From 9a08e4bab682f7435382ab77dd1706e4019fdb10 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 Nov 2019 06:51:44 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637 --- Gemfile | 10 +- Gemfile.lock | 486 +++++++++++++++++++++++++-------------------------- 2 files changed, 248 insertions(+), 248 deletions(-) diff --git a/Gemfile b/Gemfile index ee8ebd4..08fb441 100644 --- a/Gemfile +++ b/Gemfile @@ -13,7 +13,7 @@ gem 'pg', '~> 0.18' # Use Puma as the app server gem 'puma', '~> 3.7' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 5.0', '>= 5.0.7' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes @@ -23,7 +23,7 @@ gem 'rest-client', '~> 2.0', '>= 2.0.2' gem 'sucker_punch', '~> 2.0' # Use CoffeeScript for .coffee assets and views -gem 'coffee-rails', '~> 4.2' +gem 'coffee-rails', '~> 4.2', '>= 4.2.2' # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks gem 'turbolinks', '~> 5' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder @@ -37,11 +37,11 @@ gem 'jbuilder', '~> 2.5' # gem 'capistrano-rails', group: :development group :development, :test do - gem 'rspec-rails', '~> 3.7' + gem 'rspec-rails', '~> 3.7', '>= 3.7.2' # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] # Adds support for Capybara system testing and selenium driver - gem 'capybara', '~> 2.13' + gem 'capybara', '~> 2.17', '>= 2.17.0' gem 'selenium-webdriver' gem 'webmock', '~> 3.3' gem 'faker', '~> 1.8', '>= 1.8.7' @@ -49,7 +49,7 @@ end group :development do # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. - gem 'web-console', '>= 3.3.0' + gem 'web-console', '>= 3.5.1' gem 'listen', '>= 3.0.5', '< 3.2' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' diff --git a/Gemfile.lock b/Gemfile.lock index c1f017f..aaa7a1f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,246 +1,246 @@ -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.1.4) - actionpack (= 5.1.4) - nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.4) - actionpack (= 5.1.4) - actionview (= 5.1.4) - activejob (= 5.1.4) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.1.4) - actionview (= 5.1.4) - activesupport (= 5.1.4) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.4) - activesupport (= 5.1.4) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.4) - activesupport (= 5.1.4) - globalid (>= 0.3.6) - activemodel (5.1.4) - activesupport (= 5.1.4) - activerecord (5.1.4) - activemodel (= 5.1.4) - activesupport (= 5.1.4) - arel (~> 8.0) - activesupport (5.1.4) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - arel (8.0.0) - bindex (0.5.0) - builder (3.2.3) - byebug (10.0.0) - capybara (2.17.0) - addressable - mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (>= 2.0, < 4.0) - childprocess (0.8.0) - ffi (~> 1.0, >= 1.0.11) - coffee-rails (4.2.2) - coffee-script (>= 2.2.0) - railties (>= 4.0.0) - coffee-script (2.4.1) - coffee-script-source - execjs - coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) - crack (0.4.3) - safe_yaml (~> 1.0.0) - crass (1.0.4) - diff-lcs (1.3) - domain_name (0.5.20170404) - unf (>= 0.0.5, < 1.0.0) - erubi (1.7.0) - execjs (2.7.0) - faker (1.8.7) - i18n (>= 0.7) - ffi (1.11.1) - globalid (0.4.1) - activesupport (>= 4.2.0) - hashdiff (0.3.7) - http-cookie (1.0.3) - domain_name (~> 0.5) - i18n (0.9.4) - concurrent-ruby (~> 1.0) - jbuilder (2.7.0) - activesupport (>= 4.2.0) - multi_json (>= 1.2) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - loofah (2.3.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.0) - mini_mime (>= 0.1.1) - method_source (0.9.0) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_mime (1.0.0) - mini_portile2 (2.4.0) - minitest (5.11.3) - multi_json (1.13.1) - netrc (0.11.0) - nio4r (2.2.0) - nokogiri (1.10.4) - mini_portile2 (~> 2.4.0) - pg (0.21.0) - public_suffix (3.0.1) - puma (3.11.2) - rack (2.0.7) - rack-test (0.8.2) - rack (>= 1.0, < 3) - rails (5.1.4) - actioncable (= 5.1.4) - actionmailer (= 5.1.4) - actionpack (= 5.1.4) - actionview (= 5.1.4) - activejob (= 5.1.4) - activemodel (= 5.1.4) - activerecord (= 5.1.4) - activesupport (= 5.1.4) - bundler (>= 1.3.0) - railties (= 5.1.4) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.1.4) - actionpack (= 5.1.4) - activesupport (= 5.1.4) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.0) - rb-fsevent (0.10.2) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rest-client (2.0.2) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 4.0) - netrc (~> 0.8) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-rails (3.7.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) - ruby_dep (1.5.0) - rubyzip (1.3.0) - safe_yaml (1.0.4) - sass (3.5.5) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.7) - railties (>= 4.0.0, < 6) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) - selenium-webdriver (3.9.0) - childprocess (~> 0.5) - rubyzip (~> 1.2) - spring (2.0.2) - activesupport (>= 4.2) - spring-watcher-listen (2.0.1) - listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (3.7.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sucker_punch (2.0.4) - concurrent-ruby (~> 1.0.0) - thor (0.20.0) - thread_safe (0.3.6) - tilt (2.0.8) - turbolinks (5.1.0) - turbolinks-source (~> 5.1) - turbolinks-source (5.1.0) - tzinfo (1.2.5) - thread_safe (~> 0.1) - uglifier (4.1.6) - execjs (>= 0.3.0, < 3) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.5) - web-console (3.5.1) - actionview (>= 5.0) - activemodel (>= 5.0) - bindex (>= 0.4.0) - railties (>= 5.0) - webmock (3.3.0) - addressable (>= 2.3.6) - crack (>= 0.3.2) - hashdiff - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) - xpath (3.0.0) - nokogiri (~> 1.8) - -PLATFORMS - ruby - -DEPENDENCIES - byebug - capybara (~> 2.13) - coffee-rails (~> 4.2) - faker (~> 1.8, >= 1.8.7) - jbuilder (~> 2.5) - listen (>= 3.0.5, < 3.2) - pg (~> 0.18) - puma (~> 3.7) - rails (~> 5.1.4) - rest-client (~> 2.0, >= 2.0.2) - rspec-rails (~> 3.7) - sass-rails (~> 5.0) - selenium-webdriver - spring - spring-watcher-listen (~> 2.0.0) - sucker_punch (~> 2.0) - turbolinks (~> 5) - tzinfo-data - uglifier (>= 1.3.0) - web-console (>= 3.3.0) +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.1.7) + actionpack (= 5.1.7) + nio4r (~> 2.0) + websocket-driver (~> 0.6.1) + actionmailer (5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.1.7) + actionview (= 5.1.7) + activesupport (= 5.1.7) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.1.7) + activesupport (= 5.1.7) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.1.7) + activesupport (= 5.1.7) + globalid (>= 0.3.6) + activemodel (5.1.7) + activesupport (= 5.1.7) + activerecord (5.1.7) + activemodel (= 5.1.7) + activesupport (= 5.1.7) + arel (~> 8.0) + activesupport (5.1.7) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + arel (8.0.0) + bindex (0.8.1) + builder (3.2.3) + byebug (10.0.0) + capybara (2.18.0) + addressable + mini_mime (>= 0.1.3) + nokogiri (>= 1.3.3) + rack (>= 1.0.0) + rack-test (>= 0.5.4) + xpath (>= 2.0, < 4.0) + childprocess (0.8.0) + ffi (~> 1.0, >= 1.0.11) + coffee-rails (4.2.2) + coffee-script (>= 2.2.0) + railties (>= 4.0.0) + coffee-script (2.4.1) + coffee-script-source + execjs + coffee-script-source (1.12.2) + concurrent-ruby (1.0.5) + crack (0.4.3) + safe_yaml (~> 1.0.0) + crass (1.0.5) + diff-lcs (1.3) + domain_name (0.5.20170404) + unf (>= 0.0.5, < 1.0.0) + erubi (1.9.0) + execjs (2.7.0) + faker (1.8.7) + i18n (>= 0.7) + ffi (1.11.2) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashdiff (0.3.7) + http-cookie (1.0.3) + domain_name (~> 0.5) + i18n (1.7.0) + concurrent-ruby (~> 1.0) + jbuilder (2.7.0) + activesupport (>= 4.2.0) + multi_json (>= 1.2) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) + loofah (2.3.1) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (0.9.2) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.13.0) + multi_json (1.13.1) + netrc (0.11.0) + nio4r (2.5.2) + nokogiri (1.10.5) + mini_portile2 (~> 2.4.0) + pg (0.21.0) + public_suffix (4.0.1) + puma (3.11.2) + rack (2.0.7) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.1.7) + actioncable (= 5.1.7) + actionmailer (= 5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + activemodel (= 5.1.7) + activerecord (= 5.1.7) + activesupport (= 5.1.7) + bundler (>= 1.3.0) + railties (= 5.1.7) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.1.7) + actionpack (= 5.1.7) + activesupport (= 5.1.7) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (13.0.1) + rb-fsevent (0.10.3) + rb-inotify (0.10.0) + ffi (~> 1.0) + rest-client (2.0.2) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rspec-core (3.9.0) + rspec-support (~> 3.9.0) + rspec-expectations (3.9.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-rails (3.9.0) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-support (~> 3.9.0) + rspec-support (3.9.0) + ruby_dep (1.5.0) + rubyzip (1.3.0) + safe_yaml (1.0.4) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) + railties (>= 4.0.0, < 6) + sass (~> 3.1) + sprockets (>= 2.8, < 4.0) + sprockets-rails (>= 2.0, < 4.0) + tilt (>= 1.1, < 3) + selenium-webdriver (3.9.0) + childprocess (~> 0.5) + rubyzip (~> 1.2) + spring (2.0.2) + activesupport (>= 4.2) + spring-watcher-listen (2.0.1) + listen (>= 2.7, < 4.0) + spring (>= 1.2, < 3.0) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sucker_punch (2.0.4) + concurrent-ruby (~> 1.0.0) + thor (0.20.3) + thread_safe (0.3.6) + tilt (2.0.10) + turbolinks (5.1.0) + turbolinks-source (~> 5.1) + turbolinks-source (5.1.0) + tzinfo (1.2.5) + thread_safe (~> 0.1) + uglifier (4.1.6) + execjs (>= 0.3.0, < 3) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.5) + web-console (3.7.0) + actionview (>= 5.0) + activemodel (>= 5.0) + bindex (>= 0.4.0) + railties (>= 5.0) + webmock (3.3.0) + addressable (>= 2.3.6) + crack (>= 0.3.2) + hashdiff + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.4) + xpath (3.2.0) + nokogiri (~> 1.8) + +PLATFORMS + ruby + +DEPENDENCIES + byebug + capybara (~> 2.17, >= 2.17.0) + coffee-rails (~> 4.2, >= 4.2.2) + faker (~> 1.8, >= 1.8.7) + jbuilder (~> 2.5) + listen (>= 3.0.5, < 3.2) + pg (~> 0.18) + puma (~> 3.7) + rails (~> 5.1.4) + rest-client (~> 2.0, >= 2.0.2) + rspec-rails (~> 3.7, >= 3.7.2) + sass-rails (~> 5.0, >= 5.0.7) + selenium-webdriver + spring + spring-watcher-listen (~> 2.0.0) + sucker_punch (~> 2.0) + turbolinks (~> 5) + tzinfo-data + uglifier (>= 1.3.0) + web-console (>= 3.5.1) webmock (~> 3.3) BUNDLED WITH - 1.16.1 + 1.17.3