From 7157e069cc28f857e6b37ce304524abfe8af2421 Mon Sep 17 00:00:00 2001 From: Suraj Vadgama Date: Wed, 20 Mar 2019 21:18:08 +0000 Subject: [PATCH 1/2] Resolve security alerts --- Gemfile | 4 +-- Gemfile.lock | 96 ++++++++++++++++++++++++++-------------------------- 2 files changed, 50 insertions(+), 50 deletions(-) diff --git a/Gemfile b/Gemfile index 3edee36e..8cee6531 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' ruby '2.5.3' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 5.2.2' +gem 'rails', '~> 5.2.2.1' # Use postgresql as the database for Active Record gem 'pg', '~> 0.18' # Use Puma as the app server @@ -44,7 +44,7 @@ gem 'stripe' # Admin gem 'activeadmin', '~> 1.3.0' -gem 'devise', '~> 4.4.0' +gem 'devise', '~> 4.6.0' # Monitoring & metrics gem 'rollbar' diff --git a/Gemfile.lock b/Gemfile.lock index f74c6c87..5c59884f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,25 +1,25 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.2) - actionpack (= 5.2.2) + actioncable (5.2.2.1) + actionpack (= 5.2.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.2) - actionpack (= 5.2.2) - actionview (= 5.2.2) - activejob (= 5.2.2) + actionmailer (5.2.2.1) + actionpack (= 5.2.2.1) + actionview (= 5.2.2.1) + activejob (= 5.2.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.2) - actionview (= 5.2.2) - activesupport (= 5.2.2) + actionpack (5.2.2.1) + actionview (= 5.2.2.1) + activesupport (= 5.2.2.1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.2) - activesupport (= 5.2.2) + actionview (5.2.2.1) + activesupport (= 5.2.2.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -36,22 +36,22 @@ GEM ransack (>= 1.8.7) sass (~> 3.1) sprockets (< 4.1) - activejob (5.2.2) - activesupport (= 5.2.2) + activejob (5.2.2.1) + activesupport (= 5.2.2.1) globalid (>= 0.3.6) - activemodel (5.2.2) - activesupport (= 5.2.2) - activerecord (5.2.2) - activemodel (= 5.2.2) - activesupport (= 5.2.2) + activemodel (5.2.2.1) + activesupport (= 5.2.2.1) + activerecord (5.2.2.1) + activemodel (= 5.2.2.1) + activesupport (= 5.2.2.1) arel (>= 9.0) activerecord-import (0.27.0) activerecord (>= 3.2) - activestorage (5.2.2) - actionpack (= 5.2.2) - activerecord (= 5.2.2) + activestorage (5.2.2.1) + actionpack (= 5.2.2.1) + activerecord (= 5.2.2.1) marcel (~> 0.3.1) - activesupport (5.2.2) + activesupport (5.2.2.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -90,14 +90,14 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.3) + concurrent-ruby (1.1.5) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.4) dante (0.2.0) database_cleaner (1.7.0) - devise (4.4.3) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -108,7 +108,7 @@ GEM dotenv-rails (2.5.0) dotenv (= 2.5.0) railties (>= 3.2, < 6.0) - erubi (1.7.1) + erubi (1.8.0) execjs (2.7.0) factory_bot (4.11.1) activesupport (>= 3.0.0) @@ -121,7 +121,7 @@ GEM formtastic (3.1.5) actionpack (>= 3.2.13) formtastic_i18n (0.6.0) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) groupdate (4.1.0) activesupport (>= 4.2) @@ -134,7 +134,7 @@ GEM activesupport (>= 4.1) hashdiff (0.3.7) hashids (1.0.5) - i18n (1.1.1) + i18n (1.6.0) concurrent-ruby (~> 1.0) inherited_resources (1.9.0) actionpack (>= 4.2, < 5.3) @@ -177,17 +177,17 @@ GEM rack-contrib (>= 1.1, < 3) railties (>= 3.0.0, < 6) method_source (0.9.2) - mimemagic (0.3.2) + mimemagic (0.3.3) mini_mime (1.0.1) - mini_portile2 (2.3.0) + mini_portile2 (2.4.0) minitest (5.11.3) multi_json (1.13.1) multipart-post (2.0.0) net-http-persistent (3.0.0) connection_pool (~> 2.2) nio4r (2.3.1) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) + nokogiri (1.10.1) + mini_portile2 (~> 2.4.0) orm_adapter (0.5.0) parallel (1.12.1) parser (2.5.3.0) @@ -214,18 +214,18 @@ GEM activesupport (>= 3.0) rack (>= 1.4) tilt (>= 1.4) - rails (5.2.2) - actioncable (= 5.2.2) - actionmailer (= 5.2.2) - actionpack (= 5.2.2) - actionview (= 5.2.2) - activejob (= 5.2.2) - activemodel (= 5.2.2) - activerecord (= 5.2.2) - activestorage (= 5.2.2) - activesupport (= 5.2.2) + rails (5.2.2.1) + actioncable (= 5.2.2.1) + actionmailer (= 5.2.2.1) + actionpack (= 5.2.2.1) + actionview (= 5.2.2.1) + activejob (= 5.2.2.1) + activemodel (= 5.2.2.1) + activerecord (= 5.2.2.1) + activestorage (= 5.2.2.1) + activesupport (= 5.2.2.1) bundler (>= 1.3.0) - railties (= 5.2.2) + railties (= 5.2.2.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -237,14 +237,14 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (5.2.2) - actionpack (= 5.2.2) - activesupport (= 5.2.2) + railties (5.2.2.1) + actionpack (= 5.2.2.1) + activesupport (= 5.2.2.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (12.3.1) + rake (12.3.2) ransack (2.1.1) actionpack (>= 5.0) activerecord (>= 5.0) @@ -379,7 +379,7 @@ DEPENDENCIES chartkick climate_control database_cleaner - devise (~> 4.4.0) + devise (~> 4.6.0) dotenv-rails factory_bot_rails groupdate @@ -395,7 +395,7 @@ DEPENDENCIES puma (~> 3.7) pundit rack-tracker - rails (~> 5.2.2) + rails (~> 5.2.2.1) rails_12factor redcarpet rollbar From 88609730711e92ab6e783e24df943329f3e8c79d Mon Sep 17 00:00:00 2001 From: Suraj Vadgama Date: Wed, 20 Mar 2019 21:24:35 +0000 Subject: [PATCH 2/2] Specify ruby version in CI config --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 635b0a36..90bb91e6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ jobs: working_directory: ~/beehive-giving parallelism: 1 docker: - - image: circleci/ruby:2.5-node-browsers + - image: circleci/ruby:2.5.3-node-browsers environment: PGHOST: localhost PGUSER: beehive-giving