From cce65dc927db8f597f0b44d165918b6a0d53ab61 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 13 May 2021 23:59:17 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-1088056 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-567756 - https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014 --- Gemfile | 4 ++-- Gemfile.lock | 48 ++++++++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/Gemfile b/Gemfile index cdf798137..6c399ba05 100644 --- a/Gemfile +++ b/Gemfile @@ -23,10 +23,10 @@ gem 'draper', '~> 3.0.0.pre1' # pre version has rails5 support gem 'responders' gem 'gmaps4rails' gem 'geocoder' -gem 'lodash-rails' +gem 'lodash-rails', '>= 4.17.21' gem 'typhoeus' gem 'sassc-rails' -gem 'puma' +gem 'puma', '>= 4.3.8' gem 'rack-attack' group :development do diff --git a/Gemfile.lock b/Gemfile.lock index 44e3cebc3..90aae6d78 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -55,7 +55,7 @@ GEM brakeman (3.5.0) buftok (0.2.0) bugsnag (5.2.0) - builder (3.2.3) + builder (3.2.4) callsite (0.0.11) capybara (2.12.1) addressable @@ -76,9 +76,10 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.8) crack (0.4.3) safe_yaml (~> 1.0.0) + crass (1.0.6) dalli (2.7.6) database_cleaner (1.5.3) debug_inspector (0.0.2) @@ -131,7 +132,8 @@ GEM domain_name (~> 0.5) http-form_data (1.0.1) http_parser.rb (0.6.0) - i18n (0.8.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) i18n-tasks (0.9.12) activesupport (>= 4.0.2) ast (>= 2.1.0) @@ -163,9 +165,10 @@ GEM kaminari-core (1.0.1) launchy (2.4.3) addressable (~> 2.3) - lodash-rails (4.17.4) + lodash-rails (4.17.21) railties (>= 3.1) - loofah (2.0.3) + loofah (2.9.1) + crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.6.4) mime-types (>= 1.16, < 4) @@ -175,20 +178,20 @@ GEM callsite (~> 0.0, >= 0.0.11) rack-contrib (~> 1.1) railties (>= 3.0.0, < 5.1.0) - method_source (0.8.2) + method_source (1.0.0) mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + mini_portile2 (2.4.0) + minitest (5.14.4) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) naught (1.1.0) newrelic_rpm (3.18.1.330) nio4r (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) oauth (0.5.1) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -227,10 +230,11 @@ GEM websocket-driver (>= 0.2.0) powerpack (0.1.1) public_suffix (2.0.5) - puma (3.7.1) + puma (5.3.1) + nio4r (~> 2.0) rabl (0.13.1) activesupport (>= 2.3.14) - rack (2.0.1) + rack (2.2.3) rack-attack (5.0.1) rack rack-canonical-host (0.2.2) @@ -259,11 +263,11 @@ GEM actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging @@ -276,7 +280,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rainbow (2.2.1) - rake (12.0.0) + rake (13.0.3) request_store (1.3.2) responders (2.3.0) railties (>= 4.2.0, < 5.1) @@ -373,7 +377,7 @@ GEM simple_oauth (~> 0.3.1) typhoeus (1.1.2) ethon (>= 0.9.0) - tzinfo (1.2.2) + tzinfo (1.2.9) thread_safe (~> 0.1) uglifier (3.1.4) execjs (>= 0.3.0, < 3) @@ -420,7 +424,7 @@ DEPENDENCIES jquery-rails kaminari launchy - lodash-rails + lodash-rails (>= 4.17.21) meta_request newrelic_rpm octicons_helper @@ -430,7 +434,7 @@ DEPENDENCIES omniauth-twitter pg poltergeist - puma + puma (>= 4.3.8) rabl rack-attack rack-canonical-host @@ -461,4 +465,4 @@ RUBY VERSION ruby 2.4.0p0 BUNDLED WITH - 1.14.6 + 1.17.3