From 885ea03e50e8326a4f84fe0afd516cf1f5c78fe5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Oct 2022 18:27:11 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-2803851 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-560837 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569601 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514 - https://snyk.io/vuln/SNYK-RUBY-ACTIVEJOB-72640 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1080913 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 - https://snyk.io/vuln/SNYK-RUBY-FFI-22037 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014 - https://snyk.io/vuln/SNYK-RUBY-PUMA-1730572 - https://snyk.io/vuln/SNYK-RUBY-PUMA-2400629 - https://snyk.io/vuln/SNYK-RUBY-PUMA-2437090 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RAILS-1071903 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-2935879 - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 --- Gemfile | 20 ++--- Gemfile.lock | 243 ++++++++++++++++++++++++++------------------------- 2 files changed, 136 insertions(+), 127 deletions(-) diff --git a/Gemfile b/Gemfile index fdb38b9..1753125 100644 --- a/Gemfile +++ b/Gemfile @@ -5,29 +5,29 @@ git_source(:github) do |repo_name| "https://github.com/#{repo_name}.git" end -gem 'dotenv-rails', groups: [:development, :test] +gem 'dotenv-rails', '>= 2.2.2', groups: [:development, :test] gem 'pg' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 5.1.2' +gem 'rails', '~> 5.2.8', '>= 5.2.8.1' # Use sqlite3 as the database for Active Record gem 'sqlite3' # Use Puma as the app server -gem 'puma', '~> 3.12' +gem 'puma', '~> 4.3', '>= 4.3.12' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 5.0', '>= 5.0.6' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes # gem 'therubyracer', platforms: :ruby # Use CoffeeScript for .coffee assets and views -gem 'coffee-rails', '~> 4.2' +gem 'coffee-rails', '~> 4.2', '>= 4.2.2' # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks gem 'turbolinks', '~> 5' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder -gem 'jbuilder', '~> 2.5' +gem 'jbuilder', '~> 2.7', '>= 2.7.0' # Use Redis adapter to run Action Cable in production # gem 'redis', '~> 3.0' # Use ActiveModel has_secure_password @@ -40,17 +40,17 @@ group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] # Adds support for Capybara system testing and selenium driver - gem 'capybara', '~> 2.13' + gem 'capybara', '~> 2.14', '>= 2.14.4' gem 'selenium-webdriver' end group :development do # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. - gem 'web-console', '>= 3.3.0' - gem 'listen', '>= 3.0.5', '< 3.2' + gem 'web-console', '>= 3.5.1' + gem 'listen', '>= 3.1.5', '< 3.2' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' - gem 'spring-watcher-listen', '~> 2.0.0' + gem 'spring-watcher-listen', '~> 2.0.1' end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/Gemfile.lock b/Gemfile.lock index 4112671..491a144 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,58 +1,61 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.1.2) - actionpack (= 5.1.2) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.2) - actionpack (= 5.1.2) - actionview (= 5.1.2) - activejob (= 5.1.2) + websocket-driver (>= 0.6.1) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.2) - actionview (= 5.1.2) - activesupport (= 5.1.2) - rack (~> 2.0) - rack-test (~> 0.6.3) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.2) - activesupport (= 5.1.2) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.2) - activesupport (= 5.1.2) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.1.2) - activesupport (= 5.1.2) - activerecord (5.1.2) - activemodel (= 5.1.2) - activesupport (= 5.1.2) - arel (~> 8.0) - activesupport (5.1.2) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) + arel (>= 9.0) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.1) - public_suffix (~> 2.0, >= 2.0.2) - arel (8.0.0) - bindex (0.5.0) - builder (3.2.3) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + arel (9.0.0) + bindex (0.8.1) + builder (3.2.4) byebug (9.0.6) - capybara (2.14.4) + capybara (2.18.0) addressable - mime-types (>= 1.16) + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) - childprocess (0.7.1) - ffi (~> 1.0, >= 1.0.11) + xpath (>= 2.0, < 4.0) + childprocess (4.1.0) coffee-rails (4.2.2) coffee-script (>= 2.2.0) railties (>= 4.0.0) @@ -60,144 +63,150 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.10) crass (1.0.6) - dotenv (2.2.1) - dotenv-rails (2.2.1) - dotenv (= 2.2.1) - railties (>= 3.2, < 5.2) - erubi (1.6.1) - execjs (2.7.0) - ffi (1.9.18) - globalid (0.4.0) - activesupport (>= 4.2.0) - i18n (0.8.6) - jbuilder (2.7.0) - activesupport (>= 4.2.0) - multi_json (>= 1.2) + dotenv (2.8.1) + dotenv-rails (2.8.1) + dotenv (= 2.8.1) + railties (>= 3.2) + erubi (1.11.0) + execjs (2.8.1) + ffi (1.15.5) + globalid (1.0.0) + activesupport (>= 5.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + jbuilder (2.11.5) + actionview (>= 5.0.0) + activesupport (>= 5.0.0) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.7.0) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.6) - mime-types (>= 1.16, < 4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.4.0) - minitest (5.10.3) - multi_json (1.12.1) - nio4r (2.1.0) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (1.0.2) + method_source (1.0.0) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.16.3) + nio4r (2.5.8) + nokogiri (1.13.8) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) pg (0.21.0) - public_suffix (2.0.5) - puma (3.12.6) - rack (2.2.3) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.1.2) - actioncable (= 5.1.2) - actionmailer (= 5.1.2) - actionpack (= 5.1.2) - actionview (= 5.1.2) - activejob (= 5.1.2) - activemodel (= 5.1.2) - activerecord (= 5.1.2) - activesupport (= 5.1.2) - bundler (>= 1.3.0, < 2.0) - railties (= 5.1.2) + public_suffix (5.0.0) + puma (4.3.12) + nio4r (~> 2.0) + racc (1.6.0) + rack (2.2.4) + rack-test (2.0.2) + rack (>= 1.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) + bundler (>= 1.3.0) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) - railties (5.1.2) - actionpack (= 5.1.2) - activesupport (= 5.1.2) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rb-fsevent (0.10.2) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) + thor (>= 0.19.0, < 2.0) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) ruby_dep (1.5.0) - rubyzip (1.3.0) - sass (3.5.1) + rubyzip (2.3.2) + sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.6) - railties (>= 4.0.0, < 6) + sass-rails (5.1.0) + railties (>= 5.2.0) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - selenium-webdriver (3.4.4) - childprocess (~> 0.5) - rubyzip (~> 1.0) - spring (2.0.2) - activesupport (>= 4.2) + selenium-webdriver (4.5.0) + childprocess (>= 0.5, < 5.0) + rexml (~> 3.2, >= 3.2.5) + rubyzip (>= 1.2.2, < 3.0) + websocket (~> 1.0) + spring (2.1.1) spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) sqlite3 (1.3.13) - thor (0.19.4) + thor (1.2.1) thread_safe (0.3.6) - tilt (2.0.8) + tilt (2.0.11) turbolinks (5.0.1) turbolinks-source (~> 5) turbolinks-source (5.0.3) - tzinfo (1.2.3) + tzinfo (1.2.10) thread_safe (~> 0.1) uglifier (3.2.0) execjs (>= 0.3.0, < 3) - web-console (3.5.1) + web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0) bindex (>= 0.4.0) railties (>= 5.0) - websocket-driver (0.6.5) + websocket (1.2.9) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - xpath (2.1.0) - nokogiri (~> 1.3) + xpath (3.2.0) + nokogiri (~> 1.8) PLATFORMS ruby DEPENDENCIES byebug - capybara (~> 2.13) - coffee-rails (~> 4.2) - dotenv-rails - jbuilder (~> 2.5) - listen (>= 3.0.5, < 3.2) + capybara (~> 2.14, >= 2.14.4) + coffee-rails (~> 4.2, >= 4.2.2) + dotenv-rails (>= 2.2.2) + jbuilder (~> 2.7, >= 2.7.0) + listen (>= 3.1.5, < 3.2) pg - puma (~> 3.12) - rails (~> 5.1.2) - sass-rails (~> 5.0) + puma (~> 4.3, >= 4.3.12) + rails (~> 5.2.8, >= 5.2.8.1) + sass-rails (~> 5.0, >= 5.0.6) selenium-webdriver spring - spring-watcher-listen (~> 2.0.0) + spring-watcher-listen (~> 2.0.1) sqlite3 turbolinks (~> 5) uglifier (>= 1.3.0) - web-console (>= 3.3.0) + web-console (>= 3.5.1) BUNDLED WITH - 1.15.3 + 1.17.3