From 5473588eceed8182d12828f16432a3d4e8d4b53f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 24 Jun 2018 22:13:42 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://snyk.io/vuln/SNYK-RUBY-I18N-20124 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20244 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014 - https://snyk.io/vuln/SNYK-RUBY-REDCARPET-20212 - https://snyk.io/vuln/SNYK-RUBY-YARD-22004 --- Gemfile | 12 +++--- Gemfile.lock | 106 +++++++++++++++++++++++++-------------------------- 2 files changed, 58 insertions(+), 60 deletions(-) diff --git a/Gemfile b/Gemfile index 1ebc90f..bf33ca2 100644 --- a/Gemfile +++ b/Gemfile @@ -4,10 +4,10 @@ gem 'faraday', '~> 0.9' gem 'tilt', '~> 2' gem 'yajl-ruby', '~> 1.3.1', :require => [ 'yajl', 'yajl/json_gem' ] -gem 'activesupport', '>= 3.2', :require => 'active_support' +gem 'activesupport', '>= 4.1.11' # service: mail -gem 'mail', '~> 2.2' +gem 'mail', '~> 2.5', '>= 2.5.5' # service :campfire gem 'tinder', '~> 1.10.1' @@ -22,7 +22,7 @@ gem 'flowdock', '~> 0.3' gem 'aws-sdk-sns', '~> 1' # markdown generation -gem 'redcarpet', '~> 2.3' +gem 'redcarpet', '~> 3.2', '>= 3.2.3' # Ensure everyone plays nice with SSL # @@ -35,7 +35,7 @@ gem 'rake', '>= 0.9' group :development do gem "test-unit", "~> 3.2.7" gem "rspec", "~>3.1" - gem "shoulda", "~> 3.5" - gem "jeweler", "~> 2.1" - gem 'yard', "~> 0.8" + gem "shoulda", "~> 3.5", ">= 3.5.0" + gem "jeweler", "~> 2.1", ">= 2.1.2" + gem 'yard', '~> 0.9', '>= 0.9.11' end diff --git a/Gemfile.lock b/Gemfile.lock index e64a2bc..cff5480 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,12 @@ GEM remote: https://rubygems.org/ specs: - activesupport (4.0.0) - i18n (~> 0.6, >= 0.6.4) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) + activesupport (5.2.0) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) addressable (2.4.0) - atomic (1.1.14) aws-partitions (1.24.0) aws-sdk-core (3.6.0) aws-partitions (~> 1.0) @@ -18,8 +16,10 @@ GEM aws-sdk-core (~> 3) aws-sigv4 (~> 1.0) aws-sigv4 (1.0.2) - builder (3.2.2) - descendants_tracker (0.0.3) + builder (3.2.3) + concurrent-ruby (1.0.5) + descendants_tracker (0.0.4) + thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.2.5) eventmachine (1.2.5) faraday (0.9.2) @@ -29,60 +29,61 @@ GEM flowdock (0.3.1) httparty (~> 0.7) multi_json - git (1.3.0) - github_api (0.11.3) - addressable (~> 2.3) - descendants_tracker (~> 0.0.1) + git (1.4.0) + github_api (0.16.0) + addressable (~> 2.4.0) + descendants_tracker (~> 0.0.4) faraday (~> 0.8, < 0.10) - hashie (>= 1.2) - multi_json (>= 1.7.5, < 2.0) - nokogiri (~> 1.6.0) - oauth2 + hashie (>= 3.4) + mime-types (>= 1.16, < 3.0) + oauth2 (~> 1.0) hashie (3.5.7) - highline (1.7.8) + highline (2.0.0) hipchat (1.4.0) httparty http_parser.rb (0.5.3) httparty (0.12.0) json (~> 1.8) multi_xml (>= 0.5.2) - i18n (0.6.5) - jeweler (2.1.2) + i18n (1.0.1) + concurrent-ruby (~> 1.0) + jeweler (2.3.9) builder - bundler (>= 1.0) + bundler git (>= 1.2.5) - github_api (~> 0.11.0) + github_api (~> 0.16.0) highline (>= 1.6.15) nokogiri (>= 1.5.10) + psych rake rdoc - semver + semver2 jmespath (1.3.1) json (1.8.6) jwt (1.5.6) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) - mime-types (1.25.1) - mini_portile2 (2.1.0) - minitest (4.7.5) + mail (2.7.0) + mini_mime (>= 0.1.1) + mime-types (2.99.3) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) multi_json (1.13.1) - multi_xml (0.5.5) + multi_xml (0.6.0) multipart-post (2.0.0) - nokogiri (1.6.8.1) - mini_portile2 (~> 2.1.0) + nokogiri (1.8.3) + mini_portile2 (~> 2.3.0) oauth2 (1.4.0) faraday (>= 0.8, < 0.13) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - polyglot (0.3.3) power_assert (1.1.1) - rack (1.6.8) - rake (10.3.2) - rdoc (4.3.0) - redcarpet (2.3.0) + psych (3.0.2) + rack (2.0.5) + rake (12.3.1) + rdoc (6.0.4) + redcarpet (3.4.0) rspec (3.1.0) rspec-core (~> 3.1.0) rspec-expectations (~> 3.1.0) @@ -95,18 +96,17 @@ GEM rspec-mocks (3.1.3) rspec-support (~> 3.1.0) rspec-support (3.1.2) - semver (1.0.1) + semver2 (3.4.2) shoulda (3.5.0) shoulda-context (~> 1.0, >= 1.0.1) shoulda-matchers (>= 1.4.1, < 3.0) - shoulda-context (1.1.5) - shoulda-matchers (2.4.0) + shoulda-context (1.2.2) + shoulda-matchers (2.8.0) activesupport (>= 3.0.0) simple_oauth (0.1.9) test-unit (3.2.7) power_assert - thread_safe (0.1.3) - atomic + thread_safe (0.3.6) tilt (2.0.7) tinder (1.10.1) eventmachine (~> 1.0) @@ -117,37 +117,35 @@ GEM mime-types multi_json (~> 1.7) twitter-stream (~> 0.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) twitter-stream (0.1.16) eventmachine (>= 0.12.8) http_parser.rb (~> 0.5.1) simple_oauth (~> 0.1.4) - tzinfo (0.3.38) + tzinfo (1.2.5) + thread_safe (~> 0.1) yajl-ruby (1.3.1) - yard (0.8.7.2) + yard (0.9.14) PLATFORMS ruby DEPENDENCIES - activesupport (>= 3.2) + activesupport (>= 4.1.11) aws-sdk-sns (~> 1) faraday (~> 0.9) flowdock (~> 0.3) hipchat (~> 1.4.0) - jeweler (~> 2.1) - mail (~> 2.2) + jeweler (~> 2.1, >= 2.1.2) + mail (~> 2.5, >= 2.5.5) rake (>= 0.9) - redcarpet (~> 2.3) + redcarpet (~> 3.2, >= 3.2.3) rspec (~> 3.1) - shoulda (~> 3.5) + shoulda (~> 3.5, >= 3.5.0) test-unit (~> 3.2.7) tilt (~> 2) tinder (~> 1.10.1) yajl-ruby (~> 1.3.1) - yard (~> 0.8) + yard (~> 0.9, >= 0.9.11) BUNDLED WITH - 1.16.0 + 1.16.1