From db95eb908cfd7d5fddf0751e84b8b32b24ce6d06 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 21 Dec 2022 01:00:56 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 --- Gemfile | 2 +- Gemfile.lock | 62 ++++++++++++++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 27 deletions(-) diff --git a/Gemfile b/Gemfile index 89bee6d..88afc2e 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem 'devise', '>= 4.8.1' gem "pundit" # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.1', '>= 5.1.0' +gem 'sass-rails', '~> 6.0', '>= 6.0.0' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' diff --git a/Gemfile.lock b/Gemfile.lock index 582081b..e5199ba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -81,6 +81,7 @@ GEM crass (1.0.6) daemons (1.4.1) database_cleaner (1.7.0) + date (3.3.3) debug_inspector (1.1.0) devise (4.8.1) bcrypt (~> 3.0) @@ -90,7 +91,7 @@ GEM warden (~> 1.2.3) domain_name (0.5.20180417) unf (>= 0.0.5, < 1.0.0) - erubi (1.10.0) + erubi (1.11.0) erubis (2.7.0) eventmachine (1.2.7) execjs (2.8.1) @@ -136,11 +137,14 @@ GEM less (~> 2.6.0) sprockets (>= 2) libv8 (3.16.14.19) - loofah (2.18.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp mailcatcher (0.2.4) eventmachine haml @@ -158,15 +162,24 @@ GEM mime-types-data (3.2019.0331) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.16.2) + minitest (5.16.3) mustermann (1.1.1) ruby2_keywords (~> 0.0.1) + net-imap (0.3.2) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) + net-smtp (0.3.3) + net-protocol net-ssh (5.2.0) netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.7) + nokogiri (1.13.10) mini_portile2 (~> 2.8.0) racc (~> 1.4) orm_adapter (0.5.0) @@ -180,7 +193,7 @@ GEM nio4r (~> 2.0) pundit (2.0.1) activesupport (>= 3.0.0) - racc (1.6.0) + racc (1.6.1) rack (2.2.4) rack-cors (1.0.5) rack (>= 1.6.0) @@ -213,8 +226,8 @@ GEM activesupport (>= 3.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) railties (5.2.8.1) actionpack (= 5.2.8.1) activesupport (= 5.2.8.1) @@ -222,9 +235,6 @@ GEM rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rake (13.0.6) - rb-fsevent (0.11.1) - rb-inotify (0.10.1) - ffi (~> 1.0) rdoc (6.3.2) ref (2.0.0) request_store (1.5.1) @@ -241,17 +251,16 @@ GEM ruby_parser (3.19.1) sexp_processor (~> 4.16) rubyzip (1.3.0) - sass (3.7.4) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.1.0) - railties (>= 5.2.0) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt sdoc (1.0.0) rdoc (>= 5.0) sexp_processor (4.16.1) @@ -265,9 +274,9 @@ GEM thin spring (2.0.2) activesupport (>= 4.2) - sprockets (3.7.2) + sprockets (4.2.0) concurrent-ruby (~> 1.0) - rack (> 1, < 3) + rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) @@ -288,7 +297,8 @@ GEM rack (>= 1, < 3) thor (0.20.3) thread_safe (0.3.6) - tilt (2.0.10) + tilt (2.0.11) + timeout (0.3.1) tinymce-rails (6.0.3.1) railties (>= 3.1.1) twitter-bootstrap-rails (5.0.0) @@ -350,7 +360,7 @@ DEPENDENCIES rails-erd rest-client rubyzip (~> 1.3) - sass-rails (~> 5.1, >= 5.1.0) + sass-rails (~> 6.0, >= 6.0.0) sdoc (~> 1.0.0) spring therubyracer