Merge pull request #197 from coopdevs/feature/fix-security-alerts-fro…

…m-gemnasium Updated gems with security alerts (rails, nokogiri, jquery)
coopdevs · Mar 24, 2016 · 44819d6 · 44819d6
2 parents 94a545f + d03ccbd
commit 44819d6
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 58 deletions.
diff --git a/Gemfile b/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 4.2'
+gem 'rails', '4.2.5.2'
 gem 'rails-i18n'
 gem 'rails_12factor'
 gem "rdiscount"
@@ -23,7 +23,7 @@ gem "haml-rails"
 gem "simple_form", ">= 3.0.0"
 gem "awesome_print"
 gem 'memcachier'
-gem 'rollbar'
+gem 'rollbar', '2.8.3'
 gem 'travis-lint'
 gem "shelly-dependencies"
 gem 'whenever', :require => false
@@ -34,20 +34,23 @@ gem 'elasticsearch-model'
 gem 'elasticsearch-rails'
 
 # Assets
-gem 'jquery-rails'
+gem 'jquery-rails', '4.0.4'
 gem 'jquery-ui-rails'
 gem 'bootstrap-sass'
 gem 'sass-rails', '~> 5.0.1'
 gem 'coffee-rails'
-gem 'uglifier', '>= 1.0.3'
+gem 'uglifier', '2.7.2'
 gem 'select2-rails'
 
+# Security
+gem 'nokogiri', '1.6.7.2'
+
 group :development do
   gem "binding_of_caller"
   gem "better_errors"
   gem "rubocop"
   gem "haml-lint"
-  gem 'web-console', '~> 2.0'
+  gem 'web-console', '2.1.3'
   gem 'capistrano', '~> 3.1'
   gem 'capistrano-rails', '~> 1.1'
   # gem 'capistrano3-delayed-job', '~> 1.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -19,36 +19,36 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.0)
-      actionpack (= 4.2.0)
-      actionview (= 4.2.0)
-      activejob (= 4.2.0)
+    actionmailer (4.2.5.2)
+      actionpack (= 4.2.5.2)
+      actionview (= 4.2.5.2)
+      activejob (= 4.2.5.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.0)
-      actionview (= 4.2.0)
-      activesupport (= 4.2.0)
-      rack (~> 1.6.0)
+    actionpack (4.2.5.2)
+      actionview (= 4.2.5.2)
+      activesupport (= 4.2.5.2)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    actionview (4.2.0)
-      activesupport (= 4.2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5.2)
+      activesupport (= 4.2.5.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    activejob (4.2.0)
-      activesupport (= 4.2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.5.2)
+      activesupport (= 4.2.5.2)
       globalid (>= 0.3.0)
-    activemodel (4.2.0)
-      activesupport (= 4.2.0)
+    activemodel (4.2.5.2)
+      activesupport (= 4.2.5.2)
       builder (~> 3.1)
-    activerecord (4.2.0)
-      activemodel (= 4.2.0)
-      activesupport (= 4.2.0)
+    activerecord (4.2.5.2)
+      activemodel (= 4.2.5.2)
+      activesupport (= 4.2.5.2)
       arel (~> 6.0)
-    activesupport (4.2.0)
+    activesupport (4.2.5.2)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
@@ -108,7 +108,7 @@ GEM
       execjs
     coffee-script-source (1.8.0)
     columnize (0.9.0)
-    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.1)
     daemons (1.1.9)
     dalli (2.7.2)
     database_cleaner (1.4.0)
@@ -185,7 +185,7 @@ GEM
       has_scope (~> 0.6.0.rc)
       railties (>= 3.2, < 5)
       responders
-    jquery-rails (4.0.3)
+    jquery-rails (4.0.4)
       rails-dom-testing (~> 1.0)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
@@ -198,18 +198,20 @@ GEM
     kgio (2.10.0)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     memcachier (0.0.2)
-    mime-types (2.99)
+    mime-types (3.0)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0221)
     mini_portile2 (2.0.0)
-    minitest (5.8.3)
+    minitest (5.8.4)
     multi_json (1.11.2)
     multipart-post (2.0.0)
     net-scp (1.2.1)
       net-ssh (>= 2.6.5)
     net-ssh (2.9.2)
-    nokogiri (1.6.7.1)
+    nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
     orm_adapter (0.5.0)
     parser (2.2.0.2)
@@ -230,24 +232,24 @@ GEM
     rack (1.6.4)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.0)
-      actionmailer (= 4.2.0)
-      actionpack (= 4.2.0)
-      actionview (= 4.2.0)
-      activejob (= 4.2.0)
-      activemodel (= 4.2.0)
-      activerecord (= 4.2.0)
-      activesupport (= 4.2.0)
+    rails (4.2.5.2)
+      actionmailer (= 4.2.5.2)
+      actionpack (= 4.2.5.2)
+      actionview (= 4.2.5.2)
+      activejob (= 4.2.5.2)
+      activemodel (= 4.2.5.2)
+      activerecord (= 4.2.5.2)
+      activesupport (= 4.2.5.2)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.0)
+      railties (= 4.2.5.2)
       sprockets-rails
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
     rails-dom-testing (1.0.7)
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.2)
+    rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
     rails-i18n (4.0.3)
       i18n (~> 0.6)
@@ -257,14 +259,14 @@ GEM
       rails_stdout_logging
     rails_serve_static_assets (0.0.3)
     rails_stdout_logging (0.0.3)
-    railties (4.2.0)
-      actionpack (= 4.2.0)
-      activesupport (= 4.2.0)
+    railties (4.2.5.2)
+      actionpack (= 4.2.5.2)
+      activesupport (= 4.2.5.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.0.0)
     raindrops (0.16.0)
-    rake (10.5.0)
+    rake (11.1.1)
     ransack (1.6.3)
       actionpack (>= 3.0)
       activerecord (>= 3.0)
@@ -274,8 +276,8 @@ GEM
     rdiscount (2.1.7.1)
     responders (2.0.2)
       railties (>= 4.2.0.alpha, < 5)
-    rollbar (1.3.2)
-      multi_json (~> 1.3)
+    rollbar (2.8.3)
+      multi_json
     rspec-core (3.4.1)
       rspec-support (~> 3.4.0)
     rspec-expectations (3.4.0)
@@ -336,7 +338,7 @@ GEM
     sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.0.4)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -357,7 +359,7 @@ GEM
     ttfunk (1.4.0)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    uglifier (2.7.0)
+    uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
     unicorn (5.0.1)
@@ -366,10 +368,10 @@ GEM
       raindrops (~> 0.7)
     warden (1.2.6)
       rack (>= 1.0)
-    web-console (2.0.0)
-      activemodel (~> 4.0)
+    web-console (2.1.3)
+      activemodel (>= 4.0)
       binding_of_caller (>= 0.7.2)
-      railties (~> 4.0)
+      railties (>= 4.0)
       sprockets-rails (>= 2.0, < 4.0)
     whenever (0.9.4)
       chronic (>= 0.6.3)
@@ -407,21 +409,22 @@ DEPENDENCIES
   high_voltage (~> 2.1.0)
   hstore_translate
   http_accept_language
-  jquery-rails
+  jquery-rails (= 4.0.4)
   jquery-ui-rails
   kaminari
   memcachier
+  nokogiri (= 1.6.7.2)
   pg (= 0.17.1)
   prawn
   prawn-table
   pundit
   quiet_assets
-  rails (~> 4.2)
+  rails (= 4.2.5.2)
   rails-i18n
   rails_12factor
   rake
   rdiscount
-  rollbar
+  rollbar (= 2.8.3)
   rspec-rails (~> 3.4.0)
   rubocop
   sass-rails (~> 5.0.1)
@@ -432,9 +435,9 @@ DEPENDENCIES
   slim-rails
   thin
   travis-lint
-  uglifier (>= 1.0.3)
+  uglifier (= 2.7.2)
   unicorn
-  web-console (~> 2.0)
+  web-console (= 2.1.3)
   whenever
 
 BUNDLED WITH