From c2e9170a7246ad386e71748e365e524913b241e7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 11:58:07 +0500 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 2f6a1d3..8234c59 100644 --- a/Gemfile +++ b/Gemfile @@ -14,8 +14,8 @@ gem 'elasticsearch-rails' group :development do gem "shoulda", ">= 0" - gem "rdoc", "~> 3.12" + gem "rdoc", "~> 4.3", ">= 4.3.0" gem "bundler", "~> 1.0" - gem "juwelier", "~> 2.1.0" - gem "simplecov", ">= 0" + gem "juwelier", "~> 2.1.3" + gem "simplecov", ">= 0.16.1" end From 0bb8b10983b131dc727d46e35deddc127b029971 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 11:58:08 +0500 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile.lock | 53 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 63f8e42..c0d9cb1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,13 +11,13 @@ GEM i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) - builder (3.2.3) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + builder (3.2.4) concurrent-ruby (1.1.4) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) - docile (1.3.1) + docile (1.3.2) elasticsearch (6.1.0) elasticsearch-api (= 6.1.0) elasticsearch-transport (= 6.1.0) @@ -32,9 +32,10 @@ GEM faraday multi_json excon (0.62.0) - faraday (0.15.4) + faraday (0.17.3) multipart-post (>= 1.2, < 3) - git (1.5.0) + git (1.7.0) + rchardet (~> 1.8) github_api (0.18.2) addressable (~> 2.4) descendants_tracker (~> 0.0.4) @@ -42,10 +43,9 @@ GEM hashie (~> 3.5, >= 3.5.2) oauth2 (~> 1.0) hashie (3.6.0) - highline (2.0.1) + highline (2.0.3) i18n (1.5.3) concurrent-ruby (~> 1.0) - json (1.8.6) juwelier (2.1.3) builder bundler (>= 1.13) @@ -56,26 +56,26 @@ GEM rake rdoc semver - jwt (2.1.0) + jwt (2.2.1) mini_portile2 (2.4.0) minitest (5.11.3) - multi_json (1.13.1) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nokogiri (1.10.1) + multipart-post (2.1.1) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - oauth2 (1.4.1) - faraday (>= 0.8, < 0.16.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) pg (1.1.4) - public_suffix (3.0.3) - rack (2.0.6) - rake (12.3.2) - rdoc (3.12.2) - json (~> 1.4) + public_suffix (4.0.4) + rack (2.2.2) + rake (13.0.1) + rchardet (1.8.0) + rdoc (4.3.0) semver (1.0.1) shoulda (3.6.0) shoulda-context (~> 1.0, >= 1.0.1) @@ -83,11 +83,10 @@ GEM shoulda-context (1.2.2) shoulda-matchers (3.1.3) activesupport (>= 4.0.0) - simplecov (0.16.1) + simplecov (0.18.5) docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) + simplecov-html (~> 0.11) + simplecov-html (0.12.2) thread_safe (0.3.6) tzinfo (1.2.5) thread_safe (~> 0.1) @@ -102,11 +101,11 @@ DEPENDENCIES elasticsearch-model elasticsearch-rails excon - juwelier (~> 2.1.0) + juwelier (~> 2.1.3) pg - rdoc (~> 3.12) + rdoc (~> 4.3, >= 4.3.0) shoulda - simplecov + simplecov (>= 0.16.1) BUNDLED WITH - 1.17.2 + 1.17.3