From 26b40e5a4dd665a874363919667326d55f121b74 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 28 Feb 2020 10:32:04 +0100 Subject: [PATCH] gollum: Update the dependencies (security, CVE-2020-7595) This updates nokogiri to 1.10.8 for CVE-2020-7595 [0]. [0]: https://github.com/sparklemotion/nokogiri/issues/1992 (cherry picked from commit a0d61c0135b182233ff82399127beb8a4dc264ad) --- pkgs/applications/misc/gollum/Gemfile.lock | 14 +++++------ pkgs/applications/misc/gollum/gemset.nix | 27 +++++++--------------- 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/pkgs/applications/misc/gollum/Gemfile.lock b/pkgs/applications/misc/gollum/Gemfile.lock index 8ecb546df703a..6a705b6a9d82d 100644 --- a/pkgs/applications/misc/gollum/Gemfile.lock +++ b/pkgs/applications/misc/gollum/Gemfile.lock @@ -6,10 +6,10 @@ GEM gemojione (3.3.0) json github-markup (1.7.0) - gitlab-grit (2.8.2) - charlock_holmes (~> 0.6) + gitlab-grit (2.8.3) + charlock_holmes (~> 0.7) diff-lcs (~> 1.1) - mime-types (>= 1.16) + mime-types (>= 1.16, < 3) posix-spawn (~> 0.3) gollum (4.1.4) gemojione (~> 3.2) @@ -31,15 +31,13 @@ GEM twitter-text (= 1.14.7) json (2.3.0) kramdown (1.9.0) - mime-types (3.3) - mime-types-data (~> 3.2015) - mime-types-data (3.2019.1009) + mime-types (2.99.3) mini_portile2 (2.4.0) mustache (0.99.8) - nokogiri (1.10.7) + nokogiri (1.10.8) mini_portile2 (~> 2.4.0) posix-spawn (0.3.13) - rack (1.6.12) + rack (1.6.13) rack-protection (1.5.5) rack rouge (2.2.1) diff --git a/pkgs/applications/misc/gollum/gemset.nix b/pkgs/applications/misc/gollum/gemset.nix index 61e0db781b87f..7ce1d853f3686 100644 --- a/pkgs/applications/misc/gollum/gemset.nix +++ b/pkgs/applications/misc/gollum/gemset.nix @@ -46,10 +46,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xgs3l81ghlc5nm75n0pz7b2cj3hpscfq5iy27c483nnjn2v5mc4"; + sha256 = "0xvcizc4856xlvara1zzwl6j61vxxshzcrdagp58xzfl68vbi63p"; type = "gem"; }; - version = "2.8.2"; + version = "2.8.3"; }; gollum = { dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"]; @@ -105,25 +105,14 @@ version = "1.9.0"; }; mime-types = { - dependencies = ["mime-types-data"]; groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0g7l18igjb9z7q4b2ykvyxyvjxlx5pwsmx5z3ibdbr6372xgfglk"; + sha256 = "03j98xr0qw2p2jkclpmk7pm29yvmmh0073d8d43ajmr0h3w7i5l9"; type = "gem"; }; - version = "3.3"; - }; - mime-types-data = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "18x61fc36951vw7f74gq8cyybdpxvyg5d0azvqhrs82ddw3v16xh"; - type = "gem"; - }; - version = "3.2019.1009"; + version = "2.99.3"; }; mini_portile2 = { groups = ["default"]; @@ -151,10 +140,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0r0qpgf80h764k176yr63gqbs2z0xbsp8vlvs2a79d5r9vs83kln"; + sha256 = "1yi8j8hwrlc3rg5v3w52gxndmwifyk7m732q9yfbal0qajqbh1h8"; type = "gem"; }; - version = "1.10.7"; + version = "1.10.8"; }; posix-spawn = { groups = ["default"]; @@ -171,10 +160,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1riq0z408dwvqcqrpq05bp2w879l4sjxzb4cbrbx55kpi6h2g1cj"; + sha256 = "0wr1f3g9rc9i8svfxa9cijajl1661d817s56b2w7rd572zwn0zi0"; type = "gem"; }; - version = "1.6.12"; + version = "1.6.13"; }; rack-protection = { dependencies = ["rack"];