From a42a2016390c76b7ab3f5e88ac62cc254a2d7db3 Mon Sep 17 00:00:00 2001 From: Petko Bordjukov Date: Thu, 17 Mar 2016 11:24:33 +0200 Subject: [PATCH] Update the bundle to address several CVEs --- Gemfile | 2 +- Gemfile.lock | 246 ++++++++++++++++++++++++++------------------------- 2 files changed, 127 insertions(+), 121 deletions(-) diff --git a/Gemfile b/Gemfile index 3b3af7b..0f79b96 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '4.2.4' +gem 'rails', '4.2.6' gem 'sqlite3' gem 'pg' diff --git a/Gemfile.lock b/Gemfile.lock index 03744fc..27bd9bc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,57 +1,58 @@ GIT remote: git://github.com/gemhome/rmagick.git - revision: 37b268c8a5911ae2bc0be34cd01dbf3321669b73 + revision: 564f157b6e86274ad86337de53d9d461dd80d738 specs: rmagick (2.15.4) GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.4) - actionpack (= 4.2.4) - actionview (= 4.2.4) - activejob (= 4.2.4) + actionmailer (4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.4) - actionview (= 4.2.4) - activesupport (= 4.2.4) + actionpack (4.2.6) + actionview (= 4.2.6) + activesupport (= 4.2.6) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.4) - activesupport (= 4.2.4) + actionview (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.4) - activesupport (= 4.2.4) + activejob (4.2.6) + activesupport (= 4.2.6) globalid (>= 0.3.0) - activemodel (4.2.4) - activesupport (= 4.2.4) + activemodel (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) - activerecord (4.2.4) - activemodel (= 4.2.4) - activesupport (= 4.2.4) + activerecord (4.2.6) + activemodel (= 4.2.6) + activesupport (= 4.2.6) arel (~> 6.0) - activesupport (4.2.4) + activesupport (4.2.6) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) + addressable (2.4.0) arel (6.0.3) - autoprefixer-rails (6.0.3) + ast (2.2.0) + autoprefixer-rails (6.3.3.1) execjs - json awesome_print (1.6.1) - bcrypt (3.1.10) - bootstrap-sass (3.3.5.1) - autoprefixer-rails (>= 5.0.0.1) - sass (>= 3.3.0) - bootstrap-sass-extras (0.0.6) + bcrypt (3.1.11) + bootstrap-sass (3.3.6) + autoprefixer-rails (>= 5.2.1) + sass (>= 3.3.4) + bootstrap-sass-extras (0.0.7) rails (>= 3.1.0) bootswatch-rails (3.3.5) railties (>= 3.1) @@ -63,7 +64,7 @@ GEM capistrano-bundler (1.1.4) capistrano (~> 3.1) sshkit (~> 1.2) - capistrano-rails (1.1.5) + capistrano-rails (1.1.6) capistrano (~> 3.1) capistrano-bundler (~> 1.1) capistrano-rvm (0.1.2) @@ -72,7 +73,8 @@ GEM capistrano3-puma (1.2.1) capistrano (~> 3.0) puma (>= 2.6) - capybara (2.5.0) + capybara (2.6.2) + addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) @@ -84,28 +86,28 @@ GEM json (>= 1.7) mime-types (>= 1.16) choice (0.2.0) - coderay (1.1.0) - coffee-rails (4.1.0) + coderay (1.1.1) + coffee-rails (4.1.1) coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.0) + railties (>= 4.0.0, < 5.1.x) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.9.1.1) - colorize (0.7.7) + coffee-script-source (1.10.0) + concurrent-ruby (1.0.1) copy_carrierwave_file (1.1.0) carrierwave (~> 0.9) - devise (3.5.2) + devise (3.5.6) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) responders thread_safe (~> 0.1) warden (~> 1.2.3) - devise-i18n (0.12.1) + devise-i18n (1.0.0) diff-lcs (1.2.5) docile (1.1.5) - domain_name (0.5.25) + domain_name (0.5.20160309) unf (>= 0.0.5, < 1.0.0) easy_translate (0.5.0) json @@ -115,13 +117,13 @@ GEM execjs (2.6.0) factory_girl (4.5.0) activesupport (>= 3.0.0) - factory_girl_rails (4.5.0) + factory_girl_rails (4.6.0) factory_girl (~> 4.5.0) railties (>= 3.0.0) - faker (1.5.0) + faker (1.6.3) i18n (~> 0.5) ffi (1.9.10) - font-awesome-sass (4.4.0) + font-awesome-sass (4.5.0) sass (>= 3.2) formatador (0.2.5) globalid (0.3.6) @@ -148,59 +150,63 @@ GEM http-cookie (1.0.2) domain_name (~> 0.5) i18n (0.7.0) - i18n-tasks (0.8.7) - activesupport (>= 2.3.18) + i18n-tasks (0.9.5) + activesupport (>= 4.0.2) + ast (>= 2.1.0) easy_translate (>= 0.5.0) erubis highline (>= 1.7.3) i18n + parser (>= 2.2.3.0) term-ansicolor (>= 1.3.2) terminal-table (>= 1.5.1) - jbuilder (2.3.2) - activesupport (>= 3.0.0, < 5) + jbuilder (2.4.1) + activesupport (>= 3.0.0, < 5.1) multi_json (~> 1.2) - jquery-datatables-rails (3.3.0) + jquery-datatables-rails (3.4.0) actionpack (>= 3.1) jquery-rails railties (>= 3.1) sass-rails - jquery-rails (4.0.5) - rails-dom-testing (~> 1.0) + jquery-rails (4.1.1) + rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (1.8.3) libv8 (3.16.14.13) - listen (3.0.3) + listen (3.0.6) rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) + rb-inotify (>= 0.9.7) loofah (2.0.3) nokogiri (>= 1.5.9) - lumberjack (1.0.9) + lumberjack (1.0.10) mail (2.6.3) mime-types (>= 1.16, < 3) method_source (0.8.2) - mime-types (2.6.2) - mini_magick (4.3.5) - mini_portile (0.6.2) - minitest (5.8.1) + mime-types (2.99.1) + mini_magick (4.4.0) + mini_portile2 (2.0.0) + minitest (5.8.4) morrisjs-rails (0.5.1) railties (> 3.1, < 5) multi_json (1.11.2) - nenv (0.2.0) + nenv (0.3.0) nested_form (0.3.2) net-scp (1.2.1) net-ssh (>= 2.6.5) - net-ssh (3.0.1) - netrc (0.10.3) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + net-ssh (3.0.2) + netrc (0.11.0) + nokogiri (1.6.7.2) + mini_portile2 (~> 2.0.0.rc2) notiffany (0.0.8) nenv (~> 0.1) shellany (~> 0.0) orm_adapter (0.5.0) - pg (0.18.3) - phony (2.15.4) - phony_rails (0.12.10) + parser (2.3.0.6) + ast (~> 2.2) + pg (0.18.4) + phony (2.15.18) + phony_rails (0.13.0) activesupport (>= 3.0) phony (~> 2.12) pry (0.10.3) @@ -209,7 +215,7 @@ GEM slop (~> 3.4) pry-rails (0.3.4) pry (>= 0.9.10) - puma (2.14.0) + puma (3.1.0) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) rack (1.6.4) @@ -217,16 +223,16 @@ GEM rack rack-test (0.6.3) rack (>= 1.0) - rails (4.2.4) - actionmailer (= 4.2.4) - actionpack (= 4.2.4) - actionview (= 4.2.4) - activejob (= 4.2.4) - activemodel (= 4.2.4) - activerecord (= 4.2.4) - activesupport (= 4.2.4) + rails (4.2.6) + actionmailer (= 4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) + activemodel (= 4.2.6) + activerecord (= 4.2.6) + activesupport (= 4.2.6) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.4) + railties (= 4.2.6) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -234,63 +240,63 @@ GEM activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-erd (1.4.4) + rails-erd (1.4.6) activerecord (>= 3.2) activesupport (>= 3.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) - rails-html-sanitizer (1.0.2) + rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rails-i18n (4.0.5) - i18n (~> 0.6) + rails-i18n (4.0.8) + i18n (~> 0.7) railties (~> 4.0) - railties (4.2.4) - actionpack (= 4.2.4) - activesupport (= 4.2.4) + railties (4.2.6) + actionpack (= 4.2.6) + activesupport (= 4.2.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) + rake (11.1.1) raphael-rails (2.1.2) - rb-fsevent (0.9.6) - rb-inotify (0.9.5) + rb-fsevent (0.9.7) + rb-inotify (0.9.7) ffi (>= 0.5.0) ref (2.0.0) - refile (0.6.1) + refile (0.6.2) mime-types rest-client (~> 1.8) sinatra (~> 1.4.5) refile-mini_magick (0.2.0) mini_magick (~> 4.0) refile (~> 0.5) - responders (2.1.0) - railties (>= 4.2.0, < 5) + responders (2.1.1) + railties (>= 4.2.0, < 5.1) rest-client (1.8.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) - rspec (3.3.0) - rspec-core (~> 3.3.0) - rspec-expectations (~> 3.3.0) - rspec-mocks (~> 3.3.0) - rspec-core (3.3.2) - rspec-support (~> 3.3.0) - rspec-expectations (3.3.1) + rspec (3.4.0) + rspec-core (~> 3.4.0) + rspec-expectations (~> 3.4.0) + rspec-mocks (~> 3.4.0) + rspec-core (3.4.4) + rspec-support (~> 3.4.0) + rspec-expectations (3.4.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.3.0) - rspec-mocks (3.3.2) + rspec-support (~> 3.4.0) + rspec-mocks (3.4.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.3.0) - rspec-rails (3.3.3) + rspec-support (~> 3.4.0) + rspec-rails (3.4.2) actionpack (>= 3.0, < 4.3) activesupport (>= 3.0, < 4.3) railties (>= 3.0, < 4.3) - rspec-core (~> 3.3.0) - rspec-expectations (~> 3.3.0) - rspec-mocks (~> 3.3.0) - rspec-support (~> 3.3.0) - rspec-support (3.3.0) + rspec-core (~> 3.4.0) + rspec-expectations (~> 3.4.0) + rspec-mocks (~> 3.4.0) + rspec-support (~> 3.4.0) + rspec-support (3.4.1) ruby-graphviz (1.2.2) - sass (3.4.19) + sass (3.4.21) sass-rails (5.0.4) railties (>= 4.0.0, < 5.0) sass (~> 3.1) @@ -298,16 +304,16 @@ GEM sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) shellany (0.0.1) - simple_form (3.2.0) - actionpack (~> 4.0) - activemodel (~> 4.0) - simplecov (0.10.0) + simple_form (3.2.1) + actionpack (> 4, < 5.1) + activemodel (> 4, < 5.1) + simplecov (0.11.2) docile (~> 1.1.0) json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) - sinatra (1.4.6) - rack (~> 1.4) + sinatra (1.4.7) + rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) slim (3.0.6) @@ -320,18 +326,18 @@ GEM railties (>= 3.1, < 5.0) slim (~> 3.0) slop (3.6.0) - spring (1.4.0) + spring (1.6.4) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.4.0) + sprockets (3.5.2) + concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets-rails (3.0.4) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.11) - sshkit (1.7.1) - colorize (>= 0.7.0) + sshkit (1.9.0) net-scp (>= 1.1.2) net-ssh (>= 2.8.0) temple (0.7.6) @@ -344,8 +350,8 @@ GEM thor (0.19.1) thread (0.2.2) thread_safe (0.3.5) - tilt (2.0.1) - tins (1.6.0) + tilt (2.0.2) + tins (1.9.0) tzinfo (1.2.2) thread_safe (~> 0.1) uglifier (2.7.2) @@ -353,8 +359,8 @@ GEM json (>= 1.8.0) unf (0.1.4) unf_ext - unf_ext (0.0.7.1) - warden (1.2.3) + unf_ext (0.0.7.2) + warden (1.2.6) rack (>= 1.0) xpath (2.0.0) nokogiri (~> 1.3) @@ -398,7 +404,7 @@ DEPENDENCIES pry-rails puma quiet_assets - rails (= 4.2.4) + rails (= 4.2.6) rails-erd rails-i18n raphael-rails @@ -418,4 +424,4 @@ DEPENDENCIES yaml_db BUNDLED WITH - 1.10.6 + 1.11.2