From 8e6fa3126d835c72858e42a70b8232ec3e332b70 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 5 Apr 2024 00:33:49 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-6274386 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274383 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274384 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274385 - https://snyk.io/vuln/SNYK-RUBY-RDOC-6476871 --- Gemfile | 24 +-- Gemfile.lock | 477 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 290 insertions(+), 211 deletions(-) diff --git a/Gemfile b/Gemfile index 1e268c1..8871431 100644 --- a/Gemfile +++ b/Gemfile @@ -2,25 +2,25 @@ source 'https://rubygems.org' -gem 'coffee-rails', '~> 4.1.0' +gem 'coffee-rails', '~> 4.2.2' gem 'pg' -gem 'rails' -gem 'sass-rails', '~> 5.0' +gem 'rails', '>= 7.0.8.1' +gem 'sass-rails', '~> 5.0', '>= 5.0.8' gem 'uglifier', '>= 1.3.0' # See https://github.com/rails/execjs#readme for more supported runtimes gem 'therubyracer', platforms: :ruby -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.3.4' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder gem 'jbuilder', '~> 2.0' -gem 'sdoc', '~> 0.4.0', group: :doc +gem 'sdoc', '~> 1.0.0', group: :doc -gem 'dotenv-rails', groups: %i[development test] -gem 'dragonfly', '~> 1.0.12' +gem 'dotenv-rails', '>= 2.7.6', groups: %i[development test] +gem 'dragonfly', '~> 1.1.0' gem 'dragonfly-s3_data_store' gem 'image_size' -gem 'rails_admin' +gem 'rails_admin', '>= 3.0.0' gem 'sequenced' # Use ActiveModel has_secure_password @@ -38,24 +38,24 @@ group :development, :test do gem 'factory_girl_rails', '~> 4.0' gem 'pry-rails' gem 'rest-client' - gem 'rspec-rails' + gem 'rspec-rails', '>= 3.8.3' end group :development do # Access an IRB console on exception pages or by using <%= console %> in views - gem 'web-console', '~> 2.0' + gem 'web-console', '~> 3.0', '>= 3.0.0' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' end group :test do - gem 'cucumber-rails', require: false + gem 'cucumber-rails', '>= 2.1.0', require: false gem 'database_cleaner' gem 'poltergeist' end group :demo_test_run do - gem 'capybara' + gem 'capybara', '>= 3.19.0' gem 'poltergeist' gem 'rmagick' gem 'rspec' diff --git a/Gemfile.lock b/Gemfile.lock index 30b1f4f..89847f3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,117 +8,170 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (5.0.7.2) - actionpack (= 5.0.7.2) - nio4r (>= 1.2, < 3.0) - websocket-driver (~> 0.6.1) - actionmailer (5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) + actioncable (7.1.3.2) + actionpack (= 7.1.3.2) + activesupport (= 7.1.3.2) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + zeitwerk (~> 2.6) + actionmailbox (7.1.3.2) + actionpack (= 7.1.3.2) + activejob (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) + mail (>= 2.7.1) + net-imap + net-pop + net-smtp + actionmailer (7.1.3.2) + actionpack (= 7.1.3.2) + actionview (= 7.1.3.2) + activejob (= 7.1.3.2) + activesupport (= 7.1.3.2) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.0.7.2) - actionview (= 5.0.7.2) - activesupport (= 5.0.7.2) - rack (~> 2.0) - rack-test (~> 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.7.2) - activesupport (= 5.0.7.2) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.3.2) + actionview (= 7.1.3.2) + activesupport (= 7.1.3.2) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.3.2) + actionpack (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) + globalid (>= 0.6.0) + nokogiri (>= 1.8.5) + actionview (7.1.3.2) + activesupport (= 7.1.3.2) builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.7.2) - activesupport (= 5.0.7.2) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.3.2) + activesupport (= 7.1.3.2) globalid (>= 0.3.6) - activemodel (5.0.7.2) - activesupport (= 5.0.7.2) - activerecord (5.0.7.2) - activemodel (= 5.0.7.2) - activesupport (= 5.0.7.2) - arel (~> 7.0) - activesupport (5.0.7.2) + activemodel (7.1.3.2) + activesupport (= 7.1.3.2) + activemodel-serializers-xml (1.0.2) + activemodel (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + activerecord (7.1.3.2) + activemodel (= 7.1.3.2) + activesupport (= 7.1.3.2) + timeout (>= 0.4.0) + activestorage (7.1.3.2) + actionpack (= 7.1.3.2) + activejob (= 7.1.3.2) + activerecord (= 7.1.3.2) + activesupport (= 7.1.3.2) + marcel (~> 1.0) + activesupport (7.1.3.2) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) - arel (7.1.4) - backports (3.13.0) - binding_of_caller (0.8.0) - debug_inspector (>= 0.0.1) - builder (3.2.3) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) + base64 (0.2.0) + bigdecimal (3.1.7) + bindex (0.8.1) + builder (3.2.4) byebug (11.0.1) - capybara (3.18.0) + capybara (3.39.2) addressable + matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.2) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) cliver (0.3.2) coderay (1.1.2) - coffee-rails (4.1.1) + coffee-rails (4.2.2) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.1.x) + railties (>= 4.0.0) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.5) - crass (1.0.5) - cucumber (3.1.2) - builder (>= 2.1.2) - cucumber-core (~> 3.2.0) - cucumber-expressions (~> 6.0.1) - cucumber-wire (~> 0.0.1) - diff-lcs (~> 1.3) - gherkin (~> 5.1.0) - multi_json (>= 1.7.5, < 2.0) - multi_test (>= 0.1.2) - cucumber-core (3.2.1) - backports (>= 3.8.0) - cucumber-tag_expressions (~> 1.1.0) - gherkin (~> 5.0) - cucumber-expressions (6.0.1) - cucumber-rails (1.7.0) - capybara (>= 2.3.0, < 4) - cucumber (>= 3.0.2, < 4) - mime-types (>= 1.17, < 4) - nokogiri (~> 1.8) - railties (>= 4.2, < 7) - cucumber-tag_expressions (1.1.1) - cucumber-wire (0.0.1) + concurrent-ruby (1.2.3) + connection_pool (2.4.1) + crass (1.0.6) + cucumber (8.0.0) + builder (~> 3.2, >= 3.2.4) + cucumber-ci-environment (~> 9.0, >= 9.0.4) + cucumber-core (~> 11.0, >= 11.0.0) + cucumber-cucumber-expressions (~> 15.1, >= 15.1.1) + cucumber-gherkin (~> 23.0, >= 23.0.1) + cucumber-html-formatter (~> 19.1, >= 19.1.0) + cucumber-messages (~> 18.0, >= 18.0.0) + diff-lcs (~> 1.5, >= 1.5.0) + mime-types (~> 3.4, >= 3.4.1) + multi_test (~> 1.1, >= 1.1.0) + sys-uname (~> 1.2, >= 1.2.2) + cucumber-ci-environment (9.2.0) + cucumber-core (11.0.0) + cucumber-gherkin (~> 23.0, >= 23.0.1) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-tag-expressions (~> 4.1, >= 4.1.0) + cucumber-cucumber-expressions (15.2.0) + cucumber-gherkin (23.0.1) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-html-formatter (19.2.0) + cucumber-messages (~> 18.0, >= 18.0.0) + cucumber-messages (18.0.0) + cucumber-rails (2.6.1) + capybara (>= 2.18, < 4) + cucumber (>= 3.2, < 9) + mime-types (~> 3.3) + nokogiri (~> 1.10) + railties (>= 5.0, < 8) + rexml (~> 3.0) + webrick (~> 1.7) + cucumber-tag-expressions (4.1.0) database_cleaner (1.7.0) - debug_inspector (0.0.3) - diff-lcs (1.3) + date (3.3.4) + diff-lcs (1.5.1) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) - dotenv (2.7.5) - dotenv-rails (2.7.5) - dotenv (= 2.7.5) - railties (>= 3.2, < 6.1) - dragonfly (1.0.12) + dotenv (2.8.1) + dotenv-rails (2.8.1) + dotenv (= 2.8.1) + railties (>= 3.2) + dragonfly (1.1.5) addressable (~> 2.3) multi_json (~> 1.0) - rack (>= 1.3.0) + rack (>= 1.3) dragonfly-s3_data_store (1.3.0) dragonfly (~> 1.0) fog-aws - erubis (2.7.0) + drb (2.2.1) + erubi (1.12.0) excon (0.73.0) - execjs (2.7.0) + execjs (2.9.1) factory_girl (4.9.0) activesupport (>= 3.0.0) factory_girl_rails (4.9.0) factory_girl (~> 4.9.0) railties (>= 3.0.0) - ffi (1.10.0) + ffi (1.16.3) fog-aws (3.6.2) fog-core (~> 2.1) fog-json (~> 1.1) @@ -135,63 +188,74 @@ GEM fog-xml (0.1.3) fog-core nokogiri (>= 1.5.11, < 2.0.0) - font-awesome-rails (4.7.0.5) - railties (>= 3.2, < 6.1) formatador (0.2.5) - gherkin (5.1.0) - globalid (0.4.2) - activesupport (>= 4.2.0) - haml (5.0.4) - temple (>= 0.8.0) - tilt + globalid (1.2.1) + activesupport (>= 6.1) http-cookie (1.0.3) domain_name (~> 0.5) - i18n (1.6.0) + i18n (1.14.4) concurrent-ruby (~> 1.0) image_size (2.0.0) + io-console (0.7.2) ipaddress (0.8.3) + irb (1.12.0) + rdoc + reline (>= 0.4.2) jbuilder (2.8.0) activesupport (>= 4.2.0) multi_json (>= 1.2) - jquery-rails (4.3.3) + jquery-rails (4.6.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jquery-ui-rails (6.0.1) - railties (>= 3.2.16) - json (1.8.6) - kaminari (1.1.1) + kaminari (1.2.2) activesupport (>= 4.1.0) - kaminari-actionview (= 1.1.1) - kaminari-activerecord (= 1.1.1) - kaminari-core (= 1.1.1) - kaminari-actionview (1.1.1) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) actionview - kaminari-core (= 1.1.1) - kaminari-activerecord (1.1.1) + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) activerecord - kaminari-core (= 1.1.1) - kaminari-core (1.1.1) + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) libv8 (3.16.14.19) - loofah (2.3.1) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) + nokogiri (>= 1.12.0) + mail (2.8.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.4) + matrix (0.4.2) method_source (0.9.2) - mime-types (3.2.2) + mime-types (3.5.2) mime-types-data (~> 3.2015) - mime-types-data (3.2019.0331) - mini_mime (1.0.1) - mini_portile2 (2.4.0) - minitest (5.11.3) - multi_json (1.13.1) - multi_test (0.1.2) + mime-types-data (3.2024.0305) + mini_mime (1.1.5) + mini_portile2 (2.8.5) + minitest (5.22.3) + multi_json (1.15.0) + multi_test (1.1.0) + mutex_m (0.2.0) nested_form (0.3.2) + net-imap (0.4.10) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.0) + net-protocol netrc (0.11.0) - nio4r (2.3.1) - nokogiri (1.10.5) - mini_portile2 (~> 2.4.0) + nio4r (2.7.1) + nokogiri (1.15.6) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) pg (1.1.4) poltergeist (1.18.1) capybara (>= 2.1, < 4) @@ -202,76 +266,83 @@ GEM method_source (~> 0.9.0) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (3.0.3) + psych (5.1.2) + stringio + public_suffix (5.0.5) puma (3.12.2) - rack (2.0.7) - rack-pjax (1.1.0) - nokogiri (~> 1.5) - rack (>= 1.1) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.7.2) - actioncable (= 5.0.7.2) - actionmailer (= 5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) - activemodel (= 5.0.7.2) - activerecord (= 5.0.7.2) - activesupport (= 5.0.7.2) - bundler (>= 1.3.0) - railties (= 5.0.7.2) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + racc (1.7.3) + rack (2.2.9) + rack-session (1.0.2) + rack (< 3) + rack-test (2.1.0) + rack (>= 1.3) + rackup (1.0.0) + rack (< 3) + webrick + rails (7.1.3.2) + actioncable (= 7.1.3.2) + actionmailbox (= 7.1.3.2) + actionmailer (= 7.1.3.2) + actionpack (= 7.1.3.2) + actiontext (= 7.1.3.2) + actionview (= 7.1.3.2) + activejob (= 7.1.3.2) + activemodel (= 7.1.3.2) + activerecord (= 7.1.3.2) + activestorage (= 7.1.3.2) + activesupport (= 7.1.3.2) + bundler (>= 1.15.0) + railties (= 7.1.3.2) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) - rails_admin (1.4.2) - builder (~> 3.1) - coffee-rails (~> 4.0) - font-awesome-rails (>= 3.0, < 5) - haml (>= 4.0, < 6) - jquery-rails (>= 3.0, < 5) - jquery-ui-rails (>= 5.0, < 7) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + rails_admin (3.1.2) + activemodel-serializers-xml (>= 1.0) kaminari (>= 0.14, < 2.0) nested_form (~> 0.3) - rack-pjax (>= 0.7) - rails (>= 4.0, < 6) - remotipart (~> 1.3) - sass-rails (>= 4.0, < 6) - railties (5.0.7.2) - actionpack (= 5.0.7.2) - activesupport (= 5.0.7.2) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.2) - rb-fsevent (0.10.3) - rb-inotify (0.10.0) + rails (>= 6.0, < 8) + turbo-rails (~> 1.0) + railties (7.1.3.2) + actionpack (= 7.1.3.2) + activesupport (= 7.1.3.2) + irb + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) + rake (13.2.0) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) ffi (~> 1.0) - rdoc (4.3.0) + rdoc (6.6.3.1) + psych (>= 4.0.0) ref (2.0.0) - regexp_parser (1.4.0) - remotipart (1.4.2) + regexp_parser (2.9.0) + reline (0.5.0) + io-console (~> 0.5) rest-client (2.0.2) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) + rexml (3.2.6) rmagick (3.1.0) rspec (3.8.0) rspec-core (~> 3.8.0) rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) + rspec-core (3.8.2) rspec-support (~> 3.8.0) - rspec-expectations (3.8.3) + rspec-expectations (3.8.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-mocks (3.8.0) + rspec-mocks (3.8.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-rails (3.8.2) + rspec-rails (3.8.3) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) @@ -279,92 +350,100 @@ GEM rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) rspec-support (~> 3.8.0) - rspec-support (3.8.0) + rspec-support (3.8.3) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.7) - railties (>= 4.0.0, < 6) + sass-rails (5.1.0) + railties (>= 5.2.0) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - sdoc (0.4.2) - json (~> 1.7, >= 1.7.7) - rdoc (~> 4.0) + sdoc (1.0.0) + rdoc (>= 5.0) sequenced (3.1.1) activerecord (>= 3.0) activesupport (>= 3.0) spring (2.0.2) activesupport (>= 4.2) - sprockets (3.7.2) + sprockets (3.7.3) + base64 concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) - temple (0.8.1) + stringio (3.1.0) + sys-uname (1.2.3) + ffi (~> 1.1) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref - thor (0.20.3) - thread_safe (0.3.6) - tilt (2.0.9) - tzinfo (1.2.5) - thread_safe (~> 0.1) + thor (1.3.1) + tilt (2.3.0) + timeout (0.4.1) + turbo-rails (1.5.0) + actionpack (>= 6.0.0) + activejob (>= 6.0.0) + railties (>= 6.0.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uglifier (4.1.20) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.7.6) - web-console (2.3.0) - activemodel (>= 4.0) - binding_of_caller (>= 0.7.2) - railties (>= 4.0) - sprockets-rails (>= 2.0, < 4.0) - websocket-driver (0.6.5) + web-console (3.7.0) + actionview (>= 5.0) + activemodel (>= 5.0) + bindex (>= 0.4.0) + railties (>= 5.0) + webrick (1.8.1) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) + zeitwerk (2.6.13) PLATFORMS ruby DEPENDENCIES byebug - capybara - coffee-rails (~> 4.1.0) - cucumber-rails + capybara (>= 3.19.0) + coffee-rails (~> 4.2.2) + cucumber-rails (>= 2.1.0) database_cleaner - dotenv-rails - dragonfly (~> 1.0.12) + dotenv-rails (>= 2.7.6) + dragonfly (~> 1.1.0) dragonfly-s3_data_store factory_girl_rails (~> 4.0) image_size jbuilder (~> 2.0) - jquery-rails + jquery-rails (>= 4.3.4) pg poltergeist pry-rails puma - rails - rails_admin + rails (>= 7.0.8.1) + rails_admin (>= 3.0.0) rest-client rmagick rspec - rspec-rails - sass-rails (~> 5.0) - sdoc (~> 0.4.0) + rspec-rails (>= 3.8.3) + sass-rails (~> 5.0, >= 5.0.8) + sdoc (~> 1.0.0) sequenced spectre_client! spring therubyracer uglifier (>= 1.3.0) - web-console (~> 2.0) + web-console (~> 3.0, >= 3.0.0) BUNDLED WITH 2.1.4