From 1d90d8c77fb3d804d36a8222c54b32647dfc8e7a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 28 Apr 2022 00:45:46 +0000 Subject: [PATCH] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2803847 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-2803851 --- Gemfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index aec52f4..38e27e9 100644 --- a/Gemfile +++ b/Gemfile @@ -4,15 +4,15 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '2.7.1' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.0.3' +gem 'rails', '~> 6.0.4', '>= 6.0.4.8' # Use postgres as DB gem 'pg' # Use Puma as the app server gem 'puma', '~> 4.1' # Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker -gem 'webpacker', '~> 4.0' +gem 'webpacker', '~> 4.2', '>= 4.2.2' # Use SCSS for stylesheets -gem 'sass-rails', '>= 6' +gem 'sass-rails', '>= 6.0.0' # Bootstrap styling gem 'bootstrap-sass', '~> 3.4.1' # Use Active Model has_secure_password @@ -41,7 +41,7 @@ end group :development do # Access an interactive console on exception pages or by calling 'console' anywhere in the code. - gem 'web-console', '>= 3.3.0' + gem 'web-console', '>= 4.0.2' gem 'listen', '~> 3.2' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' @@ -54,7 +54,7 @@ group :test do # Easy installation and use of web drivers to run system tests with browsers gem 'webdrivers' # RSpec testing - gem 'rspec-rails', '~> 4.0.0' + gem 'rspec-rails', '~> 4.0.1' # Factory bot for tests gem 'factory_bot_rails' # Code coverage