From f076fec53a089257ee8466449e468ff738a66621 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 19 Dec 2019 21:22:43 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 --- Gemfile | 10 +- Gemfile.lock | 272 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 168 insertions(+), 114 deletions(-) diff --git a/Gemfile b/Gemfile index 5cc4e6e..eb856c9 100644 --- a/Gemfile +++ b/Gemfile @@ -1,17 +1,17 @@ source 'https://rubygems.org' -gem 'rails' -gem 'grape' +gem 'rails', '>= 4.2.0' +gem 'grape', '>= 0.2.1' -gem 'thin' +gem 'thin', '>= 1.4.1' gem 'pg' gem 'dalli' group :test, :development do gem 'sqlite3' - gem 'rspec-rails' + gem 'rspec-rails', '>= 2.11.0' gem 'pry' - gem 'factory_girl_rails' + gem 'factory_girl_rails', '>= 4.1.0' gem 'database_cleaner' gem 'awesome_print' # gem 'simplecov' diff --git a/Gemfile.lock b/Gemfile.lock index dc2ef2f..82a5a5c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,129 +1,180 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.8) - actionpack (= 3.2.8) - mail (~> 2.4.4) - actionpack (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.0) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.1.3) - activemodel (3.2.8) - activesupport (= 3.2.8) - builder (~> 3.0.0) - activerecord (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - activesupport (3.2.8) - i18n (~> 0.6) - multi_json (~> 1.0) - arel (3.0.2) + actioncable (5.2.4.1) + actionpack (= 5.2.4.1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.1) + actionpack (= 5.2.4.1) + actionview (= 5.2.4.1) + activejob (= 5.2.4.1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.2.4.1) + actionview (= 5.2.4.1) + activesupport (= 5.2.4.1) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.1) + activesupport (= 5.2.4.1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.4.1) + activesupport (= 5.2.4.1) + globalid (>= 0.3.6) + activemodel (5.2.4.1) + activesupport (= 5.2.4.1) + activerecord (5.2.4.1) + activemodel (= 5.2.4.1) + activesupport (= 5.2.4.1) + arel (>= 9.0) + activestorage (5.2.4.1) + actionpack (= 5.2.4.1) + activerecord (= 5.2.4.1) + marcel (~> 0.3.1) + activesupport (5.2.4.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (9.0.0) awesome_print (1.1.0) - builder (3.0.3) + axiom-types (0.1.1) + descendants_tracker (~> 0.0.4) + ice_nine (~> 0.11.0) + thread_safe (~> 0.3, >= 0.3.1) + builder (3.2.4) coderay (1.0.7) - daemons (1.1.9) + coercible (1.0.0) + descendants_tracker (~> 0.0.1) + concurrent-ruby (1.1.5) + crass (1.0.5) + daemons (1.3.1) dalli (2.2.1) database_cleaner (0.8.0) - diff-lcs (1.1.3) - erubis (2.7.0) - eventmachine (1.0.0) - factory_girl (4.1.0) + descendants_tracker (0.0.4) + thread_safe (~> 0.3, >= 0.3.1) + diff-lcs (1.3) + equalizer (0.0.11) + erubi (1.9.0) + eventmachine (1.2.7) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.1.0) - factory_girl (~> 4.1.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) - grape (0.2.1) - hashie (~> 1.2) - multi_json - multi_xml - rack - rack-mount - hashie (1.2.0) - hike (1.2.1) - i18n (0.6.1) - journey (1.0.4) - json (1.7.5) - mail (2.4.4) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) + globalid (0.4.2) + activesupport (>= 4.2.0) + grape (1.2.5) + activesupport + builder + mustermann-grape (~> 1.0.0) + rack (>= 1.3.0) + rack-accept + virtus (>= 1.0.0) + i18n (1.7.0) + concurrent-ruby (~> 1.0) + ice_nine (0.11.2) + loofah (2.4.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) method_source (0.8) - mime-types (1.19) - multi_json (1.3.6) - multi_xml (0.5.1) + mimemagic (0.3.3) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.13.0) + mustermann (1.0.3) + mustermann-grape (1.0.0) + mustermann (~> 1.0.0) + nio4r (2.5.2) + nokogiri (1.10.7) + mini_portile2 (~> 2.4.0) pg (0.14.0) - polyglot (0.3.3) pry (0.9.10) coderay (~> 1.0.5) method_source (~> 0.8) slop (~> 3.3.1) - rack (1.4.1) - rack-cache (1.2) + rack (2.0.8) + rack-accept (0.4.5) rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-ssl (1.3.2) - rack - rack-test (0.6.1) - rack (>= 1.0) - rails (3.2.8) - actionmailer (= 3.2.8) - actionpack (= 3.2.8) - activerecord (= 3.2.8) - activeresource (= 3.2.8) - activesupport (= 3.2.8) - bundler (~> 1.0) - railties (= 3.2.8) - railties (3.2.8) - actionpack (= 3.2.8) - activesupport (= 3.2.8) - rack-ssl (~> 1.3.2) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.2.4.1) + actioncable (= 5.2.4.1) + actionmailer (= 5.2.4.1) + actionpack (= 5.2.4.1) + actionview (= 5.2.4.1) + activejob (= 5.2.4.1) + activemodel (= 5.2.4.1) + activerecord (= 5.2.4.1) + activestorage (= 5.2.4.1) + activesupport (= 5.2.4.1) + bundler (>= 1.3.0) + railties (= 5.2.4.1) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.1) + actionpack (= 5.2.4.1) + activesupport (= 5.2.4.1) + method_source rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (0.9.2.2) - rdoc (3.12) - json (~> 1.4) - rspec (2.11.0) - rspec-core (~> 2.11.0) - rspec-expectations (~> 2.11.0) - rspec-mocks (~> 2.11.0) - rspec-core (2.11.1) - rspec-expectations (2.11.3) - diff-lcs (~> 1.1.3) - rspec-mocks (2.11.2) - rspec-rails (2.11.0) + thor (>= 0.19.0, < 2.0) + rake (13.0.1) + rspec-core (3.9.0) + rspec-support (~> 3.9.0) + rspec-expectations (3.9.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-rails (3.9.0) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec (~> 2.11.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-support (~> 3.9.0) + rspec-support (3.9.0) slop (3.3.3) - sprockets (2.1.3) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.6) - thin (1.4.1) - daemons (>= 1.0.9) - eventmachine (>= 0.12.6) - rack (>= 1.0.0) - thor (0.16.0) - tilt (1.3.3) - treetop (1.4.10) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.33) + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + thor (1.0.1) + thread_safe (0.3.6) + tzinfo (1.2.5) + thread_safe (~> 0.1) + virtus (1.0.5) + axiom-types (~> 0.1) + coercible (~> 1.0) + descendants_tracker (~> 0.0, >= 0.0.3) + equalizer (~> 0.0, >= 0.0.9) + websocket-driver (0.7.1) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.4) PLATFORMS ruby @@ -132,11 +183,14 @@ DEPENDENCIES awesome_print dalli database_cleaner - factory_girl_rails - grape + factory_girl_rails (>= 4.1.0) + grape (>= 0.2.1) pg pry - rails - rspec-rails + rails (>= 4.2.0) + rspec-rails (>= 2.11.0) sqlite3 - thin + thin (>= 1.4.1) + +BUNDLED WITH + 1.17.3