fix: Gemfile.lock & Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22017
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
This commit is contained in:
snyk-bot 2018-06-12 06:05:45 +00:00
parent 849a696148
commit ffb3efd0b9
2 changed files with 50 additions and 48 deletions

10
Gemfile
View file

@ -1,12 +1,12 @@
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'activerecord' gem 'activerecord'
gem 'sinatra' gem 'sinatra', '>= 2.0.2'
gem 'sqlite3' gem 'sqlite3'
gem 'sinatra-activerecord' gem 'sinatra-activerecord', '>= 2.0.13'
gem 'sinatra-contrib', require: false gem 'sinatra-contrib', '>= 2.0.2', require: false
gem 'sinatra-flash' gem 'sinatra-flash', '>= 0.3.0'
gem 'validate_url' gem 'validate_url'
gem 'slim' gem 'slim'
@ -20,7 +20,7 @@ gem 'tzinfo-data'
group :development do group :development do
gem 'rspec' gem 'rspec'
gem 'poltergeist' gem 'poltergeist', '>= 1.16.0'
gem 'factory_girl' gem 'factory_girl'
gem 'database_cleaner' gem 'database_cleaner'
gem 'launchy' gem 'launchy'

View file

@ -1,20 +1,20 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
activemodel (5.1.4) activemodel (5.2.0)
activesupport (= 5.1.4) activesupport (= 5.2.0)
activerecord (5.1.4) activerecord (5.2.0)
activemodel (= 5.1.4) activemodel (= 5.2.0)
activesupport (= 5.1.4) activesupport (= 5.2.0)
arel (~> 8.0) arel (>= 9.0)
activesupport (5.1.4) activesupport (5.2.0)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (~> 0.7) i18n (>= 0.7, < 2)
minitest (~> 5.1) minitest (~> 5.1)
tzinfo (~> 1.1) tzinfo (~> 1.1)
addressable (2.5.2) addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0) public_suffix (>= 2.0.2, < 4.0)
arel (8.0.0) arel (9.0.0)
aws-sdk (2.10.53) aws-sdk (2.10.53)
aws-sdk-resources (= 2.10.53) aws-sdk-resources (= 2.10.53)
aws-sdk-core (2.10.53) aws-sdk-core (2.10.53)
@ -23,15 +23,15 @@ GEM
aws-sdk-resources (2.10.53) aws-sdk-resources (2.10.53)
aws-sdk-core (= 2.10.53) aws-sdk-core (= 2.10.53)
aws-sigv4 (1.0.2) aws-sigv4 (1.0.2)
backports (3.8.0) backports (3.11.3)
bigdecimal (1.3.2) bigdecimal (1.3.2)
capybara (2.15.1) capybara (3.2.1)
addressable addressable
mini_mime (>= 0.1.3) mini_mime (>= 0.1.3)
nokogiri (>= 1.3.3) nokogiri (~> 1.8)
rack (>= 1.0.0) rack (>= 1.6.0)
rack-test (>= 0.5.4) rack-test (>= 0.6.3)
xpath (~> 2.0) xpath (~> 3.1)
cliver (0.3.2) cliver (0.3.2)
coderay (1.1.2) coderay (1.1.2)
concurrent-ruby (1.0.5) concurrent-ruby (1.0.5)
@ -41,7 +41,8 @@ GEM
factory_girl (4.8.0) factory_girl (4.8.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
ffi (1.9.18) ffi (1.9.18)
i18n (0.8.6) i18n (1.0.1)
concurrent-ruby (~> 1.0)
jmespath (1.3.1) jmespath (1.3.1)
launchy (2.4.3) launchy (2.4.3)
addressable (~> 2.3) addressable (~> 2.3)
@ -50,25 +51,25 @@ GEM
rb-inotify (~> 0.9, >= 0.9.7) rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2) ruby_dep (~> 1.2)
method_source (0.9.0) method_source (0.9.0)
mini_mime (0.1.4) mini_mime (1.0.0)
mini_portile2 (2.3.0) mini_portile2 (2.3.0)
minitest (5.10.3) minitest (5.11.3)
multi_json (1.12.2) multi_json (1.13.1)
mustermann (1.0.1) mustermann (1.0.2)
nokogiri (1.8.1) nokogiri (1.8.2)
mini_portile2 (~> 2.3.0) mini_portile2 (~> 2.3.0)
poltergeist (1.16.0) poltergeist (1.18.1)
capybara (~> 2.1) capybara (>= 2.1, < 4)
cliver (~> 0.3.1) cliver (~> 0.3.1)
websocket-driver (>= 0.2.0) websocket-driver (>= 0.2.0)
pry (0.11.1) pry (0.11.1)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.9.0) method_source (~> 0.9.0)
public_suffix (3.0.0) public_suffix (3.0.2)
rack (2.0.3) rack (2.0.5)
rack-protection (2.0.0) rack-protection (2.0.3)
rack rack
rack-test (0.7.0) rack-test (1.0.0)
rack (>= 1.0, < 3) rack (>= 1.0, < 3)
rake (12.1.0) rake (12.1.0)
rb-fsevent (0.10.2) rb-fsevent (0.10.2)
@ -90,20 +91,21 @@ GEM
rspec-support (~> 3.6.0) rspec-support (~> 3.6.0)
rspec-support (3.6.0) rspec-support (3.6.0)
ruby_dep (1.5.0) ruby_dep (1.5.0)
sinatra (2.0.0) sinatra (2.0.3)
mustermann (~> 1.0) mustermann (~> 1.0)
rack (~> 2.0) rack (~> 2.0)
rack-protection (= 2.0.0) rack-protection (= 2.0.3)
tilt (~> 2.0) tilt (~> 2.0)
sinatra-activerecord (2.0.13) sinatra-activerecord (2.0.13)
activerecord (>= 3.2) activerecord (>= 3.2)
sinatra (>= 1.0) sinatra (>= 1.0)
sinatra-contrib (2.0.0) sinatra-contrib (2.0.3)
backports (>= 2.0) activesupport (>= 4.0.0)
backports (>= 2.8.2)
multi_json multi_json
mustermann (~> 1.0) mustermann (~> 1.0)
rack-protection (= 2.0.0) rack-protection (= 2.0.3)
sinatra (= 2.0.0) sinatra (= 2.0.3)
tilt (>= 1.3, < 3) tilt (>= 1.3, < 3)
sinatra-flash (0.3.0) sinatra-flash (0.3.0)
sinatra (>= 1.0.0) sinatra (>= 1.0.0)
@ -114,7 +116,7 @@ GEM
temple (0.8.0) temple (0.8.0)
thread_safe (0.3.6) thread_safe (0.3.6)
tilt (2.0.8) tilt (2.0.8)
tzinfo (1.2.3) tzinfo (1.2.5)
thread_safe (~> 0.1) thread_safe (~> 0.1)
tzinfo-data (1.2017.2) tzinfo-data (1.2017.2)
tzinfo (>= 1.0.0) tzinfo (>= 1.0.0)
@ -123,9 +125,9 @@ GEM
addressable addressable
websocket-driver (0.7.0) websocket-driver (0.7.0)
websocket-extensions (>= 0.1.0) websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.2) websocket-extensions (0.1.3)
xpath (2.1.0) xpath (3.1.0)
nokogiri (~> 1.3) nokogiri (~> 1.8)
PLATFORMS PLATFORMS
ruby ruby
@ -138,19 +140,19 @@ DEPENDENCIES
dotenv dotenv
factory_girl factory_girl
launchy launchy
poltergeist poltergeist (>= 1.16.0)
pry pry
rake rake
rerun rerun
rspec rspec
sinatra sinatra (>= 2.0.2)
sinatra-activerecord sinatra-activerecord (>= 2.0.13)
sinatra-contrib sinatra-contrib (>= 2.0.2)
sinatra-flash sinatra-flash (>= 0.3.0)
slim slim
sqlite3 sqlite3
tzinfo-data tzinfo-data
validate_url validate_url
BUNDLED WITH BUNDLED WITH
1.15.3 1.16.1