From cce9e2a7298f0aa6e91f57f809af003c4166f03a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 16 Nov 2023 02:24:09 +0000 Subject: [PATCH] fix: find_me_a_sandwich/Gemfile & find_me_a_sandwich/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555 --- find_me_a_sandwich/Gemfile | 24 +-- find_me_a_sandwich/Gemfile.lock | 334 ++++++++++++++++++-------------- 2 files changed, 204 insertions(+), 154 deletions(-) diff --git a/find_me_a_sandwich/Gemfile b/find_me_a_sandwich/Gemfile index 1fc9f4103..af1ae73cd 100644 --- a/find_me_a_sandwich/Gemfile +++ b/find_me_a_sandwich/Gemfile @@ -1,17 +1,17 @@ source "https://rubygems.org" -gem "rails", "4.2.0" -gem "coffee-rails", "~> 4.1.0" +gem "rails", "4.2.1" +gem "coffee-rails", "~> 4.1.1" gem "therubyracer", platforms: :ruby -gem "jquery-rails" -gem "sass-rails" -gem "sprockets-rails" +gem "jquery-rails", ">= 4.1.0" +gem "sass-rails", ">= 5.0.5" +gem "sprockets-rails", ">= 3.0.0" gem "jbuilder", "~> 2.0" gem "sdoc", "~> 0.4.0", group: :doc -gem "haml-rails" +gem "haml-rails", ">= 1.0.0" gem "bootstrap-sass", "~> 3.3.5" gem "bootstrap_form" -gem "devise" +gem "devise", ">= 3.5.3" gem "devise-bootstrap-views" gem "faraday" gem "figgy" @@ -22,17 +22,17 @@ gem "sqlite3" ## Uncomment the below line to use Postgresql instead of SQLite # gem "pg" -gem 'web-console', '~> 3.0', group: :development +gem 'web-console', '~> 2.3', '>= 2.3.0', group: :development group :development, :test do gem "byebug" gem "pry" - gem "cucumber-rails", "~> 1.4.2", require: false - gem "factory_girl_rails" + gem "cucumber-rails", "~> 1.4.3", require: false + gem "factory_girl_rails", ">= 4.6.0" gem "faker" gem "database_cleaner", "~> 1.5" - gem "interactor-rails", require: false - gem "rspec-rails", "~> 3.2.3", require: false + gem "interactor-rails", ">= 2.0.2", require: false + gem "rspec-rails", "~> 3.3.0", require: false gem "simplecov", require: false gem "webmock" gem "vcr" diff --git a/find_me_a_sandwich/Gemfile.lock b/find_me_a_sandwich/Gemfile.lock index 3d957dcdf..6ce6fca32 100644 --- a/find_me_a_sandwich/Gemfile.lock +++ b/find_me_a_sandwich/Gemfile.lock @@ -1,246 +1,296 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) + actionmailer (4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.0) - actionview (= 4.2.0) - activesupport (= 4.2.0) - rack (~> 1.6.0) + actionpack (4.2.1) + actionview (= 4.2.1) + activesupport (= 4.2.1) + rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0) - activesupport (= 4.2.0) + actionview (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0) - activesupport (= 4.2.0) + activejob (4.2.1) + activesupport (= 4.2.1) globalid (>= 0.3.0) - activemodel (4.2.0) - activesupport (= 4.2.0) + activemodel (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) - activerecord (4.2.0) - activemodel (= 4.2.0) - activesupport (= 4.2.0) + activerecord (4.2.1) + activemodel (= 4.2.1) + activesupport (= 4.2.1) arel (~> 6.0) - activesupport (4.2.0) + activesupport (4.2.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) addressable (2.3.8) - arel (6.0.3) + arel (6.0.4) autoprefixer-rails (6.0.3) execjs json - bcrypt (3.1.10) - binding_of_caller (0.7.2) + backports (3.24.1) + bcrypt (3.1.19) + binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) bootstrap-sass (3.3.5.1) autoprefixer-rails (>= 5.0.0.1) sass (>= 3.3.0) bootstrap_form (2.3.0) - builder (3.2.2) + builder (3.2.4) byebug (6.0.2) - capybara (2.5.0) - mime-types (>= 1.16) + capybara (2.18.0) + addressable + mini_mime (>= 0.1.3) nokogiri (>= 1.3.3) rack (>= 1.0.0) rack-test (>= 0.5.4) - xpath (~> 2.0) + xpath (>= 2.0, < 4.0) coderay (1.1.0) - coffee-rails (4.1.0) + coffee-rails (4.1.1) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.0) + railties (>= 4.0.0, < 5.1.x) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.9.1.1) + coffee-script-source (1.12.2) + concurrent-ruby (1.2.2) crack (0.4.2) safe_yaml (~> 1.0.0) - cucumber (1.3.20) + crass (1.0.6) + cucumber (3.2.0) builder (>= 2.1.2) - diff-lcs (>= 1.1.3) - gherkin (~> 2.12) + cucumber-core (~> 3.2.0) + cucumber-expressions (~> 6.0.1) + cucumber-wire (~> 0.0.1) + diff-lcs (~> 1.3) + gherkin (~> 5.1.0) multi_json (>= 1.7.5, < 2.0) multi_test (>= 0.1.2) - cucumber-rails (1.4.2) + cucumber-core (3.2.1) + backports (>= 3.8.0) + cucumber-tag_expressions (~> 1.1.0) + gherkin (~> 5.0) + cucumber-expressions (6.0.1) + cucumber-rails (1.4.5) capybara (>= 1.1.2, < 3) - cucumber (>= 1.3.8, < 2) - mime-types (>= 1.16, < 3) + cucumber (>= 1.3.8, < 4) + mime-types (>= 1.16, < 4) nokogiri (~> 1.5) - rails (>= 3, < 5) + railties (>= 3, < 5.1) + cucumber-tag_expressions (1.1.1) + cucumber-wire (0.0.1) database_cleaner (1.5.0) - debug_inspector (0.0.2) - devise (3.5.2) + date (3.3.4) + debug_inspector (1.1.0) + devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0) responders - thread_safe (~> 0.1) warden (~> 1.2.3) devise-bootstrap-views (0.0.6) - diff-lcs (1.2.5) + diff-lcs (1.5.0) docile (1.1.5) erubis (2.7.0) - execjs (2.6.0) - factory_girl (4.5.0) + execjs (2.9.1) + factory_girl (4.9.0) activesupport (>= 3.0.0) - factory_girl_rails (4.5.0) - factory_girl (~> 4.5.0) + factory_girl_rails (4.9.0) + factory_girl (~> 4.9.0) railties (>= 3.0.0) faker (1.5.0) i18n (~> 0.5) faraday (0.9.2) multipart-post (>= 1.2, < 3) + ffi (1.16.3) figgy (1.2.0) json - gherkin (2.12.2) - multi_json (~> 1.3) - globalid (0.3.6) - activesupport (>= 4.1.0) - haml (4.0.7) + gherkin (5.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) + haml (5.2.2) + temple (>= 0.8.0) tilt - haml-rails (0.9.0) + haml-rails (1.0.0) actionpack (>= 4.0.1) activesupport (>= 4.0.1) - haml (>= 4.0.6, < 5.0) + haml (>= 4.0.6, < 6.0) html2haml (>= 1.0.1) railties (>= 4.0.1) - html2haml (2.0.0) + html2haml (2.3.0) erubis (~> 2.7.0) - haml (~> 4.0.0) - nokogiri (~> 1.6.0) + haml (>= 4.0) + nokogiri (>= 1.6.0) ruby_parser (~> 3.5) httplog (0.2.11) - i18n (0.7.0) - interactor (3.1.0) - interactor-rails (2.0.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + interactor (3.1.2) + interactor-rails (2.2.1) interactor (~> 3.0) - rails (>= 3, < 5) + rails (>= 4.2) jbuilder (2.3.2) activesupport (>= 3.0.0, < 5) multi_json (~> 1.2) - jquery-rails (4.0.5) - rails-dom-testing (~> 1.0) + jquery-rails (4.6.0) + rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.3) + json (1.8.6) libv8 (3.16.14.11) - loofah (2.0.3) - nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) + loofah (2.22.0) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp method_source (0.8.2) - mime-types (2.6.2) - mini_portile (0.6.2) - minitest (5.8.1) - multi_json (1.11.2) - multi_test (0.1.2) + mime-types (3.5.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2023.1003) + mini_mime (1.1.5) + mini_portile2 (2.8.5) + minitest (5.20.0) + multi_json (1.15.0) + multi_test (1.1.0) multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + net-imap (0.4.5) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.4.0) + net-protocol + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) orm_adapter (0.5.0) pry (0.10.3) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - rack (1.6.4) + racc (1.7.3) + rack (1.6.13) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.0) - actionmailer (= 4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) - activemodel (= 4.2.0) - activerecord (= 4.2.0) - activesupport (= 4.2.0) + rails (4.2.1) + actionmailer (= 4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) + activemodel (= 4.2.1) + activerecord (= 4.2.1) + activesupport (= 4.2.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0) + railties (= 4.2.1) sprockets-rails - rails-deprecated_sanitizer (1.0.3) + rails-deprecated_sanitizer (1.0.4) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) - loofah (~> 2.0) - railties (4.2.0) - actionpack (= 4.2.0) - activesupport (= 4.2.0) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (4.2.1) + actionpack (= 4.2.1) + activesupport (= 4.2.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rake (13.1.0) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) rdoc (4.2.0) ref (2.0.0) - responders (2.1.0) - railties (>= 4.2.0, < 5) - rspec-core (3.2.3) - rspec-support (~> 3.2.0) - rspec-expectations (3.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + rspec-core (3.3.2) + rspec-support (~> 3.3.0) + rspec-expectations (3.3.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-mocks (3.2.1) + rspec-support (~> 3.3.0) + rspec-mocks (3.3.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-rails (3.2.3) + rspec-support (~> 3.3.0) + rspec-rails (3.3.3) actionpack (>= 3.0, < 4.3) activesupport (>= 3.0, < 4.3) railties (>= 3.0, < 4.3) - rspec-core (~> 3.2.0) - rspec-expectations (~> 3.2.0) - rspec-mocks (~> 3.2.0) - rspec-support (~> 3.2.0) - rspec-support (3.2.2) - ruby_parser (3.7.1) - sexp_processor (~> 4.1) + rspec-core (~> 3.3.0) + rspec-expectations (~> 3.3.0) + rspec-mocks (~> 3.3.0) + rspec-support (~> 3.3.0) + rspec-support (3.3.0) + ruby_parser (3.20.3) + sexp_processor (~> 4.16) safe_yaml (1.0.4) - sass (3.4.19) - sass-rails (5.0.4) - railties (>= 4.0.0, < 5.0) - sass (~> 3.1) - sprockets (>= 2.8, < 4.0) - sprockets-rails (>= 2.0, < 4.0) - tilt (>= 1.1, < 3) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (6.0.0) + sassc-rails (~> 2.1, >= 2.1.1) + sassc (2.4.0) + ffi (~> 1.9) + sassc-rails (2.1.2) + railties (>= 4.0.0) + sassc (>= 2.0) + sprockets (> 3.0) + sprockets-rails + tilt sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) - sexp_processor (4.6.0) + sexp_processor (4.17.0) simplecov (0.10.0) docile (~> 1.1.0) json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) slop (3.6.0) - sprockets (3.4.0) + sprockets (4.1.1) + concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.11) + temple (0.10.3) therubyracer (0.12.2) libv8 (~> 3.16.14.0) ref - thor (0.19.1) - thread_safe (0.3.5) - tilt (2.0.1) - tzinfo (1.2.2) + thor (1.3.0) + thread_safe (0.3.6) + tilt (2.3.0) + timeout (0.4.1) + tzinfo (1.2.11) thread_safe (~> 0.1) vcr (3.0.0) - warden (1.2.3) + warden (1.2.7) rack (>= 1.0) - web-console (2.2.1) + web-console (2.3.0) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) railties (>= 4.0) @@ -248,8 +298,8 @@ GEM webmock (1.20.4) addressable (>= 2.3.6) crack (>= 0.3.2) - xpath (2.0.0) - nokogiri (~> 1.3) + xpath (3.2.0) + nokogiri (~> 1.8) PLATFORMS ruby @@ -258,33 +308,33 @@ DEPENDENCIES bootstrap-sass (~> 3.3.5) bootstrap_form byebug - coffee-rails (~> 4.1.0) - cucumber-rails (~> 1.4.2) + coffee-rails (~> 4.1.1) + cucumber-rails (~> 1.4.3) database_cleaner (~> 1.5) - devise + devise (>= 3.5.3) devise-bootstrap-views - factory_girl_rails + factory_girl_rails (>= 4.6.0) faker faraday figgy - haml-rails + haml-rails (>= 1.0.0) httplog interactor - interactor-rails + interactor-rails (>= 2.0.2) jbuilder (~> 2.0) - jquery-rails + jquery-rails (>= 4.1.0) pry - rails (= 4.2.0) - rspec-rails (~> 3.2.3) - sass-rails + rails (= 4.2.1) + rspec-rails (~> 3.3.0) + sass-rails (>= 5.0.5) sdoc (~> 0.4.0) simplecov - sprockets-rails + sprockets-rails (>= 3.0.0) sqlite3 therubyracer vcr - web-console (~> 2.0) + web-console (~> 2.3, >= 2.3.0) webmock BUNDLED WITH - 1.10.6 + 1.17.3