From 19ca432eb3f21ca764c9fd1cb2cc47b0225c61dd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 14 Dec 2022 22:50:50 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168317 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168318 - https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168649 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168316 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168647 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168648 --- Gemfile | 6 ++--- Gemfile.lock | 67 ++++++++++++++++++++++++++++------------------------ 2 files changed, 39 insertions(+), 34 deletions(-) diff --git a/Gemfile b/Gemfile index 89bee6d..8656daa 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem 'sass-rails', '~> 5.1', '>= 5.1.0' gem 'uglifier', '>= 1.3.0' # Use jquery as the JavaScript library -gem 'jquery-rails', '>= 4.4.0' +gem 'jquery-rails', '>= 4.5.0' gem 'jquery-ui-rails', '>= 6.0.1' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks @@ -30,7 +30,7 @@ gem 'sdoc', '~> 1.0.0', group: :doc # See https://github.com/rails/execjs#readme for more supported runtimes gem 'therubyracer', platforms: :ruby gem "twitter-bootstrap-rails", ">= 5.0.0" -gem 'tinymce-rails', '>= 5.10.3' +gem 'tinymce-rails', '>= 6.0.3.1' gem 'fastimage' gem 'font-awesome-rails', '>= 4.7.0.8' @@ -39,7 +39,7 @@ gem 'rest-client' # API management gem 'active_model_serializers', '>= 0.10.13' -gem 'apipie-rails', '>= 0.7.1' +gem 'apipie-rails', '>= 0.8.1' gem 'jwt' gem 'rack-cors', :require => 'rack/cors' diff --git a/Gemfile.lock b/Gemfile.lock index 582081b..63a4895 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -49,7 +49,7 @@ GEM tzinfo (~> 1.1) airbrussh (1.3.1) sshkit (>= 1.6.1, != 1.7.0) - apipie-rails (0.8.1) + apipie-rails (0.8.2) actionpack (>= 5.0) activesupport (>= 5.0) arel (9.0.0) @@ -81,6 +81,7 @@ GEM crass (1.0.6) daemons (1.4.1) database_cleaner (1.7.0) + date (3.3.1) debug_inspector (1.1.0) devise (4.8.1) bcrypt (~> 3.0) @@ -90,8 +91,7 @@ GEM warden (~> 1.2.3) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) - erubi (1.10.0) - erubis (2.7.0) + erubi (1.11.0) eventmachine (1.2.7) execjs (2.8.1) fastimage (2.1.5) @@ -102,25 +102,20 @@ GEM railties (>= 3.2, < 8.0) globalid (1.0.0) activesupport (>= 5.0) - haml (5.2.2) - temple (>= 0.8.0) + haml (6.1.1) + temple (>= 0.8.2) + thor tilt - haml-rails (2.0.1) + haml-rails (2.1.0) actionpack (>= 5.1) activesupport (>= 5.1) - haml (>= 4.0.6, < 6.0) - html2haml (>= 1.0.1) + haml (>= 4.0.6) railties (>= 5.1) - html2haml (2.2.0) - erubis (~> 2.7.0) - haml (>= 4.0, < 6) - nokogiri (>= 1.6.0) - ruby_parser (~> 3.5) http-cookie (1.0.3) domain_name (~> 0.5) i18n (1.12.0) concurrent-ruby (~> 1.0) - jquery-rails (4.5.0) + jquery-rails (4.5.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -136,11 +131,14 @@ GEM less (~> 2.6.0) sprockets (>= 2) libv8 (3.16.14.19) - loofah (2.18.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp mailcatcher (0.2.4) eventmachine haml @@ -158,15 +156,24 @@ GEM mime-types-data (3.2019.0331) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.16.2) + minitest (5.16.3) mustermann (1.1.1) ruby2_keywords (~> 0.0.1) + net-imap (0.3.2) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) + net-smtp (0.3.3) + net-protocol net-ssh (5.2.0) netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.7) + nokogiri (1.13.10) mini_portile2 (~> 2.8.0) racc (~> 1.4) orm_adapter (0.5.0) @@ -180,7 +187,7 @@ GEM nio4r (~> 2.0) pundit (2.0.1) activesupport (>= 3.0.0) - racc (1.6.0) + racc (1.6.1) rack (2.2.4) rack-cors (1.0.5) rack (>= 1.6.0) @@ -213,8 +220,8 @@ GEM activesupport (>= 3.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) railties (5.2.8.1) actionpack (= 5.2.8.1) activesupport (= 5.2.8.1) @@ -222,7 +229,7 @@ GEM rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rake (13.0.6) - rb-fsevent (0.11.1) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) rdoc (6.3.2) @@ -238,8 +245,6 @@ GEM netrc (~> 0.8) ruby-graphviz (1.2.4) ruby2_keywords (0.0.5) - ruby_parser (3.19.1) - sexp_processor (~> 4.16) rubyzip (1.3.0) sass (3.7.4) sass-listen (~> 4.0.0) @@ -254,7 +259,6 @@ GEM tilt (>= 1.1, < 3) sdoc (1.0.0) rdoc (>= 5.0) - sexp_processor (4.16.1) sinatra (2.2.0) mustermann (~> 1.0) rack (~> 2.2) @@ -278,7 +282,7 @@ GEM sshkit (1.18.2) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) - temple (0.8.2) + temple (0.9.1) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref @@ -288,8 +292,9 @@ GEM rack (>= 1, < 3) thor (0.20.3) thread_safe (0.3.6) - tilt (2.0.10) - tinymce-rails (6.0.3.1) + tilt (2.0.11) + timeout (0.3.1) + tinymce-rails (6.3.1) railties (>= 3.1.1) twitter-bootstrap-rails (5.0.0) actionpack (>= 5.0, < 8.0) @@ -321,7 +326,7 @@ PLATFORMS DEPENDENCIES active_model_serializers (>= 0.10.13) - apipie-rails (>= 0.7.1) + apipie-rails (>= 0.8.1) byebug capistrano capistrano-bundler @@ -335,7 +340,7 @@ DEPENDENCIES font-awesome-rails (>= 4.7.0.8) haml haml-rails (>= 2.0.1) - jquery-rails (>= 4.4.0) + jquery-rails (>= 4.5.0) jquery-ui-rails (>= 6.0.1) jwt mailcatcher @@ -354,7 +359,7 @@ DEPENDENCIES sdoc (~> 1.0.0) spring therubyracer - tinymce-rails (>= 5.10.3) + tinymce-rails (>= 6.0.3.1) twitter-bootstrap-rails (>= 5.0.0) tzinfo-data uglifier (>= 1.3.0)