From b1ea708128c8eb23d9f5683da033c16993ae985b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 28 Jul 2022 02:54:15 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 --- Gemfile | 2 +- Gemfile.lock | 197 +++++++++++++++++++++++++++------------------------ 2 files changed, 104 insertions(+), 95 deletions(-) diff --git a/Gemfile b/Gemfile index 1e88f594a83..e72577b300c 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '~> 5.2.1' +gem 'rails', '~> 5.2.8', '>= 5.2.8.1' gem 'rails-i18n' gem 'autoprefixer-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 1eb77dba5c8..6f6c6168891 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,43 +1,43 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.3) - actionpack (= 5.2.3) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.3) - actionpack (= 5.2.3) - actionview (= 5.2.3) - activejob (= 5.2.3) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.3) - actionview (= 5.2.3) - activesupport (= 5.2.3) - rack (~> 2.0) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.3) - activesupport (= 5.2.3) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.3) - activesupport (= 5.2.3) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.2.3) - activesupport (= 5.2.3) - activerecord (5.2.3) - activemodel (= 5.2.3) - activesupport (= 5.2.3) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) arel (>= 9.0) - activestorage (5.2.3) - actionpack (= 5.2.3) - activerecord (= 5.2.3) - marcel (~> 0.3.1) - activesupport (5.2.3) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -45,6 +45,9 @@ GEM addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) arel (9.0.0) + argon2 (2.0.2) + ffi (~> 1.9) + ffi-compiler (>= 0.1) ast (2.4.0) autoprefixer-rails (7.1.2.3) execjs @@ -58,10 +61,10 @@ GEM aws-sdk-core (= 2.11.263) aws-sigv4 (1.1.0) aws-eventstream (~> 1.0, >= 1.0.2) - bcrypt (3.1.12) + bcrypt (3.1.18) bootsnap (1.4.3) msgpack (~> 1.0) - builder (3.2.3) + builder (3.2.4) byebug (11.0.1) capybara (2.18.0) addressable @@ -89,29 +92,30 @@ GEM timers (>= 4.1.1) choice (0.2.0) chunky_png (1.3.10) - clearance (1.17.0) - actionmailer (>= 3.1) - activemodel (>= 3.1) - activerecord (>= 3.1) - bcrypt - email_validator (~> 1.4) - railties (>= 3.1) + clearance (2.6.0) + actionmailer (>= 5.0) + activemodel (>= 5.0) + activerecord (>= 5.0) + argon2 (~> 2.0, >= 2.0.2) + bcrypt (>= 3.1.1) + email_validator (~> 2.0) + railties (>= 5.0) clearance-deprecated_password_strategies (1.10.2) activesupport clearance (>= 1.10) coderay (1.1.2) colorize (0.8.1) compact_index (0.11.0) - concurrent-ruby (1.1.5) - crass (1.0.4) + concurrent-ruby (1.1.10) + crass (1.0.6) css_parser (1.7.0) addressable daemons (1.3.1) dalli (2.7.9) - delayed_job (4.1.5) - activesupport (>= 3.0, < 5.3) - delayed_job_active_record (4.1.3) - activerecord (>= 3.0, < 5.3) + delayed_job (4.1.10) + activesupport (>= 3.0, < 8.0) + delayed_job_active_record (4.1.7) + activerecord (>= 3.0, < 8.0) delayed_job (>= 3.0, < 5) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) @@ -130,9 +134,9 @@ GEM elasticsearch-transport (5.0.5) faraday multi_json - email_validator (1.6.0) + email_validator (2.2.3) activemodel - erubi (1.8.0) + erubi (1.10.0) execjs (2.7.0) factory_bot (4.11.1) activesupport (>= 3.0.0) @@ -145,8 +149,11 @@ GEM aws-sigv4 (~> 1.0) faraday (>= 0.9) ffi (1.9.25) - globalid (0.4.2) - activesupport (>= 4.2.0) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake + globalid (1.0.0) + activesupport (>= 5.0) googleauth (0.6.7) faraday (~> 0.12) jwt (>= 1.4, < 3.0) @@ -169,7 +176,7 @@ GEM http-form_data (2.1.1) http_accept_language (2.1.1) http_parser.rb (0.6.0) - i18n (1.6.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) jaro_winkler (1.5.2) jmespath (1.4.0) @@ -181,18 +188,18 @@ GEM multi_json to_regexp (~> 0.2.1) jwt (2.1.0) - kaminari (1.1.1) + kaminari (1.2.2) activesupport (>= 4.1.0) - kaminari-actionview (= 1.1.1) - kaminari-activerecord (= 1.1.1) - kaminari-core (= 1.1.1) - kaminari-actionview (1.1.1) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) actionview - kaminari-core (= 1.1.1) - kaminari-activerecord (1.1.1) + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) activerecord - kaminari-core (= 1.1.1) - kaminari-core (1.1.1) + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) kgio (2.11.2) kubeclient (4.3.0) http (~> 3.0) @@ -220,23 +227,21 @@ GEM railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) - loofah (2.2.3) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) + marcel (1.0.2) memoist (0.16.0) metaclass (0.0.4) method_source (0.9.2) mime-types (3.2.2) mime-types-data (~> 3.2015) mime-types-data (3.2019.0331) - mimemagic (0.3.3) - mini_mime (1.0.0) - mini_portile2 (2.4.0) - minitest (5.11.3) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.16.2) mocha (1.2.1) metaclass (~> 0.0.1) msgpack (1.2.10) @@ -244,9 +249,10 @@ GEM multipart-post (2.0.0) netrc (0.11.0) newrelic_rpm (6.3.0.355) - nio4r (2.3.1) - nokogiri (1.10.3) - mini_portile2 (~> 2.4.0) + nio4r (2.5.8) + nokogiri (1.13.8) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) oj (3.7.12) optimist (3.0.0) os (1.0.1) @@ -264,48 +270,49 @@ GEM pry (~> 0.10) psych (3.1.0) public_suffix (3.1.0) - rack (2.0.7) + racc (1.6.0) + rack (2.2.4) rack-attack (6.0.0) rack (>= 1.0, < 3) - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.0.2) + rack (>= 1.3) rack-utf8_sanitizer (1.6.0) rack (>= 1.0, < 3.0) - rails (5.2.3) - actioncable (= 5.2.3) - actionmailer (= 5.2.3) - actionpack (= 5.2.3) - actionview (= 5.2.3) - activejob (= 5.2.3) - activemodel (= 5.2.3) - activerecord (= 5.2.3) - activestorage (= 5.2.3) - activesupport (= 5.2.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) bundler (>= 1.3.0) - railties (= 5.2.3) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-erd (1.6.0) + rails-erd (1.7.1) activerecord (>= 4.2) activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) + rails-html-sanitizer (1.4.3) + loofah (~> 2.3) rails-i18n (5.1.3) i18n (>= 0.7, < 2) railties (>= 5.0, < 6) - railties (5.2.3) - actionpack (= 5.2.3) - activesupport (= 5.2.3) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) raindrops (0.19.0) - rake (12.3.2) + rake (13.0.6) rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) @@ -321,6 +328,7 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) + rexml (3.2.5) roadie (3.5.0) css_parser (~> 1.4) nokogiri (~> 1.8) @@ -341,7 +349,8 @@ GEM unicode-display_width (>= 1.4.0, < 1.6) rubocop-performance (1.1.0) rubocop (>= 0.67.0) - ruby-graphviz (1.2.4) + ruby-graphviz (1.2.5) + rexml ruby-progressbar (1.10.0) ruby_dep (1.5.0) sass (3.4.24) @@ -359,21 +368,21 @@ GEM faraday (~> 0.9) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) - sprockets (3.7.2) + sprockets (4.1.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) statsd-instrument (2.3.2) - thor (0.20.3) + thor (1.2.1) thread_safe (0.3.6) timers (4.1.2) hitimes to_regexp (0.2.1) toxiproxy (1.0.3) - tzinfo (1.2.5) + tzinfo (1.2.10) thread_safe (~> 0.1) uglifier (3.2.0) execjs (>= 0.3.0, < 3) @@ -386,9 +395,9 @@ GEM raindrops (~> 0.7) validates_formatting_of (0.9.0) activemodel - websocket-driver (0.7.0) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) xml-simple (1.1.5) xpath (3.1.0) nokogiri (~> 1.8) @@ -435,7 +444,7 @@ DEPENDENCIES rack-attack rack-test rack-utf8_sanitizer - rails (~> 5.2.1) + rails (~> 5.2.8, >= 5.2.8.1) rails-erd rails-i18n rbtrace (~> 0.4.8)