From ea886d9de4d7d375d4eb705dba8c54ec7569fdcb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 20 Dec 2022 22:42:22 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 --- Gemfile | 2 +- Gemfile.lock | 165 +++++++++++++++++++++++++++------------------------ 2 files changed, 88 insertions(+), 79 deletions(-) diff --git a/Gemfile b/Gemfile index 8a6a9d8e..d40670c5 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,7 @@ gem "pg" gem "puma" # Use SCSS for stylesheets -gem "sass-rails" +gem "sass-rails", ">= 6.0.0" # Use Uglifier as compressor for JavaScript assets gem "uglifier" # Use CoffeeScript for .js.coffee assets and views diff --git a/Gemfile.lock b/Gemfile.lock index 251d1bb5..a667a012 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,45 +1,45 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.0.1) - actionpack (= 5.0.1) - nio4r (~> 1.2) + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.1) - actionview (= 5.0.1) - activesupport (= 5.0.1) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.1) - activesupport (= 5.0.1) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.1) - activesupport (= 5.0.1) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) globalid (>= 0.3.6) - activemodel (5.0.1) - activesupport (= 5.0.1) - activerecord (5.0.1) - activemodel (= 5.0.1) - activesupport (= 5.0.1) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) arel (~> 7.0) - activesupport (5.0.1) + activesupport (5.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.0) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) archive-zip (0.7.0) io-like (~> 0.3.0) arel (7.1.4) @@ -50,7 +50,7 @@ GEM binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) brakeman (3.4.1) - builder (3.2.3) + builder (3.2.4) bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) @@ -82,20 +82,21 @@ GEM coffee-script-source execjs coffee-script-source (1.10.0) - concurrent-ruby (1.0.5) - connection_pool (2.2.1) + concurrent-ruby (1.1.10) + connection_pool (2.2.5) coveralls (0.8.15) json (>= 1.8, < 3) simplecov (~> 0.12.0) term-ansicolor (~> 1.3) thor (~> 0.19.1) tins (>= 1.6.0, < 2) + crass (1.0.6) database_cleaner (1.5.3) debug_inspector (0.0.2) diff-lcs (1.2.5) docile (1.1.5) erubis (2.7.0) - execjs (2.7.0) + execjs (2.8.1) factory_girl (4.7.0) activesupport (>= 3.0.0) factory_girl_rails (4.7.0) @@ -107,9 +108,10 @@ GEM generator_spec (0.9.3) activesupport (>= 3.0.0) railties (>= 3.0.0) - globalid (0.3.7) - activesupport (>= 4.1.0) - i18n (0.8.1) + globalid (0.4.2) + activesupport (>= 4.2.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) interception (0.5) io-like (0.3.0) jbuilder (2.6.0) @@ -123,22 +125,24 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.0.3) + loofah (2.19.1) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) + mail (2.7.1) + mini_mime (>= 0.1.1) method_source (0.8.2) - mime-types (3.1) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) + mime-types-data (3.2022.0105) + mini_mime (1.1.2) + mini_portile2 (2.4.0) mini_racer (0.1.7) libv8 (~> 5.3) - minitest (5.10.1) + minitest (5.15.0) multi_json (1.12.1) - nio4r (1.2.1) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nio4r (2.5.2) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) parser (2.3.2.0) ast (~> 2.2) pg (0.19.0) @@ -165,41 +169,42 @@ GEM pry-stack_explorer (0.4.9.2) binding_of_caller (>= 0.7) pry (>= 0.9.11) - public_suffix (2.0.5) + public_suffix (4.0.7) puma (3.6.2) - rack (2.0.1) + rack (2.2.4) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.1) - actioncable (= 5.0.1) - actionmailer (= 5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) - activemodel (= 5.0.1) - activerecord (= 5.0.1) - activesupport (= 5.0.1) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.1) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) + bundler (>= 1.3.0) + railties (= 5.0.7.2) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.1) - actionpack (= 5.0.1) - activesupport (= 5.0.1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rainbow (2.2.1) + rainbow (2.2.2) + rake rake (11.3.0) rb-fsevent (0.9.8) rb-inotify (0.9.7) ffi (>= 0.5.0) rdoc (4.3.0) - react_on_rails (6.7.1) + react_on_rails (6.7.2) addressable connection_pool execjs (~> 2.5) @@ -237,13 +242,17 @@ GEM ruby-progressbar (1.8.1) ruby_dep (1.5.0) rubyzip (1.2.0) - sass (3.4.22) - sass-rails (5.0.6) - railties (>= 4.0.0, < 6) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) + sass (3.4.25) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt scss_lint (0.50.3) rake (>= 0.9, < 12) sass (~> 3.4.20) @@ -264,10 +273,10 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -275,9 +284,9 @@ GEM tins (~> 1.0) thor (0.19.4) thread_safe (0.3.6) - tilt (2.0.5) + tilt (2.0.11) tins (1.12.0) - tzinfo (1.2.2) + tzinfo (1.2.10) thread_safe (~> 0.1) uglifier (3.0.3) execjs (>= 0.3.0, < 3) @@ -290,7 +299,7 @@ GEM websocket (1.2.3) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.5) xpath (2.0.0) nokogiri (~> 1.3) yard (0.9.5) @@ -335,7 +344,7 @@ DEPENDENCIES rspec-retry rubocop ruby-lint - sass-rails + sass-rails (>= 6.0.0) scss_lint sdoc selenium-webdriver (< 3.0.0) @@ -348,4 +357,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.6 + 1.17.3