'sassc-rails' +gem 'sassc-rails', '>= 1.3.0' gem 'puma' gem 'rack-attack' @@ -33,22 +33,22 @@ group :development do gem 'spring' gem 'spring-commands-rspec' gem 'rubocop', require: false - gem 'web-console' + gem 'web-console', '>= 3.4.0' gem 'figaro' - gem 'meta_request' + gem 'meta_request', '>= 0.5.0' end group :development, :test, :cucumber do gem 'i18n-tasks' - gem 'rspec-rails' + gem 'rspec-rails', '>= 3.5.2' gem 'simplecov', require: false gem 'codeclimate-test-reporter', require: false - gem 'rails-controller-testing' + gem 'rails-controller-testing', '>= 1.0.1' gem 'rspec-its', require: false gem 'rspec-collection_matchers', require: false gem 'rspec-activemodel-mocks', require: false - gem 'factory_girl_rails' + gem 'factory_girl_rails', '>= 4.8.0' gem 'faker' gem 'brakeman' gem 'poltergeist' @@ -67,5 +67,5 @@ group :production do gem 'rails_12factor' gem 'newrelic_rpm' gem 'bugsnag' - gem 'rack-google-analytics' + gem 'rack-google-analytics', '>= 1.2.0' end diff --git a/Gemfile.lock b/Gemfile.lock index 44e3cebc3..7002f91d5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,62 +1,65 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.0.2) - actionpack (= 5.0.2) - nio4r (>= 1.2, < 3.0) - websocket-driver (~> 0.6.1) - actionmailer (5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) + actioncable (5.2.4.4) + actionpack (= 5.2.4.4) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.2) - actionview (= 5.0.2) - activesupport (= 5.0.2) - rack (~> 2.0) - rack-test (~> 0.6.3) + actionpack (5.2.4.4) + actionview (= 5.2.4.4) + activesupport (= 5.2.4.4) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.2) - activesupport (= 5.0.2) + actionview (5.2.4.4) + activesupport (= 5.2.4.4) builder (~> 3.1) - erubis (~> 2.7.0) + erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.2) - activesupport (= 5.0.2) + activejob (5.2.4.4) + activesupport (= 5.2.4.4) globalid (>= 0.3.6) - activemodel (5.0.2) - activesupport (= 5.0.2) - activemodel-serializers-xml (1.0.1) + activemodel (5.2.4.4) + activesupport (= 5.2.4.4) + activemodel-serializers-xml (1.0.2) activemodel (> 5.x) - activerecord (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (5.0.2) - activemodel (= 5.0.2) - activesupport (= 5.0.2) - arel (~> 7.0) - activesupport (5.0.2) + activerecord (5.2.4.4) + activemodel (= 5.2.4.4) + activesupport (= 5.2.4.4) + arel (>= 9.0) + activestorage (5.2.4.4) + actionpack (= 5.2.4.4) + activerecord (= 5.2.4.4) + marcel (~> 0.3.1) + activesupport (5.2.4.4) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) addressable (2.5.0) public_suffix (~> 2.0, >= 2.0.2) - arel (7.1.4) + arel (9.0.0) ast (2.3.0) autoprefixer-rails (6.7.6) execjs + bindex (0.8.1) bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) brakeman (3.5.0) buftok (0.2.0) bugsnag (5.2.0) - builder (3.2.3) - callsite (0.0.11) + builder (3.2.4) capybara (2.12.1) addressable mime-types (>= 1.16) @@ -69,24 +72,24 @@ GEM cliver (0.3.2) codeclimate-test-reporter (1.0.6) simplecov - coffee-rails (4.2.1) + coffee-rails (5.0.0) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.2.x) + railties (>= 5.2.0) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.7) crack (0.4.3) safe_yaml (~> 1.0.0) + crass (1.0.6) dalli (2.7.6) database_cleaner (1.5.3) - debug_inspector (0.0.2) - diff-lcs (1.3) + diff-lcs (1.4.4) docile (1.1.5) domain_name (0.5.20170223) unf (>= 0.0.5, < 1.0.0) - draper (3.0.0.pre1) + draper (3.0.0) actionpack (~> 5.0) activemodel (~> 5.0) activemodel-serializers-xml (~> 1.0) @@ -97,27 +100,28 @@ GEM thread thread_safe equalizer (0.0.11) + erubi (1.9.0) erubis (2.7.0) ethon (0.10.1) ffi (>= 1.3.0) execjs (2.7.0) - factory_girl (4.8.0) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.8.0) - factory_girl (~> 4.8.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) faker (1.7.3) i18n (~> 0.5) faraday (0.11.0) multipart-post (>= 1.2, < 3) - ffi (1.9.18) + ffi (1.13.1) figaro (1.1.1) thor (~> 0.14) foreman (0.83.0) thor (~> 0.19.1) geocoder (1.4.3) - globalid (0.3.7) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) gmaps4rails (2.1.2) hashdiff (0.3.2) hashie (3.5.5) @@ -131,7 +135,8 @@ GEM domain_name (~> 0.5) http-form_data (1.0.1) http_parser.rb (0.6.0) - i18n (0.8.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) i18n-tasks (0.9.12) activesupport (>= 4.0.2) ast (>= 2.1.0) @@ -143,52 +148,56 @@ GEM term-ansicolor (>= 1.3.2) terminal-table (>= 1.5.1) jquery-datetimepicker-rails (2.4.1.0) - jquery-rails (4.2.2) + jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.0.3) jwt (1.5.6) - kaminari (1.0.1) + kaminari (1.2.1) activesupport (>= 4.1.0) - kaminari-actionview (= 1.0.1) - kaminari-activerecord (= 1.0.1) - kaminari-core (= 1.0.1) - kaminari-actionview (1.0.1) + kaminari-actionview (= 1.2.1) + kaminari-activerecord (= 1.2.1) + kaminari-core (= 1.2.1) + kaminari-actionview (1.2.1) actionview - kaminari-core (= 1.0.1) - kaminari-activerecord (1.0.1) + kaminari-core (= 1.2.1) + kaminari-activerecord (1.2.1) activerecord - kaminari-core (= 1.0.1) - kaminari-core (1.0.1) + kaminari-core (= 1.2.1) + kaminari-core (1.2.1) launchy (2.4.3) addressable (~> 2.3) - lodash-rails (4.17.4) + lodash-rails (4.17.15) railties (>= 3.1) - loofah (2.0.3) + loofah (2.7.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) - meta_request (0.4.0) - callsite (~> 0.0, >= 0.0.11) - rack-contrib (~> 1.1) - railties (>= 3.0.0, < 5.1.0) - method_source (0.8.2) - mime-types (3.1) + meta_request (0.7.2) + rack-contrib (>= 1.1, < 3) + railties (>= 3.0.0, < 7) + method_source (1.0.0) + mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + mime-types-data (3.2020.0512) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.2) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) naught (1.1.0) newrelic_rpm (3.18.1.330) - nio4r (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nio4r (2.5.3) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) oauth (0.5.1) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -196,10 +205,10 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - octicons (3.0.1) + octicons (11.0.0) nokogiri (>= 1.6.3.1) - octicons_helper (3.0.1) - octicons (~> 3.0) + octicons_helper (11.0.0) + octicons (= 11.0.0) rails octokit (4.6.2) sawyer (~> 0.8.0, >= 0.5.3) @@ -230,82 +239,88 @@ GEM puma (3.7.1) rabl (0.13.1) activesupport (>= 2.3.14) - rack (2.0.1) + rack (2.2.3) rack-attack (5.0.1) rack rack-canonical-host (0.2.2) addressable (> 0, < 3) rack (>= 1.0.0, < 3) - rack-contrib (1.2.0) - rack (>= 0.9.1) + rack-contrib (2.2.0) + rack (~> 2.0) rack-google-analytics (1.2.0) actionpack activesupport - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.2) - actioncable (= 5.0.2) - actionmailer (= 5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) - activemodel (= 5.0.2) - activerecord (= 5.0.2) - activesupport (= 5.0.2) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.2) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.2.4.4) + actioncable (= 5.2.4.4) + actionmailer (= 5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) + activemodel (= 5.2.4.4) + activerecord (= 5.2.4.4) + activestorage (= 5.2.4.4) + activesupport (= 5.2.4.4) + bundler (>= 1.3.0) + railties (= 5.2.4.4) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (5.0.2) - actionpack (= 5.0.2) - activesupport (= 5.0.2) + railties (5.2.4.4) + actionpack (= 5.2.4.4) + activesupport (= 5.2.4.4) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (2.2.1) - rake (12.0.0) - request_store (1.3.2) - responders (2.3.0) - railties (>= 4.2.0, < 5.1) + rake (13.0.1) + rb-fsevent (0.10.4) + rb-inotify (0.10.1) + ffi (~> 1.0) + request_store (1.5.0) + rack (>= 1.4) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) rspec-activemodel-mocks (1.0.3) activemodel (>= 3.0) activesupport (>= 3.0) rspec-mocks (>= 2.99, < 4.0) rspec-collection_matchers (1.1.3) rspec-expectations (>= 2.99.0.beta1) - rspec-core (3.5.4) - rspec-support (~> 3.5.0) - rspec-expectations (3.5.0) + rspec-core (3.9.2) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) + rspec-support (~> 3.9.0) rspec-its (1.2.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.5.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-rails (3.5.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-core (~> 3.5.0) - rspec-expectations (~> 3.5.0) - rspec-mocks (~> 3.5.0) - rspec-support (~> 3.5.0) - rspec-support (3.5.0) + rspec-support (~> 3.9.0) + rspec-rails (4.0.1) + actionpack (>= 4.2) + activesupport (>= 4.2) + railties (>= 4.2) + rspec-core (~> 3.9) + rspec-expectations (~> 3.9) + rspec-mocks (~> 3.9) + rspec-support (~> 3.9) + rspec-support (3.9.3) rubocop (0.47.1) parser (>= 2.3.3.1, < 3.0) powerpack (~> 0.1) @@ -314,16 +329,17 @@ GEM unicode-display_width (~> 1.0, >= 1.0.1) ruby-progressbar (1.8.1) safe_yaml (1.0.4) - sass (3.4.23) - sassc (1.11.2) - bundler - ffi (~> 1.9.6) - sass (>= 3.3.0) - sassc-rails (1.3.0) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) railties (>= 4.0.0) - sass - sassc (~> 1.9) - sprockets (> 2.11) + sassc (>= 2.0) + sprockets (> 3.0) sprockets-rails tilt sawyer (0.8.1) @@ -331,9 +347,9 @@ GEM faraday (~> 0.8, < 1.0) shoulda-matchers (3.1.1) activesupport (>= 4.0.0) - simple_form (3.4.0) - actionpack (> 4, < 5.1) - activemodel (> 4, < 5.1) + simple_form (5.0.2) + actionpack (>= 5.0) + activemodel (>= 5.0) simple_oauth (0.3.1) simplecov (0.13.0) docile (~> 1.1.0) @@ -344,10 +360,10 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -358,7 +374,7 @@ GEM thor (0.19.4) thread (0.2.2) thread_safe (0.3.6) - tilt (2.0.6) + tilt (2.0.10) timecop (0.8.1) tins (1.13.2) twitter (6.1.0) @@ -373,7 +389,7 @@ GEM simple_oauth (~> 0.3.1) typhoeus (1.1.2) ethon (>= 0.9.0) - tzinfo (1.2.2) + tzinfo (1.2.7) thread_safe (~> 0.1) uglifier (3.1.4) execjs (>= 0.3.0, < 3) @@ -381,18 +397,18 @@ GEM unf_ext unf_ext (0.0.7.2) unicode-display_width (1.1.3) - web-console (3.4.0) + web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) webmock (2.3.2) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff - websocket-driver (0.6.5) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.5) xpath (2.0.0) nokogiri (~> 1.3) @@ -405,11 +421,11 @@ DEPENDENCIES bugsnag christmas_tree_formatter codeclimate-test-reporter - coffee-rails + coffee-rails (>= 4.2.2) dalli database_cleaner - draper (~> 3.0.0.pre1) - factory_girl_rails + draper (~> 3.0.0.0) + factory_girl_rails (>= 4.8.0) faker figaro foreman @@ -417,13 +433,13 @@ DEPENDENCIES gmaps4rails i18n-tasks jquery-datetimepicker-rails - jquery-rails - kaminari + jquery-rails (>= 4.2.2) + kaminari (>= 1.0.1) launchy - lodash-rails - meta_request + lodash-rails (>= 4.17.4) + meta_request (>= 0.5.0) newrelic_rpm - octicons_helper + octicons_helper (>= 3.0.1) octokit omniauth omniauth-github @@ -434,19 +450,19 @@ DEPENDENCIES rabl rack-attack rack-canonical-host - rack-google-analytics - rails (= 5.0.2) - rails-controller-testing + rack-google-analytics (>= 1.2.0) + rails (= 5.2.4.4) + rails-controller-testing (>= 1.0.1) rails_12factor - responders + responders (>= 2.4.0) rspec-activemodel-mocks rspec-collection_matchers rspec-its - rspec-rails + rspec-rails (>= 3.5.2) rubocop - sassc-rails + sassc-rails (>= 1.3.0) shoulda-matchers - simple_form + simple_form (>= 4.0.0) simplecov spring spring-commands-rspec @@ -454,11 +470,11 @@ DEPENDENCIES twitter typhoeus uglifier - web-console + web-console (>= 3.4.0) webmock RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.6 + 1.17.3