From c2853b4c7bb87cb6267a9228d4c1a79d2682fcc8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 12 Oct 2018 01:27:38 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433 --- Gemfile | 6 ++-- Gemfile.lock | 98 +++++++++++++++++++++++++++++----------------------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/Gemfile b/Gemfile index 29e2ce1..1e1ce9d 100644 --- a/Gemfile +++ b/Gemfile @@ -22,16 +22,16 @@ group :development do gem 'thin' gem 'rspec-rails' gem 'factory_girl_rails' - gem 'cucumber-rails', require: false + gem 'cucumber-rails', '>= 1.4.0', require: false gem 'jasmine' end group :test do - gem 'capybara' + gem 'capybara', '>= 2.1.0' gem 'faker' gem 'guard-rspec' gem 'selenium-webdriver' - gem 'nokogiri' + gem 'nokogiri', '>= 1.8.5' gem 'factory_girl_rails' gem 'database_cleaner' gem 'turn', require: false diff --git a/Gemfile.lock b/Gemfile.lock index a6a5869..68876ce 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -18,10 +18,6 @@ GEM activesupport (= 3.2.14) builder (~> 3.0.0) activerecord (3.2.14) - activemodel (= 3.2.14) - activesupport (= 3.2.14) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) activeresource (3.2.14) activemodel (= 3.2.14) activesupport (= 3.2.14) @@ -30,12 +26,12 @@ GEM multi_json (~> 1.0) addressable (2.3.5) ansi (1.4.3) - arel (3.0.2) backbone-on-rails (1.0.0.1) eco ejs jquery-rails rails (>= 3.1) + backports (3.11.4) bcrypt-ruby (3.1.2) better_errors (1.0.1) coderay (>= 1.0.0) @@ -44,12 +40,13 @@ GEM debug_inspector (>= 0.0.1) builder (3.0.4) callsite (0.0.11) - capybara (2.1.0) - mime-types (>= 1.16) + capybara (2.18.0) + addressable + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) + xpath (>= 2.0, < 4.0) celluloid (0.15.2) timers (~> 1.1.0) childprocess (0.3.9) @@ -60,17 +57,29 @@ GEM execjs coffee-script-source (1.6.3) columnize (0.3.6) - cucumber (1.3.9) + concurrent-ruby (1.0.5) + cucumber (3.1.2) builder (>= 2.1.2) - diff-lcs (>= 1.1.3) - gherkin (~> 2.12) + cucumber-core (~> 3.2.0) + cucumber-expressions (~> 6.0.1) + cucumber-wire (~> 0.0.1) + diff-lcs (~> 1.3) + gherkin (~> 5.1.0) multi_json (>= 1.7.5, < 2.0) - multi_test (>= 0.0.2) - cucumber-rails (1.4.0) - capybara (>= 1.1.2) - cucumber (>= 1.2.0) - nokogiri (>= 1.5.0) - rails (>= 3.0.0) + multi_test (>= 0.1.2) + cucumber-core (3.2.1) + backports (>= 3.8.0) + cucumber-tag_expressions (~> 1.1.0) + gherkin (~> 5.0) + cucumber-expressions (6.0.1) + cucumber-rails (1.4.5) + capybara (>= 1.1.2, < 3) + cucumber (>= 1.3.8, < 4) + mime-types (>= 1.16, < 4) + nokogiri (~> 1.5) + railties (>= 3, < 5.1) + cucumber-tag_expressions (1.1.1) + cucumber-wire (0.0.1) daemons (1.1.9) database_cleaner (1.2.0) debug_inspector (0.0.2) @@ -85,7 +94,7 @@ GEM orm_adapter (~> 0.1) railties (~> 3.1) warden (~> 1.2.1) - diff-lcs (1.2.5) + diff-lcs (1.3) eco (1.0.0) coffee-script eco-source @@ -111,8 +120,7 @@ GEM bundler (~> 1.0) rails (>= 3, < 5) formatador (0.2.4) - gherkin (2.12.2) - multi_json (~> 1.3) + gherkin (5.1.0) guard (2.2.3) formatador (>= 0.2.4) listen (~> 2.1) @@ -125,7 +133,8 @@ GEM hashie (2.0.5) hike (1.2.3) httpauth (0.2.0) - i18n (0.6.5) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jasmine (1.3.2) jasmine-core (~> 1.3.1) rack (~> 1.0) @@ -136,7 +145,7 @@ GEM jquery-rails (3.0.4) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) - json (1.8.0) + json (1.8.6) jwt (0.1.8) multi_json (>= 1.5) launchy (2.3.0) @@ -148,7 +157,7 @@ GEM rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) lumberjack (1.0.4) - mail (2.5.4) + mail (2.5.5) mime-types (~> 1.16) treetop (~> 1.4.8) meta_request (0.2.8) @@ -156,13 +165,14 @@ GEM rack-contrib railties method_source (0.8.2) - mime-types (1.25) - mini_portile (0.5.2) - multi_json (1.8.1) - multi_test (0.0.2) + mime-types (1.25.1) + mini_mime (1.0.1) + mini_portile2 (2.3.0) + multi_json (1.13.1) + multi_test (0.1.2) multipart-post (1.2.0) - nokogiri (1.6.0) - mini_portile (~> 0.5.0) + nokogiri (1.8.5) + mini_portile2 (~> 2.3.0) oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) @@ -185,7 +195,7 @@ GEM omniauth (~> 1.0) orm_adapter (0.4.0) pg (0.17.0) - polyglot (0.3.3) + polyglot (0.3.5) pry (0.9.12.3) coderay (~> 1.0) method_source (~> 0.8) @@ -195,14 +205,14 @@ GEM signature (~> 0.1.6) quiet_assets (1.0.2) railties (>= 3.1, < 5.0) - rack (1.4.5) - rack-cache (1.2) + rack (1.4.7) + rack-cache (1.8.0) rack (>= 0.4) rack-contrib (1.1.0) rack (>= 0.9.1) - rack-ssl (1.3.3) + rack-ssl (1.3.4) rack - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) rails (3.2.14) actionmailer (= 3.2.14) @@ -219,7 +229,7 @@ GEM rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) - rake (10.1.0) + rake (12.3.1) rb-fsevent (0.9.3) rb-inotify (0.9.2) ffi (>= 0.5.0) @@ -248,7 +258,7 @@ GEM websocket (~> 1.0.4) signature (0.1.7) slop (3.4.6) - sprockets (2.2.2) + sprockets (2.2.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -258,7 +268,7 @@ GEM daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.18.1) + thor (0.20.0) tilt (1.4.1) timers (1.1.0) treetop (1.4.15) @@ -266,15 +276,14 @@ GEM polyglot (>= 0.3.1) turn (0.9.6) ansi - tzinfo (0.3.37) uglifier (2.2.1) execjs (>= 0.3.0) multi_json (~> 1.0, >= 1.0.2) warden (1.2.1) rack (>= 1.0) websocket (1.0.7) - xpath (2.0.0) - nokogiri (~> 1.3) + xpath (3.1.0) + nokogiri (~> 1.8) PLATFORMS ruby @@ -284,8 +293,8 @@ DEPENDENCIES bcrypt-ruby better_errors binding_of_caller - capybara - cucumber-rails + capybara (>= 2.1.0) + cucumber-rails (>= 1.4.0) database_cleaner debugger devise @@ -300,7 +309,7 @@ DEPENDENCIES launchy letter_opener meta_request - nokogiri + nokogiri (>= 1.8.5) omniauth-facebook omniauth-github omniauth-google-oauth2 @@ -314,3 +323,6 @@ DEPENDENCIES thin turn uglifier (>= 1.0.3) + +BUNDLED WITH + 1.16.6