From debe2d0c84fc4bf7525eab32ee2089a90935f6ec Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 22:23:35 +0100 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 5cc4e6e..ed1cc1a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails' +gem 'rails', '>= 4.0.0' gem 'grape' gem 'thin' @@ -9,9 +9,9 @@ gem 'dalli' group :test, :development do gem 'sqlite3' - gem 'rspec-rails' + gem 'rspec-rails', '>= 2.11.0' gem 'pry' - gem 'factory_girl_rails' + gem 'factory_girl_rails', '>= 4.1.0' gem 'database_cleaner' gem 'awesome_print' # gem 'simplecov' From 5a1f6708dae986dc3f6ea220773af402e19ad5cc Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 22:23:36 +0100 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile.lock | 228 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 133 insertions(+), 95 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index dc2ef2f..b355733 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,48 +1,66 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.8) - actionpack (= 3.2.8) - mail (~> 2.4.4) - actionpack (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.0) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.1.3) - activemodel (3.2.8) - activesupport (= 3.2.8) - builder (~> 3.0.0) - activerecord (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - activesupport (3.2.8) - i18n (~> 0.6) - multi_json (~> 1.0) - arel (3.0.2) + actioncable (5.2.4.2) + actionpack (= 5.2.4.2) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.2) + actionpack (= 5.2.4.2) + actionview (= 5.2.4.2) + activejob (= 5.2.4.2) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.2.4.2) + actionview (= 5.2.4.2) + activesupport (= 5.2.4.2) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.4.2) + activesupport (= 5.2.4.2) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.4.2) + activesupport (= 5.2.4.2) + globalid (>= 0.3.6) + activemodel (5.2.4.2) + activesupport (= 5.2.4.2) + activerecord (5.2.4.2) + activemodel (= 5.2.4.2) + activesupport (= 5.2.4.2) + arel (>= 9.0) + activestorage (5.2.4.2) + actionpack (= 5.2.4.2) + activerecord (= 5.2.4.2) + marcel (~> 0.3.1) + activesupport (5.2.4.2) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (9.0.0) awesome_print (1.1.0) - builder (3.0.3) + builder (3.2.4) coderay (1.0.7) + concurrent-ruby (1.1.6) + crass (1.0.6) daemons (1.1.9) dalli (2.2.1) database_cleaner (0.8.0) - diff-lcs (1.1.3) - erubis (2.7.0) + diff-lcs (1.3) + erubi (1.9.0) eventmachine (1.0.0) - factory_girl (4.1.0) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.1.0) - factory_girl (~> 4.1.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) + globalid (0.4.2) + activesupport (>= 4.2.0) grape (0.2.1) hashie (~> 1.2) multi_json @@ -50,80 +68,97 @@ GEM rack rack-mount hashie (1.2.0) - hike (1.2.1) - i18n (0.6.1) - journey (1.0.4) - json (1.7.5) - mail (2.4.4) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) + i18n (1.8.2) + concurrent-ruby (~> 1.0) + loofah (2.5.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) method_source (0.8) - mime-types (1.19) - multi_json (1.3.6) + mimemagic (0.3.4) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.0) + multi_json (1.14.1) multi_xml (0.5.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) pg (0.14.0) - polyglot (0.3.3) pry (0.9.10) coderay (~> 1.0.5) method_source (~> 0.8) slop (~> 3.3.1) - rack (1.4.1) - rack-cache (1.2) - rack (>= 0.4) + rack (2.2.2) rack-mount (0.8.3) rack (>= 1.0.0) - rack-ssl (1.3.2) - rack - rack-test (0.6.1) - rack (>= 1.0) - rails (3.2.8) - actionmailer (= 3.2.8) - actionpack (= 3.2.8) - activerecord (= 3.2.8) - activeresource (= 3.2.8) - activesupport (= 3.2.8) - bundler (~> 1.0) - railties (= 3.2.8) - railties (3.2.8) - actionpack (= 3.2.8) - activesupport (= 3.2.8) - rack-ssl (~> 1.3.2) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.2.4.2) + actioncable (= 5.2.4.2) + actionmailer (= 5.2.4.2) + actionpack (= 5.2.4.2) + actionview (= 5.2.4.2) + activejob (= 5.2.4.2) + activemodel (= 5.2.4.2) + activerecord (= 5.2.4.2) + activestorage (= 5.2.4.2) + activesupport (= 5.2.4.2) + bundler (>= 1.3.0) + railties (= 5.2.4.2) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.2) + actionpack (= 5.2.4.2) + activesupport (= 5.2.4.2) + method_source rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (0.9.2.2) - rdoc (3.12) - json (~> 1.4) - rspec (2.11.0) - rspec-core (~> 2.11.0) - rspec-expectations (~> 2.11.0) - rspec-mocks (~> 2.11.0) - rspec-core (2.11.1) - rspec-expectations (2.11.3) - diff-lcs (~> 1.1.3) - rspec-mocks (2.11.2) - rspec-rails (2.11.0) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec (~> 2.11.0) + thor (>= 0.19.0, < 2.0) + rake (13.0.1) + rspec-core (3.9.1) + rspec-support (~> 3.9.1) + rspec-expectations (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-rails (4.0.0) + actionpack (>= 4.2) + activesupport (>= 4.2) + railties (>= 4.2) + rspec-core (~> 3.9) + rspec-expectations (~> 3.9) + rspec-mocks (~> 3.9) + rspec-support (~> 3.9) + rspec-support (3.9.2) slop (3.3.3) - sprockets (2.1.3) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.6) thin (1.4.1) daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.16.0) - tilt (1.3.3) - treetop (1.4.10) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.33) + thor (1.0.1) + thread_safe (0.3.6) + tzinfo (1.2.7) + thread_safe (~> 0.1) + websocket-driver (0.7.1) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.4) PLATFORMS ruby @@ -132,11 +167,14 @@ DEPENDENCIES awesome_print dalli database_cleaner - factory_girl_rails + factory_girl_rails (>= 4.1.0) grape pg pry - rails - rspec-rails + rails (>= 4.0.0) + rspec-rails (>= 2.11.0) sqlite3 thin + +BUNDLED WITH + 1.17.3