From ffb3efd0b998caa2b68f5fa0487057aa82cd1143 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 12 Jun 2018 06:05:45 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014 - https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019 - https://snyk.io/vuln/SNYK-RUBY-SINATRA-22017 - https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027 --- Gemfile | 10 +++--- Gemfile.lock | 88 +++++++++++++++++++++++++++------------------------- 2 files changed, 50 insertions(+), 48 deletions(-) diff --git a/Gemfile b/Gemfile index d423050..19389e9 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,12 @@ source 'https://rubygems.org' gem 'activerecord' -gem 'sinatra' +gem 'sinatra', '>= 2.0.2' gem 'sqlite3' -gem 'sinatra-activerecord' -gem 'sinatra-contrib', require: false -gem 'sinatra-flash' +gem 'sinatra-activerecord', '>= 2.0.13' +gem 'sinatra-contrib', '>= 2.0.2', require: false +gem 'sinatra-flash', '>= 0.3.0' gem 'validate_url' gem 'slim' @@ -20,7 +20,7 @@ gem 'tzinfo-data' group :development do gem 'rspec' - gem 'poltergeist' + gem 'poltergeist', '>= 1.16.0' gem 'factory_girl' gem 'database_cleaner' gem 'launchy' diff --git a/Gemfile.lock b/Gemfile.lock index 4e535d1..65d21bb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,20 +1,20 @@ GEM remote: https://rubygems.org/ specs: - activemodel (5.1.4) - activesupport (= 5.1.4) - activerecord (5.1.4) - activemodel (= 5.1.4) - activesupport (= 5.1.4) - arel (~> 8.0) - activesupport (5.1.4) + activemodel (5.2.0) + activesupport (= 5.2.0) + activerecord (5.2.0) + activemodel (= 5.2.0) + activesupport (= 5.2.0) + arel (>= 9.0) + activesupport (5.2.0) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - arel (8.0.0) + arel (9.0.0) aws-sdk (2.10.53) aws-sdk-resources (= 2.10.53) aws-sdk-core (2.10.53) @@ -23,15 +23,15 @@ GEM aws-sdk-resources (2.10.53) aws-sdk-core (= 2.10.53) aws-sigv4 (1.0.2) - backports (3.8.0) + backports (3.11.3) bigdecimal (1.3.2) - capybara (2.15.1) + capybara (3.2.1) addressable mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (~> 2.0) + nokogiri (~> 1.8) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + xpath (~> 3.1) cliver (0.3.2) coderay (1.1.2) concurrent-ruby (1.0.5) @@ -41,7 +41,8 @@ GEM factory_girl (4.8.0) activesupport (>= 3.0.0) ffi (1.9.18) - i18n (0.8.6) + i18n (1.0.1) + concurrent-ruby (~> 1.0) jmespath (1.3.1) launchy (2.4.3) addressable (~> 2.3) @@ -50,25 +51,25 @@ GEM rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) method_source (0.9.0) - mini_mime (0.1.4) + mini_mime (1.0.0) mini_portile2 (2.3.0) - minitest (5.10.3) - multi_json (1.12.2) - mustermann (1.0.1) - nokogiri (1.8.1) + minitest (5.11.3) + multi_json (1.13.1) + mustermann (1.0.2) + nokogiri (1.8.2) mini_portile2 (~> 2.3.0) - poltergeist (1.16.0) - capybara (~> 2.1) + poltergeist (1.18.1) + capybara (>= 2.1, < 4) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) pry (0.11.1) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.0.0) - rack (2.0.3) - rack-protection (2.0.0) + public_suffix (3.0.2) + rack (2.0.5) + rack-protection (2.0.3) rack - rack-test (0.7.0) + rack-test (1.0.0) rack (>= 1.0, < 3) rake (12.1.0) rb-fsevent (0.10.2) @@ -90,20 +91,21 @@ GEM rspec-support (~> 3.6.0) rspec-support (3.6.0) ruby_dep (1.5.0) - sinatra (2.0.0) + sinatra (2.0.3) mustermann (~> 1.0) rack (~> 2.0) - rack-protection (= 2.0.0) + rack-protection (= 2.0.3) tilt (~> 2.0) sinatra-activerecord (2.0.13) activerecord (>= 3.2) sinatra (>= 1.0) - sinatra-contrib (2.0.0) - backports (>= 2.0) + sinatra-contrib (2.0.3) + activesupport (>= 4.0.0) + backports (>= 2.8.2) multi_json mustermann (~> 1.0) - rack-protection (= 2.0.0) - sinatra (= 2.0.0) + rack-protection (= 2.0.3) + sinatra (= 2.0.3) tilt (>= 1.3, < 3) sinatra-flash (0.3.0) sinatra (>= 1.0.0) @@ -114,7 +116,7 @@ GEM temple (0.8.0) thread_safe (0.3.6) tilt (2.0.8) - tzinfo (1.2.3) + tzinfo (1.2.5) thread_safe (~> 0.1) tzinfo-data (1.2017.2) tzinfo (>= 1.0.0) @@ -123,9 +125,9 @@ GEM addressable websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) - xpath (2.1.0) - nokogiri (~> 1.3) + websocket-extensions (0.1.3) + xpath (3.1.0) + nokogiri (~> 1.8) PLATFORMS ruby @@ -138,19 +140,19 @@ DEPENDENCIES dotenv factory_girl launchy - poltergeist + poltergeist (>= 1.16.0) pry rake rerun rspec - sinatra - sinatra-activerecord - sinatra-contrib - sinatra-flash + sinatra (>= 2.0.2) + sinatra-activerecord (>= 2.0.13) + sinatra-contrib (>= 2.0.2) + sinatra-flash (>= 0.3.0) slim sqlite3 tzinfo-data validate_url BUNDLED WITH - 1.15.3 + 1.16.1