From 45c7e71282d69704223ab1a7089fdb867c0e58c8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 24 Oct 2022 03:29:01 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 --- Gemfile | 12 +-- Gemfile.lock | 267 +++++++++++++++++++++------------------------------ 2 files changed, 114 insertions(+), 165 deletions(-) diff --git a/Gemfile b/Gemfile index d8049b7488..7f4cfad2b0 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ git_source(:github) { |repo_slug| "https://github.com/#{repo_slug}" } ruby '~> 2.6' gem 'ransack', '~> 2.3.2' -gem 'rails', '~> 5.2.4' +gem 'rails', '~> 5.2.4', '>= 5.2.4.4' gem 'puma', '~> 3.12.2' gem 'mysql2', '~> 0.5.2' gem 'redis', '~> 4.1.2', require: ['redis', 'redis/connection/hiredis'] @@ -20,17 +20,17 @@ gem 'cancancan', '~> 3.1.0' gem 'enumerize', '~> 2.2.2' gem 'kaminari', '~> 1.2.1' gem 'rbtree', '~> 0.4.2' -gem 'grape', '~> 1.3.1' +gem 'grape', '~> 1.3.3' gem 'grape-entity', '~> 0.7.1' gem 'grape-swagger', '~> 0.30.1' gem 'grape-swagger-ui', '~> 2.2.8' gem 'grape-swagger-entity', '~> 0.2.5' -gem 'grape_logging', '~> 1.8.0' +gem 'grape_logging', '~> 1.8.4' gem 'rack-attack', '~> 5.4.2' gem 'faraday', '~> 0.17' gem 'better-faraday', '~> 1.0.5' gem 'faraday_middleware', '~> 0.13.1' -gem 'faye', '~> 1.4' +gem 'faye', '~> 1.4', '>= 1.4.0' gem 'eventmachine', '~> 1.2' gem 'em-synchrony', '~> 1.0' gem 'jwt', '~> 2.1.0' @@ -74,12 +74,12 @@ group :development do end group :test do - gem 'rspec-rails', '~> 3.8', '>= 3.8.2' + gem 'rspec-rails', '~> 3.9', '>= 3.9.0' gem 'rspec-retry', '~> 0.6' gem 'webmock', '~> 3.5' gem 'database_cleaner', '~> 1.7' gem 'mocha', '~> 1.8', require: false - gem 'factory_bot_rails', '~> 5.0', '>= 5.0.2' + gem 'factory_bot_rails', '~> 5.2', '>= 5.2.0' gem 'timecop', '~> 0.9' gem 'rubocop-rspec', '~> 1.32', require: false end diff --git a/Gemfile.lock b/Gemfile.lock index 81a55f33a6..4ff5f7ffa0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,49 +11,49 @@ GEM specs: aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (5.2.4.4) - actionpack (= 5.2.4.4) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.4) - activesupport (= 5.2.4.4) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) arel (>= 9.0) - activestorage (5.2.4.4) - actionpack (= 5.2.4.4) - activerecord (= 5.2.4.4) - marcel (~> 0.3.1) - activesupport (5.2.4.4) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) amq-protocol (2.3.2) amqp (1.8.0) amq-protocol (>= 2.2.0) @@ -68,8 +68,8 @@ GEM arel-to-sql (1.0.0) arel (>= 6.0) ast (2.4.1) - aws-eventstream (1.1.0) - aws-sigv4 (1.2.2) + aws-eventstream (1.2.0) + aws-sigv4 (1.5.2) aws-eventstream (~> 1, >= 1.0.2) base58 (0.2.3) better-faraday (1.0.8) @@ -90,36 +90,32 @@ GEM base58 (~> 0.2.2) clamp (1.3.2) coderay (1.1.3) - concurrent-ruby (1.1.7) - connection_pool (2.2.3) + concurrent-ruby (1.1.10) + connection_pool (2.3.0) cookiejar (0.3.3) crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.6) - daemons (1.3.1) + daemons (1.4.1) database_cleaner (1.8.5) - diff-lcs (1.4.4) + diff-lcs (1.5.0) digest-sha3 (1.1.0) - dry-configurable (0.11.6) + dry-configurable (0.13.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.4, >= 0.4.7) - dry-equalizer (~> 0.2) - dry-container (0.7.2) + dry-core (~> 0.6) + dry-container (0.9.0) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.9) + dry-configurable (~> 0.13, >= 0.13.0) + dry-core (0.7.1) concurrent-ruby (~> 1.0) - dry-equalizer (0.3.0) - dry-inflector (0.2.0) - dry-logic (1.0.7) + dry-inflector (0.2.1) + dry-logic (1.2.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.2) - dry-equalizer (~> 0.2) - dry-types (1.4.0) + dry-core (~> 0.5, >= 0.5) + dry-types (1.5.1) concurrent-ruby (~> 1.0) dry-container (~> 0.3) - dry-core (~> 0.4, >= 0.4.4) - dry-equalizer (~> 0.3) + dry-core (~> 0.5, >= 0.5) dry-inflector (~> 0.1, >= 0.1.2) dry-logic (~> 1.0, >= 1.0.2) em-http-request (1.1.7) @@ -132,16 +128,16 @@ GEM eventmachine (>= 1.0.0.beta.4) em-synchrony (1.0.6) eventmachine (>= 1.0.0.beta.1) - em-websocket (0.5.1) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) + http_parser.rb (~> 0) email_validator (1.6.0) activemodel enumerize (2.2.2) activesupport (>= 3.2) env-tweaks (1.0.0) activesupport (>= 3.0, < 6.0) - erubi (1.9.0) + erubi (1.11.0) eventmachine (1.2.7) factory_bot (5.2.0) activesupport (>= 4.2.0) @@ -150,7 +146,7 @@ GEM railties (>= 4.2.0) faker (1.9.6) i18n (>= 0.7) - faraday (0.17.3) + faraday (0.17.5) multipart-post (>= 1.2, < 3) faraday_middleware (0.13.1) faraday (>= 0.7.4, < 1.0) @@ -162,14 +158,14 @@ GEM multi_json (>= 1.0.0) rack (>= 1.0.0) websocket-driver (>= 0.5.1) - faye-websocket (0.11.0) + faye-websocket (0.11.1) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) ffi (1.13.1) figaro (1.1.1) thor (~> 0.14) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (1.0.0) + activesupport (>= 5.0) god (0.13.7) grape (1.3.3) activesupport @@ -196,8 +192,8 @@ GEM hashdiff (1.0.1) hashie (3.6.0) hiredis (0.6.3) - http_parser.rb (0.6.0) - i18n (1.8.5) + http_parser.rb (0.8.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) influxdb (0.7.0) io-console (0.5.6) @@ -233,38 +229,37 @@ GEM rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.7.0) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) + marcel (1.0.2) memoist (0.16.2) method-not-implemented (1.0.1) method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.16.3) mocha (1.11.2) msgpack (1.3.3) multi_json (1.15.0) - multipart-post (2.1.1) - mustermann (1.1.1) + multipart-post (2.2.3) + mustermann (3.0.0) ruby2_keywords (~> 0.0.1) - mustermann-grape (1.0.1) + mustermann-grape (1.0.2) mustermann (>= 1.0.0) - mysql2 (0.5.3) + mysql2 (0.5.4) net-http-persistent (3.0.1) connection_pool (~> 2.2) - nio4r (2.5.3) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + nio4r (2.5.8) + nokogiri (1.13.9) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) parallel (1.19.2) parser (2.7.1.4) ast (~> 2.4.1) - peatio (2.6.2) + peatio (2.6.5) activemodel (> 5.2, <= 6.0.0) amqp bunny @@ -278,93 +273,53 @@ GEM mysql2 prometheus-client thin - peatio-bitcoincash (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - cash-addr (~> 0.2.0) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-bitgo (2.6.3) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-dash (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-electrum (2.6.2) - activesupport (~> 5.2.3) - faraday (~> 0.17) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-litecoin (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-ripple (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) polyamorous (2.3.2) activerecord (>= 5.2.1) - prometheus-client (2.1.0) + prometheus-client (4.0.0) pry (0.13.1) coderay (~> 1.1) method_source (~> 1.0) pry-byebug (3.9.0) byebug (~> 11.0) pry (~> 0.13.0) - public_suffix (4.0.6) + public_suffix (5.0.0) puma (3.12.6) - rack (2.2.3) + racc (1.6.0) + rack (2.2.4) rack-accept (0.4.5) rack (>= 0.4) rack-attack (5.4.2) rack (>= 1.0, < 3) rack-cors (1.0.6) rack (>= 1.6.0) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.2.4.4) - actioncable (= 5.2.4.4) - actionmailer (= 5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) - activemodel (= 5.2.4.4) - activerecord (= 5.2.4.4) - activestorage (= 5.2.4.4) - activesupport (= 5.2.4.4) + rack-test (2.0.2) + rack (>= 1.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) bundler (>= 1.3.0) - railties (= 5.2.4.4) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.1) + rake (13.0.6) ransack (2.3.2) activerecord (>= 5.2.1) activesupport (>= 5.2.1) @@ -379,15 +334,15 @@ GEM reline (0.1.4) io-console (~> 0.5) rexml (3.2.4) - rspec-core (3.9.0) - rspec-support (~> 3.9.0) - rspec-expectations (3.9.0) + rspec-core (3.9.3) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-mocks (3.9.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-rails (3.9.0) + rspec-rails (3.9.1) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) @@ -397,7 +352,7 @@ GEM rspec-support (~> 3.9.0) rspec-retry (0.6.2) rspec-core (> 3.3) - rspec-support (3.9.2) + rspec-support (3.9.4) rubocop (0.90.0) parallel (~> 1.10) parser (>= 2.7.1.1) @@ -413,28 +368,28 @@ GEM rubocop (~> 0.87) ruby-prof (0.17.0) ruby-progressbar (1.10.1) - ruby2_keywords (0.0.2) + ruby2_keywords (0.0.5) ruby_dep (1.5.0) safe_yaml (1.0.5) scout_apm (2.6.9) parser sentry-raven (2.9.0) faraday (>= 0.7.6, < 1.0) - sprockets (4.0.2) + sprockets (4.1.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) - thin (1.7.2) + thin (1.8.1) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (0.20.3) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.7) + tzinfo (1.2.10) thread_safe (~> 0.1) unicode-display_width (1.7.0) uniform_notifier (1.13.0) @@ -443,13 +398,13 @@ GEM public_suffix validates_lengths_from_database (0.7.0) activerecord (>= 3) - vault (0.15.0) + vault (0.17.0) aws-sigv4 webmock (3.8.3) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -474,19 +429,19 @@ DEPENDENCIES enumerize (~> 2.2.2) env-tweaks (~> 1.0.0) eventmachine (~> 1.2) - factory_bot_rails (~> 5.0, >= 5.0.2) + factory_bot_rails (~> 5.2, >= 5.2.0) faker (~> 1.8) faraday (~> 0.17) faraday_middleware (~> 0.13.1) - faye (~> 1.4) + faye (~> 1.4, >= 1.4.0) figaro (~> 1.1.1) god (~> 0.13.7) - grape (~> 1.3.1) + grape (~> 1.3.3) grape-entity (~> 0.7.1) grape-swagger (~> 0.30.1) grape-swagger-entity (~> 0.2.5) grape-swagger-ui (~> 2.2.8) - grape_logging (~> 1.8.0) + grape_logging (~> 1.8.4) grape_on_rails_routes (~> 0.3.2) hashie (~> 3.6.0) hiredis (~> 0.6.0) @@ -504,21 +459,15 @@ DEPENDENCIES mysql2 (~> 0.5.2) net-http-persistent (~> 3.0.1) peatio (~> 2.6.2) - peatio-bitcoincash (~> 2.6.1) - peatio-bitgo (~> 2.6.3) - peatio-dash (~> 2.6.1) - peatio-electrum (~> 2.6.2) - peatio-litecoin (~> 2.6.1) - peatio-ripple (~> 2.6.1) pry-byebug (~> 3.7) puma (~> 3.12.2) rack-attack (~> 5.4.2) rack-cors (~> 1.0.6) - rails (~> 5.2.4) + rails (~> 5.2.4, >= 5.2.4.4) ransack (~> 2.3.2) rbtree (~> 0.4.2) redis (~> 4.1.2) - rspec-rails (~> 3.8, >= 3.8.2) + rspec-rails (~> 3.9, >= 3.9.0) rspec-retry (~> 0.6) rubocop-rspec (~> 1.32) ruby-prof (~> 0.17.0) @@ -536,4 +485,4 @@ RUBY VERSION ruby 2.6.6p146 BUNDLED WITH - 2.1.4 + 1.17.3