From 30c148e13c2f61e22a224e2e7534a03feca3f478 Mon Sep 17 00:00:00 2001 From: Spencer Tom Tafadzwa Chirume <22162-Spence@users.noreply.gitlab.com> Date: Wed, 20 May 2020 00:46:57 +0000 Subject: [PATCH] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 --- Gemfile | 56 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/Gemfile b/Gemfile index e3acf4a15..05e626c58 100644 --- a/Gemfile +++ b/Gemfile @@ -8,23 +8,23 @@ def linux_only(require_as) RUBY_PLATFORM.include?('linux') && require_as end -gem "rails", "~> 4.0.0" +gem "rails", "~> 5.2.4", ">= 5.2.4.3" gem "protected_attributes" -gem 'rails-observers' -gem 'actionpack-page_caching' -gem 'actionpack-action_caching' +gem 'rails-observers', '>= 0.1.4' +gem 'actionpack-page_caching', '>= 1.1.0' +gem 'actionpack-action_caching', '>= 1.2.0' # Default values for AR models -gem "default_value_for", "~> 3.0.0" +gem "default_value_for", "~> 3.1.0" # Supported DBs gem "mysql2", group: :mysql gem "pg", group: :postgres # Auth -gem "devise", '3.0.4' -gem "devise-async", '0.8.0' +gem "devise", "4.4.2" +gem "devise-async", "1.0.0" gem 'omniauth', "~> 1.1.3" gem 'omniauth-google-oauth2' gem 'omniauth-twitter' @@ -49,7 +49,7 @@ gem "gitlab-linguist", "~> 3.0.0", require: "linguist" # API gem "grape", "~> 0.6.1" # Replace with rubygems when nesteted entities get released -gem "grape-entity", "~> 0.4.1", ref: 'd904381c951e86250c3f44213b349a3dd8e83fb1', git: 'https://github.com/intridea/grape-entity.git' +gem "grape-entity", "~> 0.4.1", ref: 'd904381c951e86250c3f44213b349a3dd8e83fb1', git: 'https://github.com/intridea/grape-entity.git' gem 'rack-cors', require: 'rack/cors' # Email validation @@ -60,16 +60,16 @@ gem "email_validator", "~> 1.4.0", :require => 'email_validator/strict' gem "stamp" # Enumeration fields -gem 'enumerize' +gem 'enumerize', '>= 0.7.0' # Pagination gem "kaminari", "~> 0.15.1" # HAML -gem "haml-rails" +gem "haml-rails", ">= 0.5.3" # Files attachments -gem "carrierwave" +gem "carrierwave", ">= 0.9.0" # for aws storage gem "fog", "~> 1.3.1", group: :aws @@ -78,7 +78,7 @@ gem "fog", "~> 1.3.1", group: :aws gem "six" # Seed data -gem "seed-fu" +gem "seed-fu", ">= 2.3.6" # Markdown to HTML gem "redcarpet", "~> 2.2.2" @@ -97,7 +97,7 @@ end gem "state_machine" # Issue tags -gem "acts-as-taggable-on" +gem "acts-as-taggable-on", ">= 3.1.0" # Background jobs gem 'slim' @@ -118,7 +118,7 @@ gem "foreman" gem 'version_sorter' # Cache -gem "redis-rails" +gem "redis-rails", ">= 5.0.0" # Campfire integration gem 'tinder', '~> 1.9.2' @@ -133,7 +133,7 @@ gem "gitlab-flowdock-git-hook", "~> 0.4.2" gem "gemnasium-gitlab-service", "~> 0.2" # d3 -gem "d3_rails", "~> 3.1.4" +gem "d3_rails", "~> 3.1.10" # underscore-rails gem "underscore-rails", "~> 1.4.4" @@ -147,26 +147,26 @@ gem "rack-attack" # Ace editor gem 'ace-rails-ap' -gem "sass-rails" -gem "coffee-rails" +gem "sass-rails", ">= 5.0.5" +gem "coffee-rails", ">= 4.2.2" gem "uglifier" gem "therubyracer" -gem 'turbolinks' -gem 'jquery-turbolinks' +gem 'turbolinks', '>= 2.0.0' +gem 'jquery-turbolinks', '>= 2.0.1' gem 'select2-rails' gem 'jquery-atwho-rails', "~> 0.3.3" -gem "jquery-rails", "2.1.3" -gem "jquery-ui-rails", "2.0.2" +gem "jquery-rails", "4.0.1" +gem "jquery-ui-rails", "2.0.2" gem "modernizr", "2.6.2" gem "raphael-rails", "~> 2.1.2" gem 'bootstrap-sass', '~> 3.0' -gem "font-awesome-rails", '~> 3.2' +gem "font-awesome-rails", "~> 4.7", ">= 4.7.0.4" gem "gemoji", "~> 1.3.0" -gem "gon", '~> 5.0.0' +gem "gon", "~> 5.0.1" group :development do - gem "annotate", "~> 2.6.0.beta2" + gem "annotate", "~> 2.6.0.0" gem "letter_opener" gem 'quiet_assets', '~> 1.0.1' gem 'rack-mini-profiler', require: false @@ -175,7 +175,7 @@ group :development do gem 'better_errors' gem 'binding_of_caller' - gem 'rails_best_practices' + gem 'rails_best_practices', '>= 1.14.4' # Docs generator gem "sdoc" @@ -187,14 +187,14 @@ end group :development, :test do gem 'coveralls', require: false # gem 'rails-dev-tweaks' - gem 'spinach-rails' - gem "rspec-rails" + gem 'spinach-rails', '>= 0.2.1' + gem "rspec-rails", ">= 2.14.0" gem "capybara" gem "pry" gem "awesome_print" gem "database_cleaner" gem "launchy" - gem 'factory_girl_rails' + gem 'factory_girl_rails', '>= 4.3.0' # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) gem 'minitest', '~> 4.7.0' -- GitLab