Update rails, grape (CVE-2020-5267)

Vidas P · Vidas P · commit 65beeb9e793d · 2020-03-20T12:02:11.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [current]
 ### Fixed
 - Update puma (CVE-2020-5249)
+- Update rails, grape (CVE-2020-5267)
 
 
 ## [0.9.7] - 2020-02-28
diff --git a/Gemfile b/Gemfile
@@ -70,7 +70,7 @@ gem 'mini_magick', '~> 4.9.5'
 gem 'nokogiri', '~> 1.10.8'
 gem 'omniauth', '~> 1.9.0'
 gem 'rack-timeout', '~> 0.5.1'
-gem 'rails', '~> 5.2.3'
+gem 'rails', '~> 5.2.4.2'
 gem 'rails-html-sanitizer', '~> 1.0.4'
 # TODO: Removing coffee-rails breaks deployment on heroku, investigate.
 gem 'coffee-rails', '~> 4.2.2'
@@ -86,8 +86,8 @@ gem 'sprockets', '~> 3.7.2'
 gem 'typhoeus', '~> 0.6.3'
 gem 'uglifier', '~> 4.1.18'
 gem 'jquery-datatables', '~> 1.10.19'
-gem 'grape', '~> 1.2.4'
-gem 'grape-entity', '~> 0.7.1'
+gem 'grape', '~> 1.3.1'
+gem 'grape-entity', '~> 0.8.0'
 gem 'jwt', '~> 2.2.1'
 
 group :development do
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -14,43 +14,43 @@ GEM
   remote: https://rubygems.org/
   specs:
     ace-rails-ap (4.2)
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    actioncable (5.2.4.2)
+      actionpack (= 5.2.4.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailer (5.2.4.2)
+      actionpack (= 5.2.4.2)
+      actionview (= 5.2.4.2)
+      activejob (= 5.2.4.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
-      rack (~> 2.0)
+    actionpack (5.2.4.2)
+      actionview (= 5.2.4.2)
+      activesupport (= 5.2.4.2)
+      rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+    actionview (5.2.4.2)
+      activesupport (= 5.2.4.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+    activejob (5.2.4.2)
+      activesupport (= 5.2.4.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
+    activemodel (5.2.4.2)
+      activesupport (= 5.2.4.2)
+    activerecord (5.2.4.2)
+      activemodel (= 5.2.4.2)
+      activesupport (= 5.2.4.2)
       arel (>= 9.0)
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
+    activestorage (5.2.4.2)
+      actionpack (= 5.2.4.2)
+      activerecord (= 5.2.4.2)
       marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activesupport (5.2.4.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -84,7 +84,7 @@ GEM
     bootstrap-kaminari-views (0.0.5)
       kaminari (>= 0.13)
       rails (>= 3.1)
-    builder (3.2.3)
+    builder (3.2.4)
     bullet (6.0.2)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
@@ -123,10 +123,10 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.6)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.5)
+    crass (1.0.6)
     daemons (1.2.6)
     debug_inspector (0.0.3)
     delayed_job (4.1.8)
@@ -149,6 +149,28 @@ GEM
     domain_name (0.5.20170404)
       unf (>= 0.0.5, < 1.0.0)
     dotenv (2.5.0)
+    dry-configurable (0.11.4)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 0.4, >= 0.4.7)
+      dry-equalizer (~> 0.2)
+    dry-container (0.7.2)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1, >= 0.1.3)
+    dry-core (0.4.9)
+      concurrent-ruby (~> 1.0)
+    dry-equalizer (0.3.0)
+    dry-inflector (0.2.0)
+    dry-logic (1.0.6)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 0.2)
+      dry-equalizer (~> 0.2)
+    dry-types (1.4.0)
+      concurrent-ruby (~> 1.0)
+      dry-container (~> 0.3)
+      dry-core (~> 0.4, >= 0.4.4)
+      dry-equalizer (~> 0.3)
+      dry-inflector (~> 0.1, >= 0.1.2)
+      dry-logic (~> 1.0, >= 1.0.2)
     em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
@@ -188,15 +210,15 @@ GEM
       oauth2 (~> 1.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    grape (1.2.4)
+    grape (1.3.1)
       activesupport
       builder
+      dry-types (>= 1.1)
       mustermann-grape (~> 1.0.0)
       rack (>= 1.3.0)
       rack-accept
-      virtus (>= 1.0.0)
-    grape-entity (0.7.1)
-      activesupport (>= 4.0)
+    grape-entity (0.8.0)
+      activesupport (>= 3.0.0)
       multi_json (>= 1.3.2)
     guard (2.16.1)
       formatador (>= 0.2.4)
@@ -228,7 +250,7 @@ GEM
     http_parser.rb (0.6.0)
     httparty (0.16.2)
       multi_xml (>= 0.5.2)
-    i18n (1.7.0)
+    i18n (1.8.2)
       concurrent-ruby (~> 1.0)
     ice_nine (0.11.2)
     iniparse (1.4.4)
@@ -295,25 +317,26 @@ GEM
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
-    mimemagic (0.3.3)
+    mimemagic (0.3.4)
     mini_magick (4.9.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     mini_racer (0.2.8)
       libv8 (>= 6.9.411)
-    minitest (5.13.0)
+    minitest (5.14.0)
     msgpack (1.2.4)
     multi_json (1.14.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    mustermann (1.0.3)
-    mustermann-grape (1.0.0)
-      mustermann (~> 1.0.0)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    mustermann-grape (1.0.1)
+      mustermann (>= 1.0.0)
     nenv (0.3.0)
     net-ftp-list (3.2.8)
     netrc (0.11.0)
     nio4r (2.5.2)
-    nokogiri (1.10.8)
+    nokogiri (1.10.9)
       mini_portile2 (~> 2.4.0)
     notiffany (0.1.3)
       nenv (~> 0.1)
@@ -369,26 +392,26 @@ GEM
     public_suffix (4.0.1)
     puma (4.3.3)
       nio4r (~> 2.0)
-    rack (2.0.8)
+    rack (2.2.2)
     rack-accept (0.4.5)
       rack (>= 0.4)
     rack-livereload (0.3.17)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rack-timeout (0.5.1)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails (5.2.4.2)
+      actioncable (= 5.2.4.2)
+      actionmailer (= 5.2.4.2)
+      actionpack (= 5.2.4.2)
+      actionview (= 5.2.4.2)
+      activejob (= 5.2.4.2)
+      activemodel (= 5.2.4.2)
+      activerecord (= 5.2.4.2)
+      activestorage (= 5.2.4.2)
+      activesupport (= 5.2.4.2)
       bundler (>= 1.3.0)
-      railties (= 5.2.3)
+      railties (= 5.2.4.2)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -407,9 +430,9 @@ GEM
       json
       require_all (~> 2.0)
       ruby-progressbar
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+    railties (5.2.4.2)
+      actionpack (= 5.2.4.2)
+      activesupport (= 5.2.4.2)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
@@ -475,6 +498,7 @@ GEM
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
     ruby-progressbar (1.10.1)
+    ruby2_keywords (0.0.2)
     rubyzip (2.0.0)
     rufus-scheduler (3.4.2)
       et-orbi (~> 1.0)
@@ -548,7 +572,7 @@ GEM
       multi_json (>= 1.3.0)
     typhoeus (0.6.9)
       ethon (>= 0.7.1)
-    tzinfo (1.2.5)
+    tzinfo (1.2.6)
       thread_safe (~> 0.1)
     uglifier (4.1.18)
       execjs (>= 0.3.0, < 3)
@@ -612,8 +636,8 @@ DEPENDENCIES
   feedjira (~> 2.2)
   font-awesome-sass (~> 5.6.1)
   foreman (~> 0.86.0)
-  grape (~> 1.2.4)
-  grape-entity (~> 0.7.1)
+  grape (~> 1.3.1)
+  grape-entity (~> 0.8.0)
   guard (~> 2.16.1)
   guard-livereload (~> 2.5.2)
   guard-rspec (~> 4.7.3)
@@ -644,7 +668,7 @@ DEPENDENCIES
   puma (~> 4.3.3)
   rack-livereload (~> 0.3.17)
   rack-timeout (~> 0.5.1)
-  rails (~> 5.2.3)
+  rails (~> 5.2.4.2)
   rails-controller-testing (~> 1.0.4)
   rails-html-sanitizer (~> 1.0.4)
   rails_best_practices (~> 1.19.4)
