From 95733f5256b15eb28beb4588c7213ca2bb83630b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 Jun 2018 07:39:10 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 --- Gemfile | 8 ++-- Gemfile.lock | 127 +++++++++++++++++++++++---------------------------- 2 files changed, 60 insertions(+), 75 deletions(-) diff --git a/Gemfile b/Gemfile index eea60e8..7ea9268 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '3.2.22.1' +gem 'rails', '4.0.0' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' @@ -10,8 +10,8 @@ gem 'rails', '3.2.22.1' # Gems used only for assets and not required # in production environments by default. group :assets do - gem 'sass-rails', '~> 3.2.6' - gem 'coffee-rails', '~> 3.2.2' + gem 'sass-rails', '~> 4.0.0' + gem 'coffee-rails', '~> 4.0.0' # See https://github.com/sstephenson/execjs#readme for more supported runtimes # gem 'therubyracer', :platforms => :ruby @@ -19,7 +19,7 @@ group :assets do gem 'uglifier', '>= 1.0.3' end -gem 'jquery-rails', '>= 2.2.0' +gem 'jquery-rails', '>= 3.1.5' # To use ActiveModel has_secure_password # gem 'bcrypt-ruby', '~> 3.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index ba83918..f2e2490 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,38 +1,35 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.22.1) - actionpack (= 3.2.22.1) - mail (~> 2.5.4) - actionpack (3.2.22.1) - activemodel (= 3.2.22.1) - activesupport (= 3.2.22.1) - builder (~> 3.0.0) + actionmailer (4.0.0) + actionpack (= 4.0.0) + mail (~> 2.5.3) + actionpack (4.0.0) + activesupport (= 4.0.0) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.22.1) - activesupport (= 3.2.22.1) - builder (~> 3.0.0) - activerecord (3.2.22.1) - activemodel (= 3.2.22.1) - activesupport (= 3.2.22.1) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.22.1) - activemodel (= 3.2.22.1) - activesupport (= 3.2.22.1) - activesupport (3.2.22.1) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0) + activesupport (= 4.0.0) + builder (~> 3.1.0) + activerecord (4.0.0) + activemodel (= 4.0.0) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.0) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.4) + activesupport (4.0.0) i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - arel (3.0.3) - builder (3.0.4) - coffee-rails (3.2.2) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + arel (4.0.2) + builder (3.1.4) + coffee-rails (4.0.1) coffee-script (>= 2.2.0) - railties (~> 3.2.0) + railties (>= 4.0.0, < 5.0) coffee-script (2.4.1) coffee-script-source execjs @@ -40,69 +37,57 @@ GEM concurrent-ruby (1.0.5) erubis (2.7.0) execjs (2.7.0) - ffi (1.9.25) - ffi (1.9.25-x86-mingw32) hike (1.2.3) i18n (0.9.5) concurrent-ruby (~> 1.0) - journey (1.0.4) jquery-rails (3.1.5) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) - json (1.8.6) mail (2.5.5) mime-types (~> 1.16) treetop (~> 1.4.8) mime-types (1.25.1) + minitest (4.7.5) multi_json (1.13.1) pg (1.0.0) pg (1.0.0-x86-mingw32) polyglot (0.3.5) - rack (1.4.7) - rack-cache (1.8.0) - rack (>= 0.4) - rack-ssl (1.3.4) - rack + rack (1.5.5) rack-test (0.6.3) rack (>= 1.0) - rails (3.2.22.1) - actionmailer (= 3.2.22.1) - actionpack (= 3.2.22.1) - activerecord (= 3.2.22.1) - activeresource (= 3.2.22.1) - activesupport (= 3.2.22.1) - bundler (~> 1.0) - railties (= 3.2.22.1) - railties (3.2.22.1) - actionpack (= 3.2.22.1) - activesupport (= 3.2.22.1) - rack-ssl (~> 1.3.2) + rails (4.0.0) + actionmailer (= 4.0.0) + actionpack (= 4.0.0) + activerecord (= 4.0.0) + activesupport (= 4.0.0) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0) + sprockets-rails (~> 2.0.0) + railties (4.0.0) + actionpack (= 4.0.0) + activesupport (= 4.0.0) rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) + thor (>= 0.18.1, < 2.0) rake (12.3.1) - rb-fsevent (0.10.3) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rdoc (3.12.2) - json (~> 1.4) - sass (3.5.6) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (3.2.6) - railties (~> 3.2.0) - sass (>= 3.1.10) - tilt (~> 1.3) - sprockets (2.2.3) + sass (3.2.19) + sass-rails (4.0.5) + railties (>= 4.0.0, < 5.0) + sass (~> 3.2.2) + sprockets (~> 2.8, < 3.0) + sprockets-rails (~> 2.0) + sprockets (2.12.5) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) sqlite3 (1.3.7) sqlite3 (1.3.7-x86-mingw32) thor (0.20.0) + thread_safe (0.3.6) tilt (1.4.1) treetop (1.4.15) polyglot @@ -117,11 +102,11 @@ PLATFORMS x86-mingw32 DEPENDENCIES - coffee-rails (~> 3.2.2) - jquery-rails (>= 2.2.0) + coffee-rails (~> 4.0.0) + jquery-rails (>= 3.1.5) pg - rails (= 3.2.22.1) - sass-rails (~> 3.2.6) + rails (= 4.0.0) + sass-rails (~> 4.0.0) sqlite3 uglifier (>= 1.0.3)