From c31bf79622601260c7e938eb8c21cff3642fa7d2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 23 Jul 2025 01:23:48 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674179 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674176 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674184 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674192 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674188 --- Gemfile | 10 +- Gemfile.lock | 301 ++++++++++++++++++++++++++++----------------------- 2 files changed, 171 insertions(+), 140 deletions(-) diff --git a/Gemfile b/Gemfile index 7a1bbe4..0a6107b 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '4.2.5' +gem 'rails', '4.2.5.1' # Use sqlite3 as the database for Active Record gem 'sqlite3' # Use Uglifier as compressor for JavaScript assets @@ -11,7 +11,7 @@ gem 'uglifier', '>= 1.3.0' # gem 'therubyracer', platforms: :ruby # Use jquery as the JavaScript library -gem 'jquery-rails' +gem 'jquery-rails', '>= 4.2.0' # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks gem 'turbolinks' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder @@ -32,7 +32,7 @@ end group :development do # Access an IRB console on exception pages or by using <%= console %> in views - gem 'web-console' + gem 'web-console', '>= 3.2.0' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' end @@ -44,6 +44,6 @@ gem 'administrate', '0.1.4' gem 'sinatra', '1.1.4' gem 'festivaltts4r', '0.2.0' -gem 'spree', '3.0.7' +gem 'spree', '3.0.8' gem 'authlogic', '1.4.3' -gem 'devise_invitable', '1.3.4' +gem 'devise_invitable', '1.3.5' diff --git a/Gemfile.lock b/Gemfile.lock index 9631435..f5cf35d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,49 +1,50 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.5) - actionpack (= 4.2.5) - actionview (= 4.2.5) - activejob (= 4.2.5) + actionmailer (4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.5) - actionview (= 4.2.5) - activesupport (= 4.2.5) + actionpack (4.2.5.1) + actionview (= 4.2.5.1) + activesupport (= 4.2.5.1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5) - activesupport (= 4.2.5) + actionview (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.5) - activesupport (= 4.2.5) + activejob (4.2.5.1) + activesupport (= 4.2.5.1) globalid (>= 0.3.0) activemerchant (1.47.0) activesupport (>= 3.2.14, < 5.0.0) builder (>= 2.1.2, < 4.0.0) i18n (>= 0.6.9) nokogiri (~> 1.4) - activemodel (4.2.5) - activesupport (= 4.2.5) + activemodel (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) - activerecord (4.2.5) - activemodel (= 4.2.5) - activesupport (= 4.2.5) + activerecord (4.2.5.1) + activemodel (= 4.2.5.1) + activesupport (= 4.2.5.1) arel (~> 6.0) - activesupport (4.2.5) + activesupport (4.2.5.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - acts_as_list (0.7.4) + acts_as_list (0.9.19) activerecord (>= 3.0) - addressable (2.4.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) administrate (0.1.4) autoprefixer-rails (~> 6.0) datetime_picker_rails (~> 0.0.7) @@ -56,32 +57,32 @@ GEM sass-rails (~> 5.0) selectize-rails (~> 0.6) allison (2.0.3) - arel (6.0.3) + arel (6.0.4) authlogic (1.4.3) activesupport echoe - autoprefixer-rails (6.3.6.1) + autoprefixer-rails (6.7.7.2) execjs awesome_nested_set (3.0.3) activerecord (>= 4.0.0, < 5) - bcrypt (3.1.11) - bootstrap-sass (3.3.6) + base64 (0.3.0) + bcrypt (3.1.20) + bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) bourbon (4.2.7) sass (~> 3.4) thor (~> 0.19) - builder (3.2.2) + builder (3.3.0) byebug (9.0.4) - camertron-eprun (1.1.0) + camertron-eprun (1.1.1) cancancan (1.10.1) canonical-rails (0.0.11) rails (>= 3.1, < 5.0) carmen (1.0.2) activesupport (>= 3.0.0) - cldr-plurals-runtime-rb (1.0.1) - climate_control (0.0.3) - activesupport (>= 3.0) + cldr-plurals-runtime-rb (1.1.0) + climate_control (0.2.0) cocaine (0.5.8) climate_control (>= 0.0.3, < 1.0) coffee-rails (4.1.1) @@ -91,25 +92,27 @@ GEM coffee-script-source execjs coffee-script-source (1.10.0) - colorize (0.7.7) - concurrent-ruby (1.0.2) - css_parser (1.4.1) + colorize (1.1.0) + concurrent-ruby (1.3.5) + crass (1.0.6) + css_parser (1.17.1) addressable + date (3.4.1) datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) - debug_inspector (0.0.2) + debug_inspector (1.2.0) deface (1.0.2) colorize (>= 0.5.8) nokogiri (~> 1.6.0) polyglot rails (>= 3.1) - devise (4.1.1) + devise (4.9.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) + railties (>= 4.1.0) responders warden (~> 1.2.3) - devise_invitable (1.3.4) + devise_invitable (1.3.5) actionmailer (>= 3.2.6, < 5) devise (>= 3.2.0) echoe (4.6.6) @@ -118,16 +121,17 @@ GEM rdoc (>= 2.5.11) rubyforge (>= 2.0.4) erubis (2.7.0) - execjs (2.7.0) + execjs (2.10.0) festivaltts4r (0.2.0) hoe (>= 1.3.0) ffaker (1.32.1) - font-awesome-rails (4.6.3.0) - railties (>= 3.2, < 5.1) + ffi (1.17.2) + font-awesome-rails (4.7.0.9) + railties (>= 3.2, < 9.0) friendly_id (5.1.0) activerecord (>= 4.0.0) - globalid (0.3.6) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) highline (1.6.21) hoe (3.15.0) rake (>= 0.8, < 12.0) @@ -135,47 +139,63 @@ GEM httparty (0.13.7) json (~> 1.8) multi_xml (>= 0.5.2) - i18n (0.7.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) jbuilder (2.4.1) activesupport (>= 3.0.0, < 5.1) multi_json (~> 1.2) - jquery-rails (4.1.1) + jquery-rails (4.6.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-ui-rails (5.0.5) railties (>= 3.2.16) - json (1.8.3) + json (1.8.6) json_pure (1.8.3) - kaminari (0.16.3) + kaminari (0.17.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) lingq (0.3.1) bundler httparty - loofah (2.0.3) + logger (1.7.0) + loofah (2.21.1) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.0.0) - minitest (5.9.0) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + mime-types (3.7.0) + logger + mime-types-data (~> 3.2025, >= 3.2025.0507) + mime-types-data (3.2025.0722) + mini_mime (1.1.5) + mini_portile2 (2.1.0) + minitest (5.25.5) momentjs-rails (2.11.1) railties (>= 3.1) - monetize (1.4.0) - money (~> 6.7) - money (6.7.1) - i18n (>= 0.6.4, <= 0.7.0) - sixarm_ruby_unaccent (>= 1.1.1, < 2) + monetize (1.13.0) + money (~> 6.12) + money (6.19.0) + i18n (>= 0.6.4, <= 2) multi_json (1.12.1) multi_xml (0.5.5) neat (1.7.4) bourbon (>= 4.0) sass (>= 3.3) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + net-imap (0.4.22) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.1) + net-protocol + nokogiri (1.6.8.1) + mini_portile2 (~> 2.1.0) normalize-rails (3.0.3) orm_adapter (0.5.0) paperclip (4.2.4) @@ -185,59 +205,70 @@ GEM mime-types paranoia (2.1.5) activerecord (~> 4.0) - polyamorous (1.3.0) + polyamorous (1.3.3) activerecord (>= 3.0) polyglot (0.3.5) - premailer (1.8.6) - css_parser (>= 1.3.6) + premailer (1.22.0) + addressable + css_parser (>= 1.12.0) htmlentities (>= 4.0.0) - premailer-rails (1.9.2) - actionmailer (>= 3, < 6) + premailer-rails (1.12.0) + actionmailer (>= 3) + net-smtp premailer (~> 1.7, >= 1.7.9) + public_suffix (5.1.1) puma (3.4.0) rabl (0.11.8) activesupport (>= 2.3.14) - rack (1.6.4) + rack (1.6.13) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.5) - actionmailer (= 4.2.5) - actionpack (= 4.2.5) - actionview (= 4.2.5) - activejob (= 4.2.5) - activemodel (= 4.2.5) - activerecord (= 4.2.5) - activesupport (= 4.2.5) + rails (4.2.5.1) + actionmailer (= 4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) + activemodel (= 4.2.5.1) + activerecord (= 4.2.5.1) + activesupport (= 4.2.5.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.5) + railties (= 4.2.5.1) sprockets-rails - rails-deprecated_sanitizer (1.0.3) + rails-deprecated_sanitizer (1.0.4) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (4.2.5) - actionpack (= 4.2.5) - activesupport (= 4.2.5) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + railties (4.2.5.1) + actionpack (= 4.2.5.1) + activesupport (= 4.2.5.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.1.2) + rake (11.3.0) ransack (1.4.1) actionpack (>= 3.0) activerecord (>= 3.0) activesupport (>= 3.0) i18n polyamorous (~> 1.1) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) + ffi (~> 1.0) rdoc (4.2.2) json (~> 1.4) - responders (2.2.0) - railties (>= 4.2.0, < 5.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) rubyforge (2.0.4) json_pure (>= 1.1.7) - sass (3.4.22) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) sass-rails (5.0.4) railties (>= 4.0.0, < 5.0) sass (~> 3.1) @@ -250,28 +281,27 @@ GEM sinatra (1.1.4) rack (~> 1.1) tilt (>= 1.2.2, < 2.0) - sixarm_ruby_unaccent (1.1.1) - spree (3.0.7) - spree_api (= 3.0.7) - spree_backend (= 3.0.7) - spree_cmd (= 3.0.7) - spree_core (= 3.0.7) - spree_frontend (= 3.0.7) - spree_sample (= 3.0.7) - spree_api (3.0.7) + spree (3.0.8) + spree_api (= 3.0.8) + spree_backend (= 3.0.8) + spree_cmd (= 3.0.8) + spree_core (= 3.0.8) + spree_frontend (= 3.0.8) + spree_sample (= 3.0.8) + spree_api (3.0.8) rabl (~> 0.11.6) - spree_core (= 3.0.7) + spree_core (= 3.0.8) versioncake (~> 2.3.1) - spree_backend (3.0.7) + spree_backend (3.0.8) bootstrap-sass (~> 3.3) jquery-rails (~> 4.1) jquery-ui-rails (~> 5.0) select2-rails (= 3.5.9.1) - spree_api (= 3.0.7) - spree_core (= 3.0.7) - spree_cmd (3.0.7) + spree_api (= 3.0.8) + spree_core (= 3.0.8) + spree_cmd (3.0.8) thor (~> 0.14) - spree_core (3.0.7) + spree_core (3.0.8) activemerchant (~> 1.47.0) acts_as_list (~> 0.6) awesome_nested_set (~> 3.0.1) @@ -291,48 +321,49 @@ GEM rails (~> 4.2.2) ransack (~> 1.4.1) responders - sprockets-rails (~> 2.0) + sprockets-rails state_machines-activerecord (~> 0.2) stringex truncate_html (= 0.9.2) twitter_cldr (~> 3.0) - spree_frontend (3.0.7) + spree_frontend (3.0.8) bootstrap-sass (>= 3.3.5.1, < 3.4) canonical-rails (~> 0.0.4) jquery-rails (~> 4.1) - spree_api (= 3.0.7) - spree_core (= 3.0.7) - spree_sample (3.0.7) - spree_core (= 3.0.7) + spree_api (= 3.0.8) + spree_core (= 3.0.8) + spree_sample (3.0.8) + spree_core (= 3.0.8) spring (1.7.1) - sprockets (3.6.0) + sprockets (3.7.5) + base64 concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.11) - state_machines (0.4.0) - state_machines-activemodel (0.4.0) - activemodel (>= 4.1, < 5.1) - state_machines (>= 0.4.0) - state_machines-activerecord (0.4.0) - activerecord (>= 4.1, < 5.1) - state_machines-activemodel (>= 0.3.0) - stringex (2.6.0) - thor (0.19.1) - thread_safe (0.3.5) + state_machines (0.5.0) + state_machines-activemodel (0.7.1) + activemodel (>= 4.1) + state_machines (>= 0.5.0) + state_machines-activerecord (0.6.0) + activerecord (>= 4.1) + state_machines-activemodel (>= 0.5.0) + stringex (2.8.6) + thor (0.20.3) + thread_safe (0.3.6) tilt (1.4.1) + timeout (0.4.3) truncate_html (0.9.2) turbolinks (2.5.3) coffee-rails - twitter_cldr (3.3.0) + twitter_cldr (3.6.0) camertron-eprun - cldr-plurals-runtime-rb (~> 1.0.0) - json + cldr-plurals-runtime-rb (~> 1.0) tzinfo - tzinfo (1.2.2) + tzinfo (1.2.11) thread_safe (~> 0.1) uglifier (3.0.0) execjs (>= 0.3.0, < 3) @@ -341,9 +372,9 @@ GEM activesupport (>= 3.2) railties (>= 3.2) tzinfo - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) - web-console (3.1.1) + web-console (3.3.0) activemodel (>= 4.2) debug_inspector railties (>= 4.2) @@ -355,21 +386,21 @@ DEPENDENCIES administrate (= 0.1.4) authlogic (= 1.4.3) byebug - devise_invitable (= 1.3.4) + devise_invitable (= 1.3.5) festivaltts4r (= 0.2.0) jbuilder (~> 2.0) - jquery-rails + jquery-rails (>= 4.2.0) lingq puma - rails (= 4.2.5) + rails (= 4.2.5.1) sinatra (= 1.1.4) - spree (= 3.0.7) + spree (= 3.0.8) spring sqlite3 turbolinks tzinfo-data uglifier (>= 1.3.0) - web-console + web-console (>= 3.2.0) BUNDLED WITH - 1.12.4 + 1.17.3