From 7c97ef9707a1985d002a52f30a8db09ba0f57221 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 Jun 2018 06:36:08 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 --- Gemfile | 6 +-- Gemfile.lock | 114 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 72 insertions(+), 48 deletions(-) diff --git a/Gemfile b/Gemfile index 413ee03..6f518d8 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gem 'rails', '4.1.8' # Use postgresql as the database for Active Record gem 'pg' # Use SCSS for stylesheets -gem 'sass-rails', '~> 4.0.3' +gem 'sass-rails', '~> 4.0.5' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # Use CoffeeScript for .js.coffee assets and views @@ -38,7 +38,7 @@ gem 'spring', group: :development # Use debugger # gem 'debugger', group: [:development, :test] -gem 'twitter-bootstrap-rails' +gem 'twitter-bootstrap-rails', '>= 3.2.0' gem 'devise' @@ -46,7 +46,7 @@ gem 'rails_12factor', group: :production gem 'geocoder' -gem 'rails_admin' +gem 'rails_admin', '>= 0.7.0' gem 'kaminari' diff --git a/Gemfile.lock b/Gemfile.lock index 99b74f0..633cf3a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -34,7 +34,7 @@ GEM json (~> 1.4) nokogiri (>= 1.4.4) bcrypt (3.1.10) - builder (3.2.2) + builder (3.2.3) climate_control (0.0.3) activesupport (>= 3.0) cocaine (0.5.7) @@ -45,7 +45,9 @@ GEM coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.9.1.1) + coffee-script-source (1.12.2) + commonjs (0.2.7) + concurrent-ruby (1.0.5) devise (3.5.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) @@ -54,37 +56,60 @@ GEM thread_safe (~> 0.1) warden (~> 1.2.3) erubis (2.7.0) - execjs (2.6.0) - font-awesome-rails (4.4.0.0) - railties (>= 3.2, < 5.0) + execjs (2.7.0) + font-awesome-rails (4.7.0.4) + railties (>= 3.2, < 6.0) geocoder (1.2.11) - haml (4.0.7) + grease (0.3.1) + haml (5.0.4) + temple (>= 0.8.0) tilt hike (1.2.3) - i18n (0.7.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jbuilder (2.3.2) activesupport (>= 3.0.0, < 5) multi_json (~> 1.2) - jquery-rails (3.1.4) + jquery-rails (3.1.5) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) jquery-ui-rails (5.0.5) railties (>= 3.2.16) - json (1.8.3) - kaminari (0.16.3) - actionpack (>= 3.0.0) - activesupport (>= 3.0.0) + json (1.8.6) + kaminari (1.1.1) + activesupport (>= 4.1.0) + kaminari-actionview (= 1.1.1) + kaminari-activerecord (= 1.1.1) + kaminari-core (= 1.1.1) + kaminari-actionview (1.1.1) + actionview + kaminari-core (= 1.1.1) + kaminari-activerecord (1.1.1) + activerecord + kaminari-core (= 1.1.1) + kaminari-core (1.1.1) + less (2.6.0) + commonjs (~> 0.2.7) + less-rails (3.0.0) + actionpack (>= 4.0) + grease + less (~> 2.6.0) + sprockets (> 2, < 4) + tilt libv8 (3.16.14.13) - mail (2.6.3) - mime-types (>= 1.16, < 3) - mime-types (2.6.2) + mail (2.7.0) + mini_mime (>= 0.1.1) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) mimemagic (0.3.0) - mini_portile (0.6.2) - minitest (5.8.1) - multi_json (1.11.2) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) + multi_json (1.13.1) nested_form (0.3.2) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + nokogiri (1.8.3) + mini_portile2 (~> 2.3.0) orm_adapter (0.5.0) paperclip (4.3.1) activemodel (>= 3.2.0) @@ -94,9 +119,9 @@ GEM mimemagic (= 0.3.0) pg (0.18.3) rack (1.5.5) - rack-pjax (0.8.0) + rack-pjax (1.0.0) nokogiri (~> 1.5) - rack (~> 1.1) + rack (>= 1.1) rack-test (0.6.3) rack (>= 1.0) rails (4.1.8) @@ -112,19 +137,18 @@ GEM rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging - rails_admin (0.7.0) + rails_admin (1.3.0) builder (~> 3.1) coffee-rails (~> 4.0) font-awesome-rails (>= 3.0, < 5) - haml (~> 4.0) + haml (>= 4.0, < 6) jquery-rails (>= 3.0, < 5) jquery-ui-rails (~> 5.0) - kaminari (~> 0.14) + kaminari (>= 0.14, < 2.0) nested_form (~> 0.3) - rack-pjax (~> 0.7) - rails (~> 4.0) - remotipart (~> 1.0) - safe_yaml (~> 1.0) + rack-pjax (>= 0.7) + rails (>= 4.0, < 6) + remotipart (~> 1.3) sass-rails (>= 4.0, < 6) rails_serve_static_assets (0.0.4) rails_stdout_logging (0.0.4) @@ -133,13 +157,12 @@ GEM activesupport (= 4.1.8) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rake (12.3.1) rdoc (4.2.0) ref (2.0.0) - remotipart (1.2.1) + remotipart (1.4.2) responders (1.1.2) railties (>= 3.2, < 4.2) - safe_yaml (1.0.4) sass (3.2.19) sass-rails (4.0.5) railties (>= 4.0.0, < 5.0) @@ -150,7 +173,7 @@ GEM json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) spring (1.4.0) - sprockets (2.12.4) + sprockets (2.12.5) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -159,20 +182,21 @@ GEM actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) + temple (0.8.0) therubyracer (0.12.2) libv8 (~> 3.16.14.0) ref - thor (0.19.1) - thread_safe (0.3.5) + thor (0.20.0) + thread_safe (0.3.6) tilt (1.4.1) turbolinks (2.5.3) coffee-rails - twitter-bootstrap-rails (3.2.0) - actionpack (~> 4.1) - execjs (~> 2.2) - rails (~> 4.1) - railties (~> 4.1) - tzinfo (1.2.2) + twitter-bootstrap-rails (3.2.2) + actionpack (>= 3.1) + execjs (>= 2.2.2, >= 2.2) + less-rails (>= 2.5.0) + railties (>= 3.1) + tzinfo (1.2.5) thread_safe (~> 0.1) uglifier (2.7.2) execjs (>= 0.3.0) @@ -195,14 +219,14 @@ DEPENDENCIES pg rails (= 4.1.8) rails_12factor - rails_admin - sass-rails (~> 4.0.3) + rails_admin (>= 0.7.0) + sass-rails (~> 4.0.5) sdoc (~> 0.4.0) spring therubyracer turbolinks - twitter-bootstrap-rails + twitter-bootstrap-rails (>= 3.2.0) uglifier (>= 1.3.0) BUNDLED WITH - 1.10.6 + 1.16.1