From 115a50628baceeac5cc37363db082e3f5ba03c76 Mon Sep 17 00:00:00 2001 From: Igor Galeta Date: Fri, 2 Mar 2018 11:38:19 +0200 Subject: [PATCH] Update gems to fix security vulnerabilities --- Gemfile | 12 ++-- Gemfile.lock | 168 +++++++++++++++++++++++++++------------------------ 2 files changed, 94 insertions(+), 86 deletions(-) diff --git a/Gemfile b/Gemfile index a188fb0dc..35d611651 100644 --- a/Gemfile +++ b/Gemfile @@ -2,35 +2,35 @@ source 'http://rubygems.org' gemspec -gem 'rails', '4.2.7' +gem 'rails', '4.2.10' platforms :ruby do - gem 'sqlite3' gem 'sass' + gem 'sqlite3' group :development do gem 'unicorn', '~> 4.0.1' end group :development, :test do - gem 'jquery-rails', '~> 4.0.4' gem 'capybara', '>= 0.4.0' + gem 'jquery-rails', '~> 4.0.4' gem 'mynyml-redgreen', '~> 0.7.1', require: 'redgreen' end group :active_record do - gem 'paperclip' gem 'carrierwave' gem 'dragonfly' gem 'mini_magick' + gem 'paperclip', '~> 5.2.0' gem 'refile', require: 'refile/rails' gem 'refile-mini_magick' end group :mongoid do - gem 'mongoid', '~> 5.0.0' gem 'bson_ext' - gem 'mongoid-paperclip', require: 'mongoid_paperclip' gem 'carrierwave-mongoid', require: 'carrierwave/mongoid' + gem 'mongoid', '~> 5.0.0' + gem 'mongoid-paperclip', require: 'mongoid_paperclip' end end diff --git a/Gemfile.lock b/Gemfile.lock index 2f6dcc7ce..613c47b0c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,97 +8,98 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (4.2.7) - actionpack (= 4.2.7) - actionview (= 4.2.7) - activejob (= 4.2.7) + actionmailer (4.2.10) + actionpack (= 4.2.10) + actionview (= 4.2.10) + activejob (= 4.2.10) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.7) - actionview (= 4.2.7) - activesupport (= 4.2.7) + actionpack (4.2.10) + actionview (= 4.2.10) + activesupport (= 4.2.10) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.7) - activesupport (= 4.2.7) + actionview (4.2.10) + activesupport (= 4.2.10) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.7) - activesupport (= 4.2.7) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (4.2.10) + activesupport (= 4.2.10) globalid (>= 0.3.0) - activemodel (4.2.7) - activesupport (= 4.2.7) + activemodel (4.2.10) + activesupport (= 4.2.10) builder (~> 3.1) - activerecord (4.2.7) - activemodel (= 4.2.7) - activesupport (= 4.2.7) + activerecord (4.2.10) + activemodel (= 4.2.10) + activesupport (= 4.2.10) arel (~> 6.0) - activesupport (4.2.7) + activesupport (4.2.10) i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.5.1) - public_suffix (~> 2.0, >= 2.0.2) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) arel (6.0.4) - bson (4.2.1) + bson (4.3.0) bson_ext (1.5.1) builder (3.2.3) - capybara (2.14.0) + capybara (2.18.0) addressable - mime-types (>= 1.16) + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) - carrierwave (0.11.2) - activemodel (>= 3.2.0) - activesupport (>= 3.2.0) - json (>= 1.7) + xpath (>= 2.0, < 4.0) + carrierwave (1.2.2) + activemodel (>= 4.0.0) + activesupport (>= 4.0.0) mime-types (>= 1.16) - mimemagic (>= 0.3.0) - carrierwave-mongoid (0.10.0) - carrierwave (>= 0.8.0, < 0.12.0) + carrierwave-mongoid (1.0.0) + carrierwave (>= 0.8, < 1.3) mongoid (>= 3.0, < 7.0) mongoid-grid_fs (>= 1.3, < 3.0) climate_control (0.2.0) cocaine (0.5.8) climate_control (>= 0.0.3, < 1.0) concurrent-ruby (1.0.5) + crass (1.0.3) domain_name (0.5.20170404) unf (>= 0.0.5, < 1.0.0) - dragonfly (1.1.2) + dragonfly (1.1.4) addressable (~> 2.3) multi_json (~> 1.0) rack (>= 1.3) erubis (2.7.0) - globalid (0.4.0) + ffi (1.9.23) + globalid (0.4.1) activesupport (>= 4.2.0) http-cookie (1.0.3) domain_name (~> 0.5) - i18n (0.8.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jquery-rails (4.0.5) rails-dom-testing (~> 1.0) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.6) - kgio (2.11.0) - loofah (2.0.3) + kgio (2.11.2) + loofah (2.2.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.5) - mime-types (>= 1.16, < 4) + mail (2.7.0) + mini_mime (>= 0.1.1) mime-types (2.99.3) mimemagic (0.3.2) - mini_magick (4.7.0) - mini_portile2 (2.1.0) - minitest (5.10.2) - mongo (2.4.1) - bson (>= 4.2.1, < 5.0.0) + mini_magick (4.8.0) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) + mongo (2.5.1) + bson (>= 4.3.0, < 5.0.0) mongoid (5.0.2) activemodel (~> 4.0) mongo (~> 2.1) @@ -110,52 +111,55 @@ GEM mongoid-paperclip (0.0.11) mongoid paperclip (>= 2.3.6, != 4.3.0) - multi_json (1.12.1) + multi_json (1.13.1) mynyml-redgreen (0.7.1) term-ansicolor (>= 1.0.4) netrc (0.11.0) - nokogiri (1.7.2) - mini_portile2 (~> 2.1.0) - origin (2.3.0) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) + origin (2.3.1) orm_adapter (0.5.0) - paperclip (5.1.0) + paperclip (5.2.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) cocaine (~> 0.5.5) mime-types mimemagic (~> 0.3.0) - public_suffix (2.0.5) - rack (1.6.8) - rack-protection (1.5.3) + public_suffix (3.0.2) + rack (1.6.9) + rack-protection (1.5.4) rack rack-test (0.6.3) rack (>= 1.0) - rails (4.2.7) - actionmailer (= 4.2.7) - actionpack (= 4.2.7) - actionview (= 4.2.7) - activejob (= 4.2.7) - activemodel (= 4.2.7) - activerecord (= 4.2.7) - activesupport (= 4.2.7) + rails (4.2.10) + actionmailer (= 4.2.10) + actionpack (= 4.2.10) + actionview (= 4.2.10) + activejob (= 4.2.10) + activemodel (= 4.2.10) + activerecord (= 4.2.10) + activesupport (= 4.2.10) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.7) + railties (= 4.2.10) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (4.2.7) - actionpack (= 4.2.7) - activesupport (= 4.2.7) + railties (4.2.10) + actionpack (= 4.2.10) + activesupport (= 4.2.10) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - raindrops (0.18.0) - rake (12.0.0) + raindrops (0.19.0) + rake (12.3.0) + rb-fsevent (0.10.2) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) refile (0.6.2) mime-types rest-client (~> 1.8) @@ -167,7 +171,11 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) - sass (3.4.23) + sass (3.5.5) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) @@ -175,7 +183,7 @@ GEM sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -184,21 +192,21 @@ GEM tins (~> 1.0) terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) - thor (0.19.4) + thor (0.20.0) thread_safe (0.3.6) - tilt (2.0.7) - tins (1.14.0) - tzinfo (1.2.3) + tilt (2.0.8) + tins (1.16.3) + tzinfo (1.2.5) thread_safe (~> 0.1) unf (0.1.4) unf_ext - unf_ext (0.0.7.4) + unf_ext (0.0.7.5) unicorn (4.0.1) kgio (~> 2.4) rack raindrops (~> 0.6) - xpath (2.0.0) - nokogiri (~> 1.3) + xpath (3.0.0) + nokogiri (~> 1.8) PLATFORMS ruby @@ -215,8 +223,8 @@ DEPENDENCIES mongoid (~> 5.0.0) mongoid-paperclip mynyml-redgreen (~> 0.7.1) - paperclip - rails (= 4.2.7) + paperclip (~> 5.2.0) + rails (= 4.2.10) refile refile-mini_magick sass