From 1cb6aaf8f8de2074077c9be58f4273d5e0dce3b1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 May 2021 07:20:23 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617 --- Gemfile | 10 +- Gemfile.lock | 266 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 168 insertions(+), 108 deletions(-) diff --git a/Gemfile b/Gemfile index f449053..e4c7391 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'http://rubygems.org' -gem 'rails', '3.1.1' +gem 'rails', '5.2.4.6' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' @@ -12,16 +12,16 @@ gem 'json' # Gems used only for assets and not required # in production environments by default. group :assets do - gem 'sass-rails', '~> 3.1.4' - gem 'coffee-rails', '~> 3.1.1' + gem 'sass-rails', '~> 5.0.5' + gem 'coffee-rails', '~> 4.2.2' gem 'uglifier', '>= 1.0.3' end gem 'json' gem 'atom' -gem 'jquery-rails' -gem "haml-rails" +gem 'jquery-rails', '>= 4.0.1' +gem "haml-rails", ">= 0.5.3" # To use ActiveModel has_secure_password # gem 'bcrypt-ruby', '~> 3.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index 7ecbc16..7285ee6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,125 +1,185 @@ GEM remote: http://rubygems.org/ specs: - actionmailer (3.1.1) - actionpack (= 3.1.1) - mail (~> 2.3.0) - actionpack (3.1.1) - activemodel (= 3.1.1) - activesupport (= 3.1.1) - builder (~> 3.0.0) - erubis (~> 2.7.0) - i18n (~> 0.6) - rack (~> 1.3.2) - rack-cache (~> 1.1) - rack-mount (~> 0.8.2) - rack-test (~> 0.6.1) - sprockets (~> 2.0.2) - activemodel (3.1.1) - activesupport (= 3.1.1) - builder (~> 3.0.0) - i18n (~> 0.6) - activerecord (3.1.1) - activemodel (= 3.1.1) - activesupport (= 3.1.1) - arel (~> 2.2.1) - tzinfo (~> 0.3.29) - activeresource (3.1.1) - activemodel (= 3.1.1) - activesupport (= 3.1.1) - activesupport (3.1.1) - multi_json (~> 1.0) - arel (2.2.1) + actioncable (5.2.4.6) + actionpack (= 5.2.4.6) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.6) + actionpack (= 5.2.4.6) + actionview (= 5.2.4.6) + activejob (= 5.2.4.6) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.2.4.6) + actionview (= 5.2.4.6) + activesupport (= 5.2.4.6) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.6) + activesupport (= 5.2.4.6) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.4.6) + activesupport (= 5.2.4.6) + globalid (>= 0.3.6) + activemodel (5.2.4.6) + activesupport (= 5.2.4.6) + activerecord (5.2.4.6) + activemodel (= 5.2.4.6) + activesupport (= 5.2.4.6) + arel (>= 9.0) + activestorage (5.2.4.6) + actionpack (= 5.2.4.6) + activerecord (= 5.2.4.6) + marcel (~> 0.3.1) + activesupport (5.2.4.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (9.0.0) atom (0.3) - builder (3.0.0) - coffee-rails (3.1.1) + builder (3.2.4) + coffee-rails (4.2.2) coffee-script (>= 2.2.0) - railties (~> 3.1.0) - coffee-script (2.2.0) + railties (>= 4.0.0) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.1.3) + coffee-script-source (1.12.2) + concurrent-ruby (1.1.8) + crass (1.0.6) + erubi (1.10.0) erubis (2.7.0) - execjs (1.2.9) - multi_json (~> 1.0) - haml (3.1.3) - haml-rails (0.3.4) - actionpack (~> 3.0) - activesupport (~> 3.0) - haml (~> 3.0) - railties (~> 3.0) - hike (1.2.1) - i18n (0.6.0) - jquery-rails (1.0.17) - railties (~> 3.0) - thor (~> 0.14) - json (1.6.1) - mail (2.3.0) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - mime-types (1.17.2) - multi_json (1.0.3) - polyglot (0.3.3) - rack (1.3.5) - rack-cache (1.1) - rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-ssl (1.3.2) - rack - rack-test (0.6.1) - rack (>= 1.0) - rails (3.1.1) - actionmailer (= 3.1.1) - actionpack (= 3.1.1) - activerecord (= 3.1.1) - activeresource (= 3.1.1) - activesupport (= 3.1.1) - bundler (~> 1.0) - railties (= 3.1.1) - railties (3.1.1) - actionpack (= 3.1.1) - activesupport (= 3.1.1) - rack-ssl (~> 1.3.2) + execjs (2.7.0) + ffi (1.15.0) + globalid (0.4.2) + activesupport (>= 4.2.0) + haml (5.2.1) + temple (>= 0.8.0) + tilt + haml-rails (2.0.1) + actionpack (>= 5.1) + activesupport (>= 5.1) + haml (>= 4.0.6, < 6.0) + html2haml (>= 1.0.1) + railties (>= 5.1) + html2haml (2.2.0) + erubis (~> 2.7.0) + haml (>= 4.0, < 6) + nokogiri (>= 1.6.0) + ruby_parser (~> 3.5) + i18n (1.8.10) + concurrent-ruby (~> 1.0) + jquery-rails (4.4.0) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) + thor (>= 0.14, < 2.0) + json (2.5.1) + loofah (2.9.1) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) + method_source (1.0.0) + mimemagic (0.3.10) + nokogiri (~> 1) + rake + mini_mime (1.1.0) + mini_portile2 (2.5.1) + minitest (5.14.4) + multi_json (1.15.0) + nio4r (2.5.7) + nokogiri (1.11.3) + mini_portile2 (~> 2.5.0) + racc (~> 1.4) + racc (1.5.2) + rack (2.2.3) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.2.4.6) + actioncable (= 5.2.4.6) + actionmailer (= 5.2.4.6) + actionpack (= 5.2.4.6) + actionview (= 5.2.4.6) + activejob (= 5.2.4.6) + activemodel (= 5.2.4.6) + activerecord (= 5.2.4.6) + activestorage (= 5.2.4.6) + activesupport (= 5.2.4.6) + bundler (>= 1.3.0) + railties (= 5.2.4.6) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.6) + actionpack (= 5.2.4.6) + activesupport (= 5.2.4.6) + method_source rake (>= 0.8.7) - rdoc (~> 3.4) - thor (~> 0.14.6) - rake (0.9.2.2) - rdoc (3.11) - json (~> 1.4) - sass (3.1.10) - sass-rails (3.1.4) - actionpack (~> 3.1.0) - railties (~> 3.1.0) - sass (>= 3.1.4) - sprockets (~> 2.0.0) - tilt (~> 1.3.2) - sprockets (2.0.3) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) + thor (>= 0.19.0, < 2.0) + rake (13.0.3) + rb-fsevent (0.10.4) + rb-inotify (0.10.1) + ffi (~> 1.0) + ruby_parser (3.15.1) + sexp_processor (~> 4.9) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.8) + railties (>= 5.2.0) + sass (~> 3.1) + sprockets (>= 2.8, < 4.0) + sprockets-rails (>= 2.0, < 4.0) + tilt (>= 1.1, < 3) + sexp_processor (4.15.2) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.4) - thor (0.14.6) - tilt (1.3.3) - treetop (1.4.10) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.31) + temple (0.8.2) + thor (1.1.0) + thread_safe (0.3.6) + tilt (2.0.10) + tzinfo (1.2.9) + thread_safe (~> 0.1) uglifier (1.1.0) execjs (>= 0.3.0) multi_json (>= 1.0.2) + websocket-driver (0.7.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) PLATFORMS ruby DEPENDENCIES atom - coffee-rails (~> 3.1.1) - haml-rails - jquery-rails + coffee-rails (~> 4.2.2) + haml-rails (>= 0.5.3) + jquery-rails (>= 4.0.1) json - rails (= 3.1.1) - sass-rails (~> 3.1.4) + rails (= 5.2.4.6) + sass-rails (~> 5.0.5) sqlite3 uglifier (>= 1.0.3) + +BUNDLED WITH + 2.1.4