From f4d57fab8fdf1a207fc6d2c83f9d638f6993327e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 4 Apr 2023 15:09:12 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20255 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-BETTERERRORS-1583446 - https://snyk.io/vuln/SNYK-RUBY-FFI-22037 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-20225 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-450225 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-565439 - https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-575390 - https://snyk.io/vuln/SNYK-RUBY-JSON-560838 - https://snyk.io/vuln/SNYK-RUBY-KAMINARI-570586 - https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880 - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-174820 - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-22012 - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-2987513 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-20230 - https://snyk.io/vuln/SNYK-RUBY-RACK-20399 - https://snyk.io/vuln/SNYK-RUBY-RACK-20400 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237240 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454 - https://snyk.io/vuln/SNYK-RUBY-RAKE-552000 - https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20204 - https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20211 - https://snyk.io/vuln/SNYK-RUBY-SANITIZE-3252478 - https://snyk.io/vuln/SNYK-RUBY-SIMPLEFORM-469443 - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 - https://snyk.io/vuln/SNYK-RUBY-TWITTERBOOTSTRAPRAILS-20153 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 - https://snyk.io/vuln/SNYK-RUBY-UGLIFIER-20236 --- Gemfile | 20 +-- Gemfile.lock | 452 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 288 insertions(+), 184 deletions(-) diff --git a/Gemfile b/Gemfile index 39aabf3..b7846fb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,18 +1,18 @@ source 'https://rubygems.org' # TODO: rails 4.2 -gem 'rails', '5.2.6.2' -gem 'jquery-rails', '>= 4.0.1' +gem 'rails', '6.1.7.3' +gem 'jquery-rails', '>= 4.4.0' gem 'rails_autolink', '>= 1.1.6' gem 'qiita-markdown', :platforms => :ruby -gem 'kramdown', :platforms => :jruby +gem 'kramdown', '>= 2.3.0', :platforms => :jruby -gem 'omniauth-openid' +gem 'omniauth-openid', '>= 2.0.1' gem 'erubis' -gem 'kaminari', '>= 0.16.1' +gem 'kaminari', '>= 1.2.1' -gem 'simple_form', '>= 4.0.0' +gem 'simple_form', '>= 5.0.0' gem 'coveralls', require: false @@ -20,7 +20,7 @@ gem 'pg', group: :postgresql group :development do # better_errors 2.0 requires Ruby 2.0 or higher - gem 'better_errors', '1.1.0' + gem 'better_errors', '2.8.0' gem 'magic_encoding' gem 'binding_of_caller', :platforms => :ruby end @@ -44,16 +44,16 @@ end group :assets do gem 'less-rails', '>= 2.6.0' - gem 'twitter-bootstrap-rails', '>= 2.2.8' + gem 'twitter-bootstrap-rails', '>= 3.2.0' gem 'therubyracer', :platforms => :ruby gem 'therubyrhino', :platforms => :jruby - gem 'uglifier', '>= 1.0.3' + gem 'uglifier', '>= 2.7.2' end group :server do # bin/rails s mizuno gem 'mizuno', :platforms => :jruby - gem 'thin', :platforms => :ruby + gem 'thin', '>= 1.7.0', :platforms => :ruby end # rails g rspec:install diff --git a/Gemfile.lock b/Gemfile.lock index 10506a1..dac7100 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,54 +1,88 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.0.13) - actionpack (= 4.0.13) + actioncable (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + mail (>= 2.7.1) + actionmailer (6.1.7.3) + actionpack (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activesupport (= 6.1.7.3) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.13) - activesupport (= 4.0.13) - builder (~> 3.1.0) - erubis (~> 2.7.0) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - activemodel (4.0.13) - activesupport (= 4.0.13) - builder (~> 3.1.0) - activerecord (4.0.13) - activemodel (= 4.0.13) - activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.13) - arel (~> 4.0.0) - activerecord-deprecated_finders (1.0.3) - activerecord-jdbc-adapter (1.3.13) - activerecord (>= 2.2) - activerecord-jdbcsqlite3-adapter (1.3.13) - activerecord-jdbc-adapter (~> 1.3.13) - jdbc-sqlite3 (>= 3.7.2, < 3.9) - activesupport (4.0.13) - i18n (~> 0.6, >= 0.6.9) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - arel (4.0.2) - better_errors (1.1.0) + rails-dom-testing (~> 2.0) + actionpack (6.1.7.3) + actionview (= 6.1.7.3) + activesupport (= 6.1.7.3) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.7.3) + actionpack (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + nokogiri (>= 1.8.5) + actionview (6.1.7.3) + activesupport (= 6.1.7.3) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.7.3) + activesupport (= 6.1.7.3) + globalid (>= 0.3.6) + activemodel (6.1.7.3) + activesupport (= 6.1.7.3) + activerecord (6.1.7.3) + activemodel (= 6.1.7.3) + activesupport (= 6.1.7.3) + activerecord-jdbc-adapter (61.2-java) + activerecord (~> 6.1.0) + activerecord-jdbcsqlite3-adapter (61.2-java) + activerecord-jdbc-adapter (= 61.2) + jdbc-sqlite3 (~> 3.8, < 3.30) + activestorage (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activesupport (= 6.1.7.3) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (6.1.7.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.2) + public_suffix (>= 2.0.2, < 6.0) + better_errors (2.8.0) coderay (>= 1.0.0) - erubis (>= 2.6.6) + erubi (>= 1.0.0) + rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) - builder (3.1.4) - bullet (4.14.0) + builder (3.2.4) + bullet (7.0.7) activesupport (>= 3.0.0) - uniform_notifier (>= 1.6.0) + uniform_notifier (~> 1.11) charlock_holmes (0.7.7) - childprocess (0.5.5) - ffi (~> 1.0, >= 1.0.11) + childprocess (4.1.0) choice (0.2.0) - coderay (1.1.0) + coderay (1.1.3) commonjs (0.2.7) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) coveralls (0.7.1) multi_json (~> 1.3) rest-client @@ -56,124 +90,186 @@ GEM term-ansicolor thor crass (1.0.6) - daemons (1.1.9) + daemons (1.4.1) + date (3.3.3) + date (3.3.3-java) debug_inspector (0.0.2) - diff-lcs (1.2.5) - docile (1.1.5) + diff-lcs (1.5.0) + docile (1.4.0) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + erubi (1.12.0) erubis (2.7.0) escape_utils (1.1.1) - eventmachine (1.0.4) - execjs (2.2.2) - factory_girl (4.5.0) + eventmachine (1.2.7) + execjs (2.8.1) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.5.0) - factory_girl (~> 4.5.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) - ffi (1.9.6-java) - gemoji (3.0.1) + ffi (1.15.5-java) + gemoji (4.1.0) github-linguist (4.8.18) charlock_holmes (~> 0.7.3) escape_utils (~> 1.1.0) mime-types (>= 1.19) rugged (>= 0.23.0b) - greenmat (3.5.1.3) - hashie (3.3.2) - hike (1.2.3) - html-pipeline (2.14.1) + globalid (1.1.0) + activesupport (>= 5.0) + hashie (5.0.0) + html-pipeline (2.14.3) activesupport (>= 2) nokogiri (>= 1.4) - i18n (0.9.5) + http-accept (1.7.0) + http-cookie (1.0.5) + domain_name (~> 0.5) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jdbc-sqlite3 (3.8.7) - jquery-rails (3.1.2) - railties (>= 3.0, < 5.0) + jdbc-sqlite3 (3.28.0) + jquery-rails (4.5.1) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.2) - json (1.8.2-java) - kaminari (0.16.1) - actionpack (>= 3.0.0) - activesupport (>= 3.0.0) - kramdown (1.5.0) + kaminari (1.2.2) + activesupport (>= 4.1.0) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) + actionview + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) + activerecord + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) + kramdown (2.4.0) + rexml less (2.6.0) commonjs (~> 0.2.7) - less-rails (2.6.0) - actionpack (>= 3.1) + less-rails (4.0.0) + actionpack (>= 4) less (~> 2.6.0) + sprockets (>= 2) libv8 (3.16.14.7) + loofah (2.20.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) magic_encoding (0.0.2) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.2) mem (0.1.5) - method_source (0.8.2) - mime-types (2.99.3) - mini_portile2 (2.8.0) - minitest (4.7.5) - mizuno (0.6.8) + method_source (1.0.0) + mime-types (3.4.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2023.0218.1) + mini_mime (1.1.2) + mini_portile2 (2.8.1) + minitest (5.18.0) + mizuno (0.6.11) childprocess (>= 0.2.6) choice (>= 0.1.0) ffi (>= 1.0.0) rack (>= 1.0.0) multi_json (1.15.0) - netrc (0.10.2) - nokogiri (1.13.4) + net-imap (0.3.4) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol + netrc (0.11.0) + nio4r (2.5.9) + nio4r (2.5.9-java) + nokogiri (1.14.2) mini_portile2 (~> 2.8.0) racc (~> 1.4) - omniauth (1.2.2) - hashie (>= 1.2, < 4) - rack (~> 1.0) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) + nokogiri (1.14.2-java) + racc (~> 1.4) + omniauth (2.1.1) + hashie (>= 3.4.6) + rack (>= 2.2.3) + rack-protection + omniauth-openid (2.0.1) + omniauth (>= 1.0, < 3.0) + rack-openid (~> 1.4.0) pg (0.18.2) - pry (0.10.1) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) - pry (0.10.1-java) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) + pry (0.14.2) + coderay (~> 1.1) + method_source (~> 1.0) + pry (0.14.2-java) + coderay (~> 1.1) + method_source (~> 1.0) spoon (~> 0.0) - pry-rails (0.3.2) - pry (>= 0.9.10) - public_suffix (4.0.7) - qiita-markdown (0.41.0) + pry-rails (0.3.9) + pry (>= 0.10.4) + public_suffix (5.0.1) + qiita-markdown (1.0.3) addressable gemoji github-linguist (~> 4.0) - greenmat (= 3.5.1.3) html-pipeline (~> 2.0) mem - rouge (= 3.26.0) + qiita_marker (~> 0.23.6) + rouge (~> 4.1.0) sanitize - racc (1.6.0) - rack (1.5.2) - rack-openid (1.3.1) + qiita_marker (0.23.6.2) + racc (1.6.2) + racc (1.6.2-java) + rack (2.2.6.4) + rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (4.0.13) - actionmailer (= 4.0.13) - actionpack (= 4.0.13) - activerecord (= 4.0.13) - activesupport (= 4.0.13) - bundler (>= 1.3.0, < 2.0) - railties (= 4.0.13) - sprockets-rails (~> 2.0) - rails_autolink (1.1.6) - rails (> 3.1) - railties (4.0.13) - actionpack (= 4.0.13) - activesupport (= 4.0.13) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rack-protection (3.0.5) + rack + rack-test (2.1.0) + rack (>= 1.3) + rails (6.1.7.3) + actioncable (= 6.1.7.3) + actionmailbox (= 6.1.7.3) + actionmailer (= 6.1.7.3) + actionpack (= 6.1.7.3) + actiontext (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activemodel (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + bundler (>= 1.15.0) + railties (= 6.1.7.3) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + rails_autolink (1.1.8) + actionview (> 3.1) + activesupport (> 3.1) + railties (> 3.1) + railties (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + method_source + rake (>= 12.2) + thor (~> 1.0) + rake (13.0.6) ref (1.0.5) - rest-client (1.7.2) - mime-types (>= 1.16, < 3.0) - netrc (~> 0.7) - rouge (3.26.0) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rexml (3.2.5) + rouge (4.1.0) rspec-core (2.14.8) rspec-expectations (2.14.5) diff-lcs (>= 1.1.3, < 2.0) @@ -187,35 +283,34 @@ GEM rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) - ruby-openid (2.6.0) - rugged (1.4.2) - sanitize (6.0.0) + ruby-openid (2.9.2) + rugged (1.6.3) + sanitize (6.0.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - simple_form (3.1.0) - actionpack (~> 4.0) - activemodel (~> 4.0) - simplecov (0.9.1) - docile (~> 1.1.0) - multi_json (~> 1.0) - simplecov-html (~> 0.8.0) - simplecov-html (0.8.0) + simple_form (5.2.0) + actionpack (>= 5.2) + activemodel (>= 5.2) + simplecov (0.22.0) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov_json_formatter (~> 0.1) + simplecov-html (0.12.3) simplecov-rcov (0.2.3) simplecov (>= 0.4.1) - slop (3.6.0) - spoon (0.0.4) + simplecov_json_formatter (0.1.4) + spoon (0.0.6) ffi - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets (4.2.0) + concurrent-ruby (~> 1.0) + rack (>= 2.2.4, < 4) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + sprockets (>= 3.0.0) sqlite3 (1.3.10) - term-ansicolor (1.3.0) + sync (0.5.0) + term-ansicolor (1.7.1) tins (~> 1.0) therubyracer (0.12.1) libv8 (~> 3.16.14.0) @@ -223,25 +318,34 @@ GEM therubyrhino (2.0.4) therubyrhino_jar (>= 1.7.3) therubyrhino_jar (1.7.4) - thin (1.6.3) + thin (1.8.2) daemons (~> 1.0, >= 1.0.9) - eventmachine (~> 1.0) - rack (~> 1.0) - thor (0.19.1) - thread_safe (0.3.6) - thread_safe (0.3.6-java) - tilt (1.4.1) - tins (1.3.3) - twitter-bootstrap-rails (2.2.8) - actionpack (>= 3.1) - execjs - rails (>= 3.1) - railties (>= 3.1) - tzinfo (0.3.60) - uglifier (2.7.0) - execjs (>= 0.3.0) - json (>= 1.8.0) - uniform_notifier (1.6.2) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + thor (1.2.1) + timeout (0.3.2) + tins (1.32.1) + sync + twitter-bootstrap-rails (5.0.0) + actionpack (>= 5.0, < 8.0) + execjs (~> 2.7) + less-rails (>= 3.0, < 5.0) + railties (>= 5.0, < 8.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + uglifier (4.2.0) + execjs (>= 0.3.0, < 3) + unf (0.1.4) + unf_ext + unf (0.1.4-java) + unf_ext (0.0.8.2) + uniform_notifier (1.16.0) + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-driver (0.7.5-java) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.6.7) PLATFORMS java @@ -249,36 +353,36 @@ PLATFORMS DEPENDENCIES activerecord-jdbcsqlite3-adapter - better_errors (= 1.1.0) + better_errors (= 2.8.0) binding_of_caller bullet coveralls erubis factory_girl - factory_girl_rails - jquery-rails - kaminari - kramdown - less-rails + factory_girl_rails (>= 4.5.0) + jquery-rails (>= 4.4.0) + kaminari (>= 1.2.1) + kramdown (>= 2.3.0) + less-rails (>= 2.6.0) magic_encoding mizuno - omniauth-openid + omniauth-openid (>= 2.0.1) pg pry-rails qiita-markdown - rails (= 4.0.13) - rails_autolink + rails (= 6.1.7.3) + rails_autolink (>= 1.1.6) rspec-kickstarter rspec-rails (= 2.14.2) - simple_form + simple_form (>= 5.0.0) simplecov simplecov-rcov sqlite3 therubyracer therubyrhino - thin - twitter-bootstrap-rails - uglifier (>= 1.0.3) + thin (>= 1.7.0) + twitter-bootstrap-rails (>= 3.2.0) + uglifier (>= 2.7.2) BUNDLED WITH 1.17.3