From 63f9a32015705d5536291712fd831a1c15d642a4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 4 Apr 2023 14:18:32 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20271 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-2803851 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-560837 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569156 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569601 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514 - https://snyk.io/vuln/SNYK-RUBY-ACTIVEJOB-72640 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1080913 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20270 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-174549 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450237 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450238 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450239 - https://snyk.io/vuln/SNYK-RUBY-DEVISE-173787 - https://snyk.io/vuln/SNYK-RUBY-DEVISE-465098 - https://snyk.io/vuln/SNYK-RUBY-GLOBALID-3237234 - https://snyk.io/vuln/SNYK-RUBY-I18N-72582 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-450225 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-565439 - https://snyk.io/vuln/SNYK-RUBY-JSON-560838 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-1088056 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-559448 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-559449 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-559450 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-559451 - https://snyk.io/vuln/SNYK-RUBY-LODASHRAILS-567756 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-22023 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168317 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-474102 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-72548 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357692 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237240 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-RAILS-1071903 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-2935879 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168316 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168647 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168648 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454 - https://snyk.io/vuln/SNYK-RUBY-RAKE-552000 - https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617 - https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279 - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 --- Gemfile | 20 ++-- Gemfile.lock | 330 +++++++++++++++++++++++++++++---------------------- 2 files changed, 200 insertions(+), 150 deletions(-) diff --git a/Gemfile b/Gemfile index 715b1c8..85797c1 100644 --- a/Gemfile +++ b/Gemfile @@ -1,17 +1,17 @@ source 'https://rubygems.org' -gem 'rails', '4.2.6' -gem 'devise' -gem 'sass-rails', '~> 5.0' +gem 'rails', '6.1.7.3' +gem 'devise', '>= 4.7.1' +gem 'sass-rails', '~> 6.0', '>= 6.0.0' gem 'uglifier', '>= 1.3.0' -gem 'coffee-rails', '~> 4.1.0' -gem 'jquery-rails' -gem 'jbuilder', '~> 2.0' -gem 'sdoc', '~> 0.4.0', group: :doc +gem 'coffee-rails', '~> 4.2.2' +gem 'jquery-rails', '>= 4.4.0' +gem 'jbuilder', '~> 2.6', '>= 2.6.4' +gem 'sdoc', '~> 1.0.0', group: :doc gem 'react-rails' -gem 'lodash-rails' -gem 'bootstrap-sass', '~> 3.2.0' +gem 'lodash-rails', '>= 4.17.21' +gem 'bootstrap-sass', '~> 3.4.0' gem 'autoprefixer-rails' gem 'bootstrap-growl-rails' @@ -21,7 +21,7 @@ group :development, :test do end group :development do - gem 'web-console', '~> 2.0' + gem 'web-console', '~> 2.3', '>= 2.3.0' gem 'spring' end diff --git a/Gemfile.lock b/Gemfile.lock index fb7ee76..df5046f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,180 +1,230 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) + actioncable (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + mail (>= 2.7.1) + actionmailer (6.1.7.3) + actionpack (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activesupport (= 6.1.7.3) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.6) - actionview (= 4.2.6) - activesupport (= 4.2.6) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.6) - activesupport (= 4.2.6) + rails-dom-testing (~> 2.0) + actionpack (6.1.7.3) + actionview (= 6.1.7.3) + activesupport (= 6.1.7.3) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.7.3) + actionpack (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + nokogiri (>= 1.8.5) + actionview (6.1.7.3) + activesupport (= 6.1.7.3) builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.6) - activesupport (= 4.2.6) - globalid (>= 0.3.0) - activemodel (4.2.6) - activesupport (= 4.2.6) - builder (~> 3.1) - activerecord (4.2.6) - activemodel (= 4.2.6) - activesupport (= 4.2.6) - arel (~> 6.0) - activesupport (4.2.6) - i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - arel (6.0.3) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.7.3) + activesupport (= 6.1.7.3) + globalid (>= 0.3.6) + activemodel (6.1.7.3) + activesupport (= 6.1.7.3) + activerecord (6.1.7.3) + activemodel (= 6.1.7.3) + activesupport (= 6.1.7.3) + activestorage (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activesupport (= 6.1.7.3) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (6.1.7.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) autoprefixer-rails (6.3.6.2) execjs babel-source (5.8.35) babel-transpiler (0.7.0) babel-source (>= 4.0, < 6) execjs (~> 2.0) - bcrypt (3.1.10) - binding_of_caller (0.7.2) + bcrypt (3.1.18) + binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) bootstrap-growl-rails (3.1.3) - bootstrap-sass (3.2.0.2) - sass (~> 3.2) - builder (3.2.2) + bootstrap-sass (3.4.1) + autoprefixer-rails (>= 5.2.1) + sassc (>= 2.0.0) + builder (3.2.4) byebug (9.0.5) - coffee-rails (4.1.1) + coffee-rails (4.2.2) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.1.x) + railties (>= 4.0.0) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.10.0) - concurrent-ruby (1.0.2) - connection_pool (2.2.0) - debug_inspector (0.0.2) - devise (3.5.6) + coffee-script-source (1.12.2) + concurrent-ruby (1.2.2) + connection_pool (2.4.0) + crass (1.0.6) + date (3.3.3) + debug_inspector (1.1.0) + devise (4.9.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0) responders - thread_safe (~> 0.1) warden (~> 1.2.3) - erubis (2.7.0) - execjs (2.7.0) - globalid (0.3.6) - activesupport (>= 4.1.0) - i18n (0.7.0) - jbuilder (2.5.0) - activesupport (>= 3.0.0, < 5.1) - multi_json (~> 1.2) - jquery-rails (4.1.1) + erubi (1.12.0) + execjs (2.8.1) + ffi (1.15.5) + globalid (1.1.0) + activesupport (>= 5.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + jbuilder (2.11.5) + actionview (>= 5.0.0) + activesupport (>= 5.0.0) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.3) - lodash-rails (4.12.0) + lodash-rails (4.17.21) railties (>= 3.1) - loofah (2.0.3) + loofah (2.20.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.9.0) - multi_json (1.12.1) - nokogiri (1.6.8) - mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.2) + method_source (1.0.0) + mini_mime (1.1.2) + mini_portile2 (2.8.1) + minitest (5.18.0) + net-imap (0.3.4) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol + nio4r (2.5.9) + nokogiri (1.14.2) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) orm_adapter (0.5.0) pg (0.18.4) - pkg-config (1.1.7) - rack (1.6.4) - rack-test (0.6.3) - rack (>= 1.0) - rails (4.2.6) - actionmailer (= 4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) - activemodel (= 4.2.6) - activerecord (= 4.2.6) - activesupport (= 4.2.6) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.6) - sprockets-rails - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + psych (5.1.0) + stringio + racc (1.6.2) + rack (2.2.6.4) + rack-test (2.1.0) + rack (>= 1.3) + rails (6.1.7.3) + actioncable (= 6.1.7.3) + actionmailbox (= 6.1.7.3) + actionmailer (= 6.1.7.3) + actionpack (= 6.1.7.3) + actiontext (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activemodel (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + bundler (>= 1.15.0) + railties (= 6.1.7.3) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.4) - railties (4.2.6) - actionpack (= 4.2.6) - activesupport (= 4.2.6) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (11.2.2) - rdoc (4.2.2) - json (~> 1.4) - react-rails (1.7.1) + railties (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + method_source + rake (>= 12.2) + thor (~> 1.0) + rake (13.0.6) + rdoc (6.5.0) + psych (>= 4.0.0) + react-rails (2.6.2) babel-transpiler (>= 0.7.0) - coffee-script-source (~> 1.8) connection_pool execjs - rails (>= 3.2) + railties (>= 3.2) tilt - responders (2.1.1) - railties (>= 4.2.0, < 5.1) - sass (3.4.22) - sass-rails (5.0.4) - railties (>= 4.0.0, < 5.0) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) - sdoc (0.4.1) - json (~> 1.7, >= 1.7.7) - rdoc (~> 4.0) + responders (3.1.0) + actionpack (>= 5.2) + railties (>= 5.2) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt + sdoc (1.0.0) + rdoc (>= 5.0) spring (1.7.1) - sprockets (3.6.0) + sprockets (4.2.0) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.0.4) - actionpack (>= 4.0) - activesupport (>= 4.0) + rack (>= 2.2.4, < 4) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) - thor (0.19.1) - thread_safe (0.3.5) - tilt (2.0.5) - tzinfo (1.2.2) - thread_safe (~> 0.1) + stringio (3.0.5) + thor (1.2.1) + tilt (2.1.0) + timeout (0.3.2) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uglifier (3.0.0) execjs (>= 0.3.0, < 3) - warden (1.2.6) - rack (>= 1.0) + warden (1.2.9) + rack (>= 2.0.9) web-console (2.3.0) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) railties (>= 4.0) sprockets-rails (>= 2.0, < 4.0) + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.6.7) PLATFORMS ruby @@ -182,22 +232,22 @@ PLATFORMS DEPENDENCIES autoprefixer-rails bootstrap-growl-rails - bootstrap-sass (~> 3.2.0) + bootstrap-sass (~> 3.4.0) byebug - coffee-rails (~> 4.1.0) - devise - jbuilder (~> 2.0) - jquery-rails - lodash-rails + coffee-rails (~> 4.2.2) + devise (>= 4.7.1) + jbuilder (~> 2.6, >= 2.6.4) + jquery-rails (>= 4.4.0) + lodash-rails (>= 4.17.21) pg - rails (= 4.2.6) + rails (= 6.1.7.3) rails_12factor react-rails - sass-rails (~> 5.0) - sdoc (~> 0.4.0) + sass-rails (~> 6.0, >= 6.0.0) + sdoc (~> 1.0.0) spring uglifier (>= 1.3.0) - web-console (~> 2.0) + web-console (~> 2.3, >= 2.3.0) BUNDLED WITH - 1.11.2 + 1.17.3