From 78f561759d489b5434c4674395dc5c5384d26668 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 8 Jul 2021 01:29:50 +0000 Subject: [PATCH] fix: Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 --- Gemfile.lock | 150 +++++++++++++++++++++++++++------------------------ 1 file changed, 81 insertions(+), 69 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ece6bbf..cc8e58c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -41,9 +41,10 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - acts_as_list (0.7.4) + acts_as_list (0.9.19) activerecord (>= 3.0) - addressable (2.4.0) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) administrate (0.1.4) autoprefixer-rails (~> 6.0) datetime_picker_rails (~> 0.0.7) @@ -56,32 +57,31 @@ GEM sass-rails (~> 5.0) selectize-rails (~> 0.6) allison (2.0.3) - arel (6.0.3) + arel (6.0.4) authlogic (1.4.3) activesupport echoe - autoprefixer-rails (6.3.6.1) + autoprefixer-rails (6.7.7.2) execjs awesome_nested_set (3.0.3) activerecord (>= 4.0.0, < 5) bcrypt (3.1.11) - bootstrap-sass (3.3.6) + bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) bourbon (4.2.7) sass (~> 3.4) thor (~> 0.19) - builder (3.2.2) + builder (3.2.4) byebug (9.0.4) - camertron-eprun (1.1.0) + camertron-eprun (1.1.1) cancancan (1.10.1) canonical-rails (0.0.11) rails (>= 3.1, < 5.0) carmen (1.0.2) activesupport (>= 3.0.0) - cldr-plurals-runtime-rb (1.0.1) - climate_control (0.0.3) - activesupport (>= 3.0) + cldr-plurals-runtime-rb (1.1.0) + climate_control (0.2.0) cocaine (0.5.8) climate_control (>= 0.0.3, < 1.0) coffee-rails (4.1.1) @@ -91,9 +91,10 @@ GEM coffee-script-source execjs coffee-script-source (1.10.0) - colorize (0.7.7) - concurrent-ruby (1.0.2) - css_parser (1.4.1) + colorize (0.8.1) + concurrent-ruby (1.1.9) + crass (1.0.6) + css_parser (1.9.0) addressable datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) @@ -118,16 +119,17 @@ GEM rdoc (>= 2.5.11) rubyforge (>= 2.0.4) erubis (2.7.0) - execjs (2.7.0) + execjs (2.8.1) festivaltts4r (0.2.0) hoe (>= 1.3.0) ffaker (1.32.1) - font-awesome-rails (4.6.3.0) - railties (>= 3.2, < 5.1) + ffi (1.15.3) + font-awesome-rails (4.7.0.7) + railties (>= 3.2, < 7) friendly_id (5.1.0) activerecord (>= 4.0.0) - globalid (0.3.6) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) highline (1.6.21) hoe (3.15.0) rake (>= 0.8, < 12.0) @@ -135,47 +137,49 @@ GEM httparty (0.13.7) json (~> 1.8) multi_xml (>= 0.5.2) - i18n (0.7.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jbuilder (2.4.1) activesupport (>= 3.0.0, < 5.1) multi_json (~> 1.2) - jquery-rails (4.1.1) + jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-ui-rails (5.0.5) railties (>= 3.2.16) - json (1.8.3) + json (1.8.6) json_pure (1.8.3) - kaminari (0.16.3) + kaminari (0.17.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) lingq (0.3.1) bundler httparty - loofah (2.0.3) + loofah (2.10.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - mime-types (3.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.0.0) - minitest (5.9.0) + mime-types-data (3.2021.0704) + mini_mime (1.1.0) + mini_portile2 (2.1.0) + minitest (5.14.4) momentjs-rails (2.11.1) railties (>= 3.1) - monetize (1.4.0) - money (~> 6.7) - money (6.7.1) - i18n (>= 0.6.4, <= 0.7.0) - sixarm_ruby_unaccent (>= 1.1.1, < 2) + monetize (1.11.0) + money (~> 6.12) + money (6.16.0) + i18n (>= 0.6.4, <= 2) multi_json (1.12.1) multi_xml (0.5.5) neat (1.7.4) bourbon (>= 4.0) sass (>= 3.3) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + nokogiri (1.6.8.1) + mini_portile2 (~> 2.1.0) normalize-rails (3.0.3) orm_adapter (0.5.0) paperclip (4.2.4) @@ -185,19 +189,21 @@ GEM mime-types paranoia (2.1.5) activerecord (~> 4.0) - polyamorous (1.3.0) + polyamorous (1.3.3) activerecord (>= 3.0) polyglot (0.3.5) - premailer (1.8.6) - css_parser (>= 1.3.6) + premailer (1.15.0) + addressable + css_parser (>= 1.6.0) htmlentities (>= 4.0.0) - premailer-rails (1.9.2) - actionmailer (>= 3, < 6) + premailer-rails (1.11.1) + actionmailer (>= 3) premailer (~> 1.7, >= 1.7.9) + public_suffix (4.0.6) puma (3.4.0) rabl (0.11.8) activesupport (>= 2.3.14) - rack (1.6.4) + rack (1.6.13) rack-ssl (1.0.0) rack rack-test (0.6.3) @@ -213,33 +219,41 @@ GEM bundler (>= 1.3.0, < 2.0) railties (= 4.2.5) sprockets-rails - rails-deprecated_sanitizer (1.0.3) + rails-deprecated_sanitizer (1.0.4) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) railties (4.2.5) actionpack (= 4.2.5) activesupport (= 4.2.5) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.1.2) + rake (11.3.0) ransack (1.4.1) actionpack (>= 3.0) activerecord (>= 3.0) activesupport (>= 3.0) i18n polyamorous (~> 1.1) + rb-fsevent (0.11.0) + rb-inotify (0.10.1) + ffi (~> 1.0) rdoc (4.2.2) json (~> 1.4) - responders (2.2.0) - railties (>= 4.2.0, < 5.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) rubyforge (2.0.4) json_pure (>= 1.1.7) - sass (3.4.22) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) sass-rails (5.0.4) railties (>= 4.0.0, < 5.0) sass (~> 3.1) @@ -252,7 +266,6 @@ GEM sinatra (1.1.4) rack (~> 1.1) tilt (>= 1.2.2, < 2.0) - sixarm_ruby_unaccent (1.1.1) spree (3.0.7) spree_api (= 3.0.7) spree_backend (= 3.0.7) @@ -307,7 +320,7 @@ GEM spree_sample (3.0.7) spree_core (= 3.0.7) spring (1.7.1) - sprockets (3.6.0) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -315,26 +328,25 @@ GEM activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.11) - state_machines (0.4.0) - state_machines-activemodel (0.4.0) - activemodel (>= 4.1, < 5.1) - state_machines (>= 0.4.0) - state_machines-activerecord (0.4.0) - activerecord (>= 4.1, < 5.1) - state_machines-activemodel (>= 0.3.0) - stringex (2.6.0) - thor (0.19.1) - thread_safe (0.3.5) + state_machines (0.5.0) + state_machines-activemodel (0.7.1) + activemodel (>= 4.1) + state_machines (>= 0.5.0) + state_machines-activerecord (0.6.0) + activerecord (>= 4.1) + state_machines-activemodel (>= 0.5.0) + stringex (2.8.5) + thor (0.20.3) + thread_safe (0.3.6) tilt (1.4.1) truncate_html (0.9.2) turbolinks (2.5.3) coffee-rails - twitter_cldr (3.3.0) + twitter_cldr (3.6.0) camertron-eprun - cldr-plurals-runtime-rb (~> 1.0.0) - json + cldr-plurals-runtime-rb (~> 1.0) tzinfo - tzinfo (1.2.2) + tzinfo (1.2.9) thread_safe (~> 0.1) uglifier (3.0.0) execjs (>= 0.3.0, < 3) @@ -375,4 +387,4 @@ DEPENDENCIES web-console BUNDLED WITH - 1.13.1 + 1.17.3