From 064c7416ffdca231997ab3cbd4e7ca85f4175419 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 11 Oct 2025 08:30:09 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-13378928 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378930 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378932 - https://snyk.io/vuln/SNYK-RUBY-RACK-13524628 --- Gemfile | 18 ++-- Gemfile.lock | 285 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 178 insertions(+), 125 deletions(-) diff --git a/Gemfile b/Gemfile index 225cb65..8e79d11 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'http://rubygems.org' -gem 'rails', '~> 3.1.0' +gem 'rails', '~> 5.0.0' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' @@ -10,20 +10,20 @@ gem 'gravatar_image_tag', '1.0.0.pre2' gem 'will_paginate', '3.0.pre2' group:development do - gem 'rspec-rails', '2.6.1' + gem 'rspec-rails', '2.8.0' gem 'annotate', '2.4.0' gem 'faker', '0.3.1' end group:test do - gem 'rspec-rails','2.6.1' - gem 'webrat', '0.7.1' + gem 'rspec-rails', '2.8.0' + gem 'webrat', '0.7.2' gem 'spork', '0.9.0.rc8' gem 'autotest', '4.4.6' gem 'autotest-rails-pure', '4.1.2' gem 'autotest-fsevent', '0.2.4' gem 'autotest-growl', '0.2.9' - gem 'factory_girl_rails', '1.0' + gem 'factory_girl_rails', '1.0.1' end group :production do @@ -33,19 +33,19 @@ group :production do gem 'faker', '0.3.1' end -gem 'rack-ssl', :require => 'rack/ssl' +gem 'rack-ssl', '>= 1.3.3', :require => 'rack/ssl' # gem 'json' # Gems used only for assets and not required # in production environments by default. group :assets do - gem 'sass-rails', '~> 3.1.4' - gem 'coffee-rails', '~> 3.1.1' + gem 'sass-rails', '~> 5.0.5' + gem 'coffee-rails', '~> 4.1.1' gem 'uglifier', '>= 1.0.3' end -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.0.1' # To use ActiveModel has_secure_password # gem 'bcrypt-ruby', '~> 3.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index 53437ec..1a7a67d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,146 +1,196 @@ GEM remote: http://rubygems.org/ specs: - ZenTest (4.6.2) - actionmailer (3.1.0) - actionpack (= 3.1.0) - mail (~> 2.3.0) - actionpack (3.1.0) - activemodel (= 3.1.0) - activesupport (= 3.1.0) - builder (~> 3.0.0) + ZenTest (4.12.2) + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) + nio4r (>= 1.2, < 3.0) + websocket-driver (~> 0.6.1) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) + builder (~> 3.1) erubis (~> 2.7.0) - i18n (~> 0.6) - rack (~> 1.3.2) - rack-cache (~> 1.0.3) - rack-mount (~> 0.8.2) - rack-test (~> 0.6.1) - sprockets (~> 2.0.0) - activemodel (3.1.0) - activesupport (= 3.1.0) - bcrypt-ruby (~> 3.0.0) - builder (~> 3.0.0) - i18n (~> 0.6) - activerecord (3.1.0) - activemodel (= 3.1.0) - activesupport (= 3.1.0) - arel (~> 2.2.1) - tzinfo (~> 0.3.29) - activeresource (3.1.0) - activemodel (= 3.1.0) - activesupport (= 3.1.0) - activesupport (3.1.0) - multi_json (~> 1.0) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) + globalid (>= 0.3.6) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) + arel (~> 7.0) + activesupport (5.0.7.2) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) annotate (2.4.0) - arel (2.2.1) + arel (7.1.4) autotest (4.4.6) ZenTest (>= 4.4.1) autotest-fsevent (0.2.4) sys-uname autotest-growl (0.2.9) autotest-rails-pure (4.1.2) - bcrypt-ruby (3.0.1) - builder (3.0.0) - coffee-rails (3.1.1) + base64 (0.3.0) + builder (3.3.0) + coffee-rails (4.1.1) coffee-script (>= 2.2.0) - railties (~> 3.1.0) - coffee-script (2.2.0) + railties (>= 4.0.0, < 5.1.x) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.1.2) + coffee-script-source (1.12.2) + concurrent-ruby (1.3.5) + crass (1.0.6) + date (3.4.1) diff-lcs (1.1.3) erubis (2.7.0) - execjs (1.2.9) - multi_json (~> 1.0) + execjs (2.10.0) factory_girl (1.3.3) - factory_girl_rails (1.0) + factory_girl_rails (1.0.1) factory_girl (~> 1.3) - rails (>= 3.0.0.beta4) + railties (>= 3.0.0) faker (0.3.1) + ffi (1.17.2) + globalid (1.1.0) + activesupport (>= 5.0) gravatar_image_tag (1.0.0.pre2) - hike (1.2.1) - i18n (0.6.0) - jquery-rails (1.0.16) - railties (~> 3.0) - thor (~> 0.14) - json (1.6.1) - mail (2.3.0) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - mime-types (1.17.2) - multi_json (1.0.3) - nokogiri (1.5.0) + i18n (1.14.7) + concurrent-ruby (~> 1.0) + jquery-rails (4.6.0) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) + thor (>= 0.14, < 2.0) + loofah (2.24.1) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + method_source (1.1.0) + mini_mime (1.1.5) + mini_portile2 (2.8.9) + minitest (5.26.0) + multi_json (1.17.0) + net-imap (0.5.12) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.1) + net-protocol + nio4r (2.7.4) + nokogiri (1.18.10) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) pg (0.11.0) - polyglot (0.3.2) - rack (1.3.5) - rack-cache (1.0.3) - rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-ssl (1.3.2) + racc (1.8.1) + rack (2.2.20) + rack-ssl (1.4.1) rack - rack-test (0.6.1) + rack-test (0.6.3) rack (>= 1.0) - rails (3.1.0) - actionmailer (= 3.1.0) - actionpack (= 3.1.0) - activerecord (= 3.1.0) - activeresource (= 3.1.0) - activesupport (= 3.1.0) - bundler (~> 1.0) - railties (= 3.1.0) - railties (3.1.0) - actionpack (= 3.1.0) - activesupport (= 3.1.0) - rack-ssl (~> 1.3.2) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) + bundler (>= 1.3.0) + railties (= 5.0.7.2) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.6.2) + loofah (~> 2.21) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) + method_source rake (>= 0.8.7) - rdoc (~> 3.4) - thor (~> 0.14.6) - rake (0.9.2.2) - rdoc (3.11) - json (~> 1.4) - rspec (2.6.0) - rspec-core (~> 2.6.0) - rspec-expectations (~> 2.6.0) - rspec-mocks (~> 2.6.0) - rspec-core (2.6.4) - rspec-expectations (2.6.0) + thor (>= 0.18.1, < 2.0) + rake (13.3.0) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) + ffi (~> 1.0) + rspec (2.8.0) + rspec-core (~> 2.8.0) + rspec-expectations (~> 2.8.0) + rspec-mocks (~> 2.8.0) + rspec-core (2.8.0) + rspec-expectations (2.8.0) diff-lcs (~> 1.1.2) - rspec-mocks (2.6.0) - rspec-rails (2.6.1) - actionpack (~> 3.0) - activesupport (~> 3.0) - railties (~> 3.0) - rspec (~> 2.6.0) - sass (3.1.10) - sass-rails (3.1.4) - actionpack (~> 3.1.0) - railties (~> 3.1.0) - sass (>= 3.1.4) - sprockets (~> 2.0.0) - tilt (~> 1.3.2) + rspec-mocks (2.8.0) + rspec-rails (2.8.0) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec (~> 2.8.0) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) + railties (>= 4.0.0, < 6) + sass (~> 3.1) + sprockets (>= 2.8, < 4.0) + sprockets-rails (>= 2.0, < 4.0) + tilt (>= 1.1, < 3) spork (0.9.0.rc8) - sprockets (2.0.3) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) + sprockets (3.7.5) + base64 + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.4) sys-uname (0.8.6) therubyracer-heroku (0.8.1.pre3) - thor (0.14.6) - tilt (1.3.3) - treetop (1.4.10) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.30) + thor (1.4.0) + thread_safe (0.3.6) + tilt (2.6.1) + timeout (0.4.3) + tzinfo (1.2.11) + thread_safe (~> 0.1) uglifier (1.0.4) execjs (>= 0.3.0) multi_json (>= 1.0.2) - webrat (0.7.1) + webrat (0.7.2) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) will_paginate (3.0.pre2) PLATFORMS @@ -152,19 +202,22 @@ DEPENDENCIES autotest-fsevent (= 0.2.4) autotest-growl (= 0.2.9) autotest-rails-pure (= 4.1.2) - coffee-rails (~> 3.1.1) - factory_girl_rails (= 1.0) + coffee-rails (~> 4.1.1) + factory_girl_rails (= 1.0.1) faker (= 0.3.1) gravatar_image_tag (= 1.0.0.pre2) - jquery-rails + jquery-rails (>= 4.0.1) pg - rack-ssl - rails (~> 3.1.0) - rspec-rails (= 2.6.1) - sass-rails (~> 3.1.4) + rack-ssl (>= 1.3.3) + rails (~> 5.0.0) + rspec-rails (= 2.8.0) + sass-rails (~> 5.0.5) spork (= 0.9.0.rc8) sqlite3 (= 1.3.4) therubyracer-heroku (= 0.8.1.pre3) uglifier (>= 1.0.3) - webrat (= 0.7.1) + webrat (= 0.7.2) will_paginate (= 3.0.pre2) + +BUNDLED WITH + 2.3.27