From c6d1bd7a149999484a12d08daadbd1a93117f68c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 2 Feb 2017 17:24:28 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20198 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20200 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20255 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-20225 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20262 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20263 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20271 - https://snyk.io/vuln/SNYK-RUBY-ACTIVEMODEL-20260 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20184 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20190 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20228 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20244 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20245 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20253 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20268 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20292 - https://snyk.io/vuln/SNYK-RUBY-REDCARPET-20212 - https://snyk.io/vuln/SNYK-RUBY-UGLIFIER-20236 Latest report for hackclub/website: https://snyk.io/test/github/hackclub/website --- Gemfile | 20 +-- Gemfile.lock | 338 +++++++++++++++++++++++++++------------------------ 2 files changed, 191 insertions(+), 167 deletions(-) diff --git a/Gemfile b/Gemfile index 6f01293..b242186 100644 --- a/Gemfile +++ b/Gemfile @@ -1,27 +1,27 @@ source 'https://rubygems.org' source 'https://rails-assets.org' -gem 'rails', '4.1.1' +gem 'rails', '~> 4.2.7.1' # This change was made via Snyk to fix a vulnerability gem 'sass-rails', '~> 4.0.3' -gem 'uglifier', '>= 1.3.0' +gem 'uglifier', '~> 2.7.2' # This change was made via Snyk to fix a vulnerability gem 'coffee-rails', '~> 4.0.0' gem 'therubyracer' gem 'haml-rails' -gem 'redcarpet' +gem 'redcarpet', '~> 3.2.3' # This change was made via Snyk to fix a vulnerability gem 'rack-ssl-enforcer' gem 'rack-attack' gem 'unf_ext' gem 'jquery-rails' -gem 'jbuilder', '~> 2.0' +gem 'jbuilder', '~> 2.2.5' # This change was made via Snyk to fix a vulnerability gem 'sdoc', '~> 0.4.0', group: :doc gem 'foundation-rails' gem 'rails-assets-Hover' gem 'rails-assets-underscore' gem 'gmaps4rails' -gem 'simple_form' +gem 'simple_form', '~> 3.1.0' # This change was made via Snyk to fix a vulnerability gem 'enum_help' -gem 'pluggable_js' +gem 'pluggable_js', '~> 2.0.4' # This change was made via Snyk to fix a vulnerability gem 'figaro' gem 'validates_email_format_of' gem 'stripe' @@ -38,11 +38,11 @@ group :development, :test do gem 'rspec-rails' gem 'guard-rspec' - gem 'shoulda' - gem 'factory_girl_rails' - gem 'capybara' + gem 'shoulda', '~> 3.5.0' # This change was made via Snyk to fix a vulnerability + gem 'factory_girl_rails', '~> 4.5.0' # This change was made via Snyk to fix a vulnerability + gem 'capybara', '~> 2.4.4' # This change was made via Snyk to fix a vulnerability gem 'faker' - gem 'email_spec' + gem 'email_spec', '~> 1.6.0' # This change was made via Snyk to fix a vulnerability gem 'rspec_junit_formatter' end diff --git a/Gemfile.lock b/Gemfile.lock index 2f5d0c5..ec0cc15 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,41 +2,51 @@ GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ specs: - actionmailer (4.1.1) - actionpack (= 4.1.1) - actionview (= 4.1.1) - mail (~> 2.5.4) - actionpack (4.1.1) - actionview (= 4.1.1) - activesupport (= 4.1.1) - rack (~> 1.5.2) + actionmailer (4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (4.2.7.1) + actionview (= 4.2.7.1) + activesupport (= 4.2.7.1) + rack (~> 1.6) rack-test (~> 0.6.2) - actionview (4.1.1) - activesupport (= 4.1.1) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.1) - activesupport (= 4.1.1) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + activejob (4.2.7.1) + activesupport (= 4.2.7.1) + globalid (>= 0.3.0) + activemodel (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) - activerecord (4.1.1) - activemodel (= 4.1.1) - activesupport (= 4.1.1) - arel (~> 5.0.0) - activesupport (4.1.1) - i18n (~> 0.6, >= 0.6.9) + activerecord (4.2.7.1) + activemodel (= 4.2.7.1) + activesupport (= 4.2.7.1) + arel (~> 6.0) + activesupport (4.2.7.1) + i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) - thread_safe (~> 0.1) + thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.3.6) - arel (5.0.1.20140414130214) - better_errors (2.0.0) + addressable (2.5.0) + public_suffix (~> 2.0, >= 2.0.2) + arel (6.0.4) + better_errors (2.1.1) coderay (>= 1.0.0) erubis (>= 2.6.6) rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) - builder (3.2.2) + builder (3.2.3) byebug (9.0.6) capybara (2.4.4) mime-types (>= 1.16) @@ -44,182 +54,199 @@ GEM rack (>= 1.0.0) rack-test (>= 0.5.4) xpath (~> 2.0) - celluloid (0.16.0) - timers (~> 4.0.0) - coderay (1.1.0) + coderay (1.1.1) coffee-rails (4.0.1) coffee-script (>= 2.2.0) railties (>= 4.0.0, < 5.0) - coffee-script (2.3.0) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.8.0) + coffee-script-source (1.12.2) debug_inspector (0.0.2) - diff-lcs (1.2.5) - domain_name (0.5.20160310) + diff-lcs (1.3) + domain_name (0.5.20161129) unf (>= 0.0.5, < 1.0.0) email_spec (1.6.0) launchy (~> 2.1) mail (~> 2.2) - enum_help (0.0.12) + enum_help (0.0.16) erubis (2.7.0) - execjs (2.2.2) + execjs (2.7.0) factory_girl (4.5.0) activesupport (>= 3.0.0) factory_girl_rails (4.5.0) factory_girl (~> 4.5.0) railties (>= 3.0.0) - faker (1.4.3) + faker (1.7.2) i18n (~> 0.5) - faraday (0.9.2) + faraday (0.11.0) multipart-post (>= 1.2, < 3) - ffi (1.9.6) - figaro (1.0.0) + ffi (1.9.17) + figaro (1.1.1) thor (~> 0.14) formatador (0.2.5) - foundation-rails (5.4.5.0) + foundation-rails (5.5.0.0) railties (>= 3.1.0) - sass (>= 3.2.0) + sass (>= 3.2.0, < 3.4) + globalid (0.3.7) + activesupport (>= 4.1.0) gmaps4rails (2.1.2) - guard (2.10.3) + guard (2.14.1) formatador (>= 0.2.4) - listen (~> 2.7) + listen (>= 2.7, < 4.0) lumberjack (~> 1.0) nenv (~> 0.1) + notiffany (~> 0.0) pry (>= 0.9.12) + shellany (~> 0.0) thor (>= 0.18.1) - guard-compat (1.1.0) - guard-rspec (4.5.0) + guard-compat (1.2.1) + guard-rspec (4.7.3) guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - haml (4.1.0.beta.1) + haml (4.0.7) tilt - haml-rails (0.6.0) + haml-rails (0.9.0) actionpack (>= 4.0.1) activesupport (>= 4.0.1) - haml (>= 3.1, < 5.0) + haml (>= 4.0.6, < 5.0) html2haml (>= 1.0.1) railties (>= 4.0.1) hike (1.2.3) - hitimes (1.2.2) - hpricot (0.8.6) - html2haml (1.0.1) + html2haml (2.1.0) erubis (~> 2.7.0) - haml (>= 4.0.0.rc.1) - hpricot (~> 0.8.6) - ruby_parser (~> 3.1.1) - http-cookie (1.0.2) + haml (~> 4.0) + nokogiri (>= 1.6.0) + ruby_parser (~> 3.5) + http-cookie (1.0.3) domain_name (~> 0.5) - i18n (0.6.11) - jbuilder (2.2.5) + i18n (0.8.0) + jbuilder (2.2.16) activesupport (>= 3.0.0, < 5) multi_json (~> 1.2) - jquery-rails (3.1.2) - railties (>= 3.0, < 5.0) + jquery-rails (4.2.2) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.1) + json (1.8.6) launchy (2.4.3) addressable (~> 2.3) - letter_opener (1.3.0) + letter_opener (1.4.1) launchy (~> 2.2) - libv8 (3.16.14.7) - listen (2.8.3) - celluloid (>= 0.15.2) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - lumberjack (1.0.9) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) + libv8 (3.16.14.17) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) + loofah (2.0.3) + nokogiri (>= 1.5.9) + lumberjack (1.0.11) + mail (2.6.4) + mime-types (>= 1.16, < 4) method_source (0.8.2) - mime-types (1.25.1) - mini_portile (0.6.1) - minitest (5.5.0) - multi_json (1.10.1) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) + minitest (5.10.1) + multi_json (1.12.1) multipart-post (2.0.0) - nenv (0.1.1) + nenv (0.3.0) netrc (0.11.0) - nokogiri (1.6.5) - mini_portile (~> 0.6.0) - pg (0.17.1) + nokogiri (1.7.0.1) + mini_portile2 (~> 2.1.0) + notiffany (0.1.1) + nenv (~> 0.1) + shellany (~> 0.0) + pg (0.19.0) pluggable_js (2.0.4) coffee-rails jquery-rails rails (>= 3.1) - polyglot (0.3.5) - pry (0.10.1) + pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - puma (3.6.2) - rack (1.5.5) - rack-attack (4.3.0) + public_suffix (2.0.5) + puma (3.7.0) + rack (1.6.5) + rack-attack (5.0.1) rack rack-proxy (0.6.0) rack - rack-ssl-enforcer (0.2.8) - rack-test (0.6.2) + rack-ssl-enforcer (0.2.9) + rack-test (0.6.3) rack (>= 1.0) - rack-timeout (0.2.4) - rails (4.1.1) - actionmailer (= 4.1.1) - actionpack (= 4.1.1) - actionview (= 4.1.1) - activemodel (= 4.1.1) - activerecord (= 4.1.1) - activesupport (= 4.1.1) + rack-timeout (0.4.2) + rails (4.2.7.1) + actionmailer (= 4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) + activemodel (= 4.2.7.1) + activerecord (= 4.2.7.1) + activesupport (= 4.2.7.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.1) - sprockets-rails (~> 2.0) - rails-assets-Hover (1.0.9) - rails-assets-underscore (1.7.0) + railties (= 4.2.7.1) + sprockets-rails + rails-assets-Hover (2.1.0) + rails-assets-underscore (1.8.3) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.8) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (4.1.1) - actionpack (= 4.1.1) - activesupport (= 4.1.1) + railties (4.2.7.1) + actionpack (= 4.2.7.1) + activesupport (= 4.2.7.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) - rb-fsevent (0.9.4) - rb-inotify (0.9.5) + rake (12.0.0) + rb-fsevent (0.9.8) + rb-inotify (0.9.8) ffi (>= 0.5.0) - rdoc (4.2.0) - json (~> 1.4) - redcarpet (3.2.2) - ref (1.0.5) - rest-client (1.8.0) + rdoc (4.3.0) + redcarpet (3.2.3) + ref (2.0.0) + rest-client (2.0.0) http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 3.0) - netrc (~> 0.7) - rspec (3.1.0) - rspec-core (~> 3.1.0) - rspec-expectations (~> 3.1.0) - rspec-mocks (~> 3.1.0) - rspec-core (3.1.7) - rspec-support (~> 3.1.0) - rspec-expectations (3.1.2) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rspec (3.5.0) + rspec-core (~> 3.5.0) + rspec-expectations (~> 3.5.0) + rspec-mocks (~> 3.5.0) + rspec-core (3.5.4) + rspec-support (~> 3.5.0) + rspec-expectations (3.5.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.5.0) + rspec-mocks (3.5.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.1.0) - rspec-mocks (3.1.3) - rspec-support (~> 3.1.0) - rspec-rails (3.1.0) + rspec-support (~> 3.5.0) + rspec-rails (3.5.2) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec-core (~> 3.1.0) - rspec-expectations (~> 3.1.0) - rspec-mocks (~> 3.1.0) - rspec-support (~> 3.1.0) - rspec-support (3.1.2) + rspec-core (~> 3.5.0) + rspec-expectations (~> 3.5.0) + rspec-mocks (~> 3.5.0) + rspec-support (~> 3.5.0) + rspec-support (3.5.0) rspec_junit_formatter (0.2.3) builder (< 4) rspec-core (>= 2, < 4, != 2.12.0) - ruby_parser (3.1.3) + ruby_dep (1.5.0) + ruby_parser (3.8.4) sexp_processor (~> 4.1) sass (3.2.19) sass-rails (4.0.5) @@ -227,53 +254,50 @@ GEM sass (~> 3.2.2) sprockets (~> 2.8, < 3.0) sprockets-rails (~> 2.0) - sdoc (0.4.1) + sdoc (0.4.2) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - sexp_processor (4.4.4) + sexp_processor (4.8.0) + shellany (0.0.1) shoulda (3.5.0) shoulda-context (~> 1.0, >= 1.0.1) shoulda-matchers (>= 1.4.1, < 3.0) - shoulda-context (1.2.1) - shoulda-matchers (2.7.0) + shoulda-context (1.2.2) + shoulda-matchers (2.8.0) activesupport (>= 3.0.0) - simple_form (3.1.0) + simple_form (3.1.1) actionpack (~> 4.0) activemodel (~> 4.0) slop (3.6.0) - spring (1.2.0) - sprockets (2.12.3) + spring (2.0.1) + activesupport (>= 4.2) + sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) + sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.10) - stripe (1.40.0) - rest-client (~> 1.4) - therubyracer (0.12.1) - libv8 (~> 3.16.14.0) + sqlite3 (1.3.13) + stripe (1.58.0) + rest-client (>= 1.4, < 4.0) + therubyracer (0.12.3) + libv8 (~> 3.16.14.15) ref - thor (0.19.1) - thread_safe (0.3.4) + thor (0.19.4) + thread_safe (0.3.5) tilt (1.4.1) - timers (4.0.1) - hitimes - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (2.6.0) + uglifier (2.7.2) execjs (>= 0.3.0) json (>= 1.8.0) unf (0.1.4) unf_ext unf_ext (0.0.7.2) - validates_email_format_of (1.6.1) + validates_email_format_of (1.6.3) i18n xpath (2.0.0) nokogiri (~> 1.3) @@ -285,11 +309,11 @@ DEPENDENCIES better_errors binding_of_caller byebug - capybara + capybara (~> 2.4.4) coffee-rails (~> 4.0.0) - email_spec + email_spec (~> 1.6.0) enum_help - factory_girl_rails + factory_girl_rails (~> 4.5.0) faker faraday figaro @@ -297,34 +321,34 @@ DEPENDENCIES gmaps4rails guard-rspec haml-rails - jbuilder (~> 2.0) + jbuilder (~> 2.2.5) jquery-rails letter_opener pg - pluggable_js + pluggable_js (~> 2.0.4) puma rack-attack rack-proxy rack-ssl-enforcer rack-timeout - rails (= 4.1.1) + rails (~> 4.2.7.1) rails-assets-Hover rails-assets-underscore rails_12factor - redcarpet + redcarpet (~> 3.2.3) rspec-rails rspec_junit_formatter sass-rails (~> 4.0.3) sdoc (~> 0.4.0) - shoulda - simple_form + shoulda (~> 3.5.0) + simple_form (~> 3.1.0) spring sqlite3 stripe therubyracer - uglifier (>= 1.3.0) + uglifier (~> 2.7.2) unf_ext validates_email_format_of BUNDLED WITH - 1.12.5 + 1.13.6