From 4ed647e09c7b74072718b048037eddc74f1420bd Mon Sep 17 00:00:00 2001 From: Pat Holland Date: Tue, 9 Oct 2018 16:03:23 -0700 Subject: [PATCH 1/2] fix potential security vulnerabilities in dependencies --- Gemfile.lock | 215 ++++++++++++++++++++++++++------------------------- 1 file changed, 108 insertions(+), 107 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 004ba24..2676917 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,67 +1,69 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.0.1) - actionpack (= 5.0.1) - nio4r (~> 1.2) + actioncable (5.0.7) + actionpack (= 5.0.7) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) + actionmailer (5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.1) - actionview (= 5.0.1) - activesupport (= 5.0.1) + actionpack (5.0.7) + actionview (= 5.0.7) + activesupport (= 5.0.7) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.1) - activesupport (= 5.0.1) + actionview (5.0.7) + activesupport (= 5.0.7) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.1) - activesupport (= 5.0.1) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7) + activesupport (= 5.0.7) globalid (>= 0.3.6) - activemodel (5.0.1) - activesupport (= 5.0.1) - activerecord (5.0.1) - activemodel (= 5.0.1) - activesupport (= 5.0.1) + activemodel (5.0.7) + activesupport (= 5.0.7) + activerecord (5.0.7) + activemodel (= 5.0.7) + activesupport (= 5.0.7) arel (~> 7.0) - activesupport (5.0.1) + activesupport (5.0.7) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.0) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) arel (7.1.4) + bindex (0.5.0) builder (3.2.3) - concurrent-ruby (1.0.4) - debug_inspector (0.0.2) + concurrent-ruby (1.0.5) + crass (1.0.4) diff-lcs (1.3) - dotenv (2.2.0) - dotenv-rails (2.2.0) - dotenv (= 2.2.0) - railties (>= 3.2, < 5.1) + dotenv (2.5.0) + dotenv-rails (2.5.0) + dotenv (= 2.5.0) + railties (>= 3.2, < 6.0) erubis (2.7.0) execjs (2.7.0) - faraday (0.10.1) + faraday (0.12.2) multipart-post (>= 1.2, < 3) - ffi (1.9.17) - globalid (0.3.7) - activesupport (>= 4.1.0) - hashie (3.5.3) - i18n (0.8.0) - jbuilder (2.6.1) - activesupport (>= 3.0.0, < 5.1) - multi_json (~> 1.2) - jquery-rails (4.2.2) + ffi (1.9.25) + globalid (0.4.1) + activesupport (>= 4.2.0) + hashie (3.5.7) + i18n (1.1.0) + concurrent-ruby (~> 1.0) + jbuilder (2.7.0) + activesupport (>= 4.2.0) + multi_json (>= 1.2) + jquery-rails (4.3.3) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -69,29 +71,28 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.0.3) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) - multi_json (1.12.1) + mail (2.7.0) + mini_mime (>= 0.1.1) + method_source (0.9.0) + mini_mime (1.0.1) + mini_portile2 (2.3.0) + minitest (5.11.3) + multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (1.2.1) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) - oauth2 (1.3.0) - faraday (>= 0.8, < 0.11) + nio4r (2.3.1) + nokogiri (1.8.5) + mini_portile2 (~> 2.3.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) + omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) omniauth-google-oauth2 (0.2.10) @@ -103,84 +104,84 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - pg (0.19.0) - public_suffix (2.0.5) - puma (3.7.0) - rack (2.0.1) + pg (0.21.0) + public_suffix (3.0.3) + puma (3.12.0) + rack (2.0.5) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.1) - actioncable (= 5.0.1) - actionmailer (= 5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) - activemodel (= 5.0.1) - activerecord (= 5.0.1) - activesupport (= 5.0.1) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.1) + rails (5.0.7) + actioncable (= 5.0.7) + actionmailer (= 5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) + activemodel (= 5.0.7) + activerecord (= 5.0.7) + activesupport (= 5.0.7) + bundler (>= 1.3.0) + railties (= 5.0.7) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.1) - actionpack (= 5.0.1) - activesupport (= 5.0.1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (5.0.7) + actionpack (= 5.0.7) + activesupport (= 5.0.7) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) - rb-fsevent (0.9.8) - rb-inotify (0.9.8) - ffi (>= 0.5.0) - rspec-core (3.5.4) - rspec-support (~> 3.5.0) - rspec-expectations (3.5.0) + rake (12.3.1) + rb-fsevent (0.10.3) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-mocks (3.5.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-rails (3.5.2) + rspec-support (~> 3.8.0) + rspec-rails (3.8.0) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec-core (~> 3.5.0) - rspec-expectations (~> 3.5.0) - rspec-mocks (~> 3.5.0) - rspec-support (~> 3.5.0) - rspec-support (3.5.0) - shoulda-matchers (3.1.1) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.0) + shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - spring (2.0.1) + spring (2.0.2) activesupport (>= 4.2) spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - thor (0.19.4) - thread_safe (0.3.5) - tzinfo (1.2.2) + thor (0.20.0) + thread_safe (0.3.6) + tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (3.0.4) + uglifier (4.1.19) execjs (>= 0.3.0, < 3) - web-console (3.4.0) + web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) PLATFORMS ruby @@ -203,4 +204,4 @@ DEPENDENCIES web-console (>= 3.3.0) BUNDLED WITH - 1.14.2 + 1.16.1 From 7939595b4bb27bae752e706d63a2606b6e606347 Mon Sep 17 00:00:00 2001 From: Pat Holland Date: Tue, 9 Oct 2018 16:03:23 -0700 Subject: [PATCH 2/2] fix potential security vulnerabilities in dependencies --- Gemfile.lock | 215 ++++++++++++++++++++++++++------------------------- 1 file changed, 108 insertions(+), 107 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 004ba24..2676917 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,67 +1,69 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.0.1) - actionpack (= 5.0.1) - nio4r (~> 1.2) + actioncable (5.0.7) + actionpack (= 5.0.7) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) + actionmailer (5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.1) - actionview (= 5.0.1) - activesupport (= 5.0.1) + actionpack (5.0.7) + actionview (= 5.0.7) + activesupport (= 5.0.7) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.1) - activesupport (= 5.0.1) + actionview (5.0.7) + activesupport (= 5.0.7) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.1) - activesupport (= 5.0.1) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7) + activesupport (= 5.0.7) globalid (>= 0.3.6) - activemodel (5.0.1) - activesupport (= 5.0.1) - activerecord (5.0.1) - activemodel (= 5.0.1) - activesupport (= 5.0.1) + activemodel (5.0.7) + activesupport (= 5.0.7) + activerecord (5.0.7) + activemodel (= 5.0.7) + activesupport (= 5.0.7) arel (~> 7.0) - activesupport (5.0.1) + activesupport (5.0.7) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.0) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) arel (7.1.4) + bindex (0.5.0) builder (3.2.3) - concurrent-ruby (1.0.4) - debug_inspector (0.0.2) + concurrent-ruby (1.0.5) + crass (1.0.4) diff-lcs (1.3) - dotenv (2.2.0) - dotenv-rails (2.2.0) - dotenv (= 2.2.0) - railties (>= 3.2, < 5.1) + dotenv (2.5.0) + dotenv-rails (2.5.0) + dotenv (= 2.5.0) + railties (>= 3.2, < 6.0) erubis (2.7.0) execjs (2.7.0) - faraday (0.10.1) + faraday (0.12.2) multipart-post (>= 1.2, < 3) - ffi (1.9.17) - globalid (0.3.7) - activesupport (>= 4.1.0) - hashie (3.5.3) - i18n (0.8.0) - jbuilder (2.6.1) - activesupport (>= 3.0.0, < 5.1) - multi_json (~> 1.2) - jquery-rails (4.2.2) + ffi (1.9.25) + globalid (0.4.1) + activesupport (>= 4.2.0) + hashie (3.5.7) + i18n (1.1.0) + concurrent-ruby (~> 1.0) + jbuilder (2.7.0) + activesupport (>= 4.2.0) + multi_json (>= 1.2) + jquery-rails (4.3.3) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -69,29 +71,28 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.0.3) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) - multi_json (1.12.1) + mail (2.7.0) + mini_mime (>= 0.1.1) + method_source (0.9.0) + mini_mime (1.0.1) + mini_portile2 (2.3.0) + minitest (5.11.3) + multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (1.2.1) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) - oauth2 (1.3.0) - faraday (>= 0.8, < 0.11) + nio4r (2.3.1) + nokogiri (1.8.5) + mini_portile2 (~> 2.3.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) + omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) omniauth-google-oauth2 (0.2.10) @@ -103,84 +104,84 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - pg (0.19.0) - public_suffix (2.0.5) - puma (3.7.0) - rack (2.0.1) + pg (0.21.0) + public_suffix (3.0.3) + puma (3.12.0) + rack (2.0.5) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.1) - actioncable (= 5.0.1) - actionmailer (= 5.0.1) - actionpack (= 5.0.1) - actionview (= 5.0.1) - activejob (= 5.0.1) - activemodel (= 5.0.1) - activerecord (= 5.0.1) - activesupport (= 5.0.1) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.1) + rails (5.0.7) + actioncable (= 5.0.7) + actionmailer (= 5.0.7) + actionpack (= 5.0.7) + actionview (= 5.0.7) + activejob (= 5.0.7) + activemodel (= 5.0.7) + activerecord (= 5.0.7) + activesupport (= 5.0.7) + bundler (>= 1.3.0) + railties (= 5.0.7) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.1) - actionpack (= 5.0.1) - activesupport (= 5.0.1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (5.0.7) + actionpack (= 5.0.7) + activesupport (= 5.0.7) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) - rb-fsevent (0.9.8) - rb-inotify (0.9.8) - ffi (>= 0.5.0) - rspec-core (3.5.4) - rspec-support (~> 3.5.0) - rspec-expectations (3.5.0) + rake (12.3.1) + rb-fsevent (0.10.3) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-mocks (3.5.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-rails (3.5.2) + rspec-support (~> 3.8.0) + rspec-rails (3.8.0) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec-core (~> 3.5.0) - rspec-expectations (~> 3.5.0) - rspec-mocks (~> 3.5.0) - rspec-support (~> 3.5.0) - rspec-support (3.5.0) - shoulda-matchers (3.1.1) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.0) + shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - spring (2.0.1) + spring (2.0.2) activesupport (>= 4.2) spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - thor (0.19.4) - thread_safe (0.3.5) - tzinfo (1.2.2) + thor (0.20.0) + thread_safe (0.3.6) + tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (3.0.4) + uglifier (4.1.19) execjs (>= 0.3.0, < 3) - web-console (3.4.0) + web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0) - debug_inspector + bindex (>= 0.4.0) railties (>= 5.0) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) PLATFORMS ruby @@ -203,4 +204,4 @@ DEPENDENCIES web-console (>= 3.3.0) BUNDLED WITH - 1.14.2 + 1.16.1