From 08434c475a3b1ae96e4e19a8097e8b4c20c097bf Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 30 Sep 2018 03:50:10 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RUBYZIP-22039 --- Gemfile | 2 +- Gemfile.lock | 368 ++------------------------------------------------- 2 files changed, 10 insertions(+), 360 deletions(-) diff --git a/Gemfile b/Gemfile index 66c89bcd..447b2f1a 100644 --- a/Gemfile +++ b/Gemfile @@ -110,7 +110,7 @@ group :development, :test do #Rspec for testing instead of test::unit gem 'rspec-rails' - gem 'heroku' + gem 'heroku', '>= 3.99.4' gem 'taps' gem 'sqlite3' end diff --git a/Gemfile.lock b/Gemfile.lock index 7348ef72..09904e9d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -37,7 +37,8 @@ GEM multi_json (~> 1.0) acts-as-taggable-on (2.2.2) rails (~> 3.0) - addressable (2.2.8) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) airbrake (3.0.9) activesupport builder @@ -49,21 +50,21 @@ GEM sass (>= 3.1) builder (3.0.4) cancan (1.6.7) - capybara (1.1.2) + capybara (1.1.4) mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) selenium-webdriver (~> 2.0) xpath (~> 0.1.4) - capybara-webkit (0.12.0) + capybara-webkit (0.12.1) capybara (>= 1.0.0, < 1.2) json carrierwave (0.6.2) activemodel (>= 3.2.0) activesupport (>= 3.2.0) - childprocess (0.3.2) - ffi (~> 1.0.6) + childprocess (0.9.0) + ffi (~> 1.0, >= 1.0.11) chronic (0.6.7) coderay (1.0.5) coffee-rails (3.2.2) @@ -74,360 +75,9 @@ GEM execjs coffee-script-source (1.4.0) crack (0.3.1) - cucumber (1.2.0) + cucumber (1.2.1) builder (>= 2.1.2) diff-lcs (>= 1.1.3) - gherkin (~> 2.10.0) + gherkin (~> 2.11.0) json (>= 1.4.6) - cucumber-rails (1.3.0) - capybara (>= 1.1.2) - cucumber (>= 1.1.8) - nokogiri (>= 1.5.0) - database_cleaner (0.7.1) - devise (2.1.0) - bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.0.7) - railties (~> 3.1) - warden (~> 1.1.1) - diff-lcs (1.1.3) - draper (0.14.0) - actionpack (~> 3.2) - activesupport (~> 3.2) - em-websocket (0.3.6) - addressable (>= 2.1.1) - eventmachine (>= 0.12.9) - email_spec (1.2.1) - mail (~> 2.2) - rspec (~> 2.0) - errship (2.2.0) - erubis (2.7.0) - escape (0.0.4) - eventmachine (0.12.10) - excon (0.13.4) - execjs (1.4.0) - multi_json (~> 1.0) - factory_girl (3.3.0) - activesupport (>= 3.0.0) - factory_girl_rails (3.3.0) - factory_girl (~> 3.3.0) - railties (>= 3.0.0) - faraday (0.8.0) - multipart-post (~> 1.1) - faraday_middleware (0.8.4) - faraday (>= 0.7.4, < 0.9) - ffi (1.0.11) - fog (1.3.1) - builder - excon (~> 0.13.0) - formatador (~> 0.2.0) - mime-types - multi_json (~> 1.0) - net-scp (~> 1.0.4) - net-ssh (>= 2.1.3) - nokogiri (~> 1.5.0) - ruby-hmac - font-awesome-sass-rails (3.0.0.1) - railties (>= 3.1.1) - sass-rails (>= 3.1.1) - formatador (0.2.3) - geocoder (1.1.1) - gherkin (2.10.0) - json (>= 1.4.6) - guard (1.0.3) - ffi (>= 0.5.0) - thor (>= 0.14.6) - guard-bundler (0.1.3) - bundler (>= 1.0.0) - guard (>= 0.2.2) - guard-cucumber (0.8.0) - cucumber (>= 1.2.0) - guard (>= 0.8.3) - guard-livereload (0.4.0) - em-websocket (>= 0.2.0) - guard (>= 0.10.0) - multi_json (~> 1.0.3) - guard-pow (0.2.1) - guard (>= 0.3.0) - guard-rspec (0.7.0) - guard (>= 0.10.0) - guard-spork (0.8.0) - guard (>= 0.10.0) - spork (>= 0.8.4) - haml (3.1.7) - haml-rails (0.3.4) - actionpack (~> 3.0) - activesupport (~> 3.0) - haml (~> 3.0) - railties (~> 3.0) - hashie (1.2.0) - heroku (2.26.3) - heroku-api (~> 0.2.1) - launchy (>= 0.3.2) - netrc (~> 0.7.2) - rest-client (~> 1.6.1) - rubyzip - heroku-api (0.2.1) - excon (~> 0.13.3) - high_voltage (1.1.1) - hike (1.2.1) - i18n (0.6.1) - journey (1.0.4) - jquery-rails (2.2.0) - railties (>= 3.0, < 5.0) - thor (>= 0.14, < 2.0) - jquery-ui-rails (3.0.1) - jquery-rails - railties (>= 3.1.0) - jruby-pageant (1.0.2) - json (1.7.6) - kaminari (0.14.1) - actionpack (>= 3.0.0) - activesupport (>= 3.0.0) - kgio (2.7.2) - km (1.1.2) - launchy (2.1.0) - addressable (~> 2.2.6) - libwebsocket (0.1.3) - addressable - mail (2.4.4) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - method_source (0.7.0) - mime-types (1.20.1) - multi_json (1.0.4) - multipart-post (1.1.5) - nested_form (0.3.1) - net-scp (1.0.4) - net-ssh (>= 1.99.1) - net-ssh (2.4.0) - jruby-pageant (>= 1.0.2) - netrc (0.7.5) - nokogiri (1.5.2) - oauth2 (0.5.2) - faraday (~> 0.7) - multi_json (~> 1.0) - omniauth (1.0.2) - hashie (~> 1.2) - rack - omniauth-github (1.0.1) - omniauth (~> 1.0) - omniauth-oauth2 (~> 1.0) - omniauth-oauth2 (1.0.0) - oauth2 (~> 0.5.0) - omniauth (~> 1.0) - orm_adapter (0.0.7) - pg (0.12.2) - polyglot (0.3.3) - pr_geohash (1.0.0) - pry (0.9.8.1) - coderay (~> 1.0.5) - method_source (~> 0.7) - slop (>= 2.4.3, < 3) - pry-remote (0.1.0) - pry (~> 0.9.6) - slop (~> 2.1) - psych (1.3.4) - rack (1.4.4) - rack-cache (1.2) - rack (>= 0.4) - rack-pjax (0.7.0) - nokogiri (~> 1.5) - rack (~> 1.3) - rack-ssl (1.3.3) - rack - rack-test (0.6.2) - rack (>= 1.0) - rails (3.2.11) - actionmailer (= 3.2.11) - actionpack (= 3.2.11) - activerecord (= 3.2.11) - activeresource (= 3.2.11) - activesupport (= 3.2.11) - bundler (~> 1.0) - railties (= 3.2.11) - rails_admin (0.4.4) - bootstrap-sass (~> 2.2) - builder (~> 3.0) - coffee-rails (~> 3.1) - font-awesome-sass-rails (~> 3.0, >= 3.0.0.1) - haml (~> 3.1) - jquery-rails (~> 2.1) - jquery-ui-rails (~> 3.0) - kaminari (~> 0.14) - nested_form (~> 0.3) - rack-pjax (~> 0.6) - rails (~> 3.1) - remotipart (~> 1.0) - safe_yaml (~> 0.6) - sass-rails (~> 3.1) - rails_autolink (1.0.5) - rails (~> 3.1) - railties (3.2.11) - actionpack (= 3.2.11) - activesupport (= 3.2.11) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - raindrops (0.8.0) - rake (10.0.3) - rb-fsevent (0.9.0) - rdoc (3.12.1) - json (~> 1.4) - remotipart (1.0.2) - rest-client (1.6.7) - mime-types (>= 1.16) - rmagick (2.13.1) - rsolr (1.0.7) - builder (>= 2.1.2) - rspec (2.10.0) - rspec-core (~> 2.10.0) - rspec-expectations (~> 2.10.0) - rspec-mocks (~> 2.10.0) - rspec-core (2.10.1) - rspec-expectations (2.10.0) - diff-lcs (~> 1.1.3) - rspec-mocks (2.10.1) - rspec-rails (2.10.1) - actionpack (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec (~> 2.10.0) - ruby-hmac (0.4.0) - rubyzip (0.9.8) - safe_yaml (0.6.3) - sass (3.2.5) - sass-rails (3.2.6) - railties (~> 3.2.0) - sass (>= 3.1.10) - tilt (~> 1.3) - selenium-webdriver (2.21.2) - childprocess (>= 0.2.5) - ffi (~> 1.0) - libwebsocket (~> 0.1.3) - multi_json (~> 1.0) - rubyzip - sequel (3.20.0) - simple_form (2.0.0.rc) - actionpack (~> 3.0) - activemodel (~> 3.0) - simplecov (0.5.4) - multi_json (~> 1.0.3) - simplecov-html (~> 0.5.3) - simplecov-html (0.5.3) - sinatra (1.0) - rack (>= 1.0) - slop (2.4.4) - spork (0.9.2) - sprockets (2.2.2) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - stamp (0.1.6) - state_machine (1.1.2) - sunspot (1.3.0) - escape (~> 0.0.4) - pr_geohash (~> 1.0) - rsolr (~> 1.0.6) - sunspot_rails (1.3.0) - nokogiri - sunspot (= 1.3.0) - sunspot_solr (1.3.0) - escape (~> 0.0.4) - sunspot_test (0.4.0) - sunspot_rails (>= 1.2.1) - taps (0.3.24) - rack (>= 1.0.1) - rest-client (>= 1.4.0, < 1.7.0) - sequel (~> 3.20.0) - sinatra (~> 1.0.0) - thor (0.17.0) - tilt (1.3.3) - treetop (1.4.12) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.35) - uglifier (1.2.3) - execjs (>= 0.3.0) - multi_json (>= 1.0.2) - unicorn (4.2.0) - kgio (~> 2.6) - rack - raindrops (~> 0.7) - vcr (2.1.1) - warden (1.1.1) - rack (>= 1.0) - webmock (1.8.7) - addressable (>= 2.2.7) - crack (>= 0.1.7) - xpath (0.1.4) - nokogiri (~> 1.3) - -PLATFORMS - ruby - -DEPENDENCIES - acts-as-taggable-on (~> 2.2.2) - airbrake - bourbon - cancan (~> 1.6.7) - capybara-webkit (~> 0.12.0) - carrierwave (~> 0.6.2) - chronic (~> 0.6.7) - coffee-rails (~> 3.2.2) - cucumber-rails (~> 1.3.0) - database_cleaner (~> 0.7.1) - devise (~> 2.1.0) - draper (~> 0.14.0) - email_spec (~> 1.2.1) - errship (~> 2.2.0) - factory_girl_rails (~> 3.3.0) - faraday (~> 0.8.0) - faraday_middleware (~> 0.8.4) - fog (~> 1.3.1) - geocoder (~> 1.1.1) - guard (~> 1.0.0) - guard-bundler (~> 0.1.3) - guard-cucumber (~> 0.8.0) - guard-livereload (~> 0.4.0) - guard-pow (~> 0.2.1) - guard-rspec (~> 0.7.0) - guard-spork (~> 0.8.0) - haml-rails (~> 0.3.4) - hashie (~> 1.2.0) - heroku - high_voltage - jquery-rails (~> 2.2.0) - kaminari (~> 0.14.1) - km - launchy (~> 2.1.0) - omniauth-github (~> 1.0.1) - pg - pry (~> 0.9.8) - pry-remote (~> 0.1.0) - psych - rails (~> 3.2.11) - rails_admin (~> 0.4.4) - rails_admin_tag_list! - rails_autolink - rb-fsevent (~> 0.9.0) - rmagick (~> 2.13.1) - rspec-rails - sass-rails (~> 3.2.6) - simple_form (~> 2.0.0.rc) - simplecov - spork (~> 0.9.2) - sqlite3 - stamp (~> 0.1.6) - state_machine (~> 1.1.2) - sunspot_rails (~> 1.3.0) - sunspot_solr (~> 1.3.0) - sunspot_test - taps - uglifier (>= 1.0.3) - unicorn - vcr (~> 2.1.1) - webmock (~> 1.8.7) + cucumbe... \ No newline at end of file