From d65eda7e2ea79502b4acbaad733dbb7089f47e24 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 31 May 2024 22:10:12 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 --- Gemfile | 8 +- Gemfile.lock | 260 ++++++++++++++++++++++----------------------------- 2 files changed, 118 insertions(+), 150 deletions(-) diff --git a/Gemfile b/Gemfile index d8049b7488..323570110c 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ git_source(:github) { |repo_slug| "https://github.com/#{repo_slug}" } ruby '~> 2.6' gem 'ransack', '~> 2.3.2' -gem 'rails', '~> 5.2.4' +gem 'rails', '~> 5.2.4', '>= 5.2.4.5' gem 'puma', '~> 3.12.2' gem 'mysql2', '~> 0.5.2' gem 'redis', '~> 4.1.2', require: ['redis', 'redis/connection/hiredis'] @@ -18,7 +18,7 @@ gem 'aasm', '~> 5.0.8' gem 'bunny', '~> 2.14.1' gem 'cancancan', '~> 3.1.0' gem 'enumerize', '~> 2.2.2' -gem 'kaminari', '~> 1.2.1' +gem 'kaminari', '~> 1.2.2' gem 'rbtree', '~> 0.4.2' gem 'grape', '~> 1.3.1' gem 'grape-entity', '~> 0.7.1' @@ -74,12 +74,12 @@ group :development do end group :test do - gem 'rspec-rails', '~> 3.8', '>= 3.8.2' + gem 'rspec-rails', '~> 3.9', '>= 3.9.1' gem 'rspec-retry', '~> 0.6' gem 'webmock', '~> 3.5' gem 'database_cleaner', '~> 1.7' gem 'mocha', '~> 1.8', require: false - gem 'factory_bot_rails', '~> 5.0', '>= 5.0.2' + gem 'factory_bot_rails', '~> 6.0', '>= 6.0.0' gem 'timecop', '~> 0.9' gem 'rubocop-rspec', '~> 1.32', require: false end diff --git a/Gemfile.lock b/Gemfile.lock index 81a55f33a6..f5da3f5935 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,43 +11,43 @@ GEM specs: aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (5.2.4.4) - actionpack (= 5.2.4.4) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.4) - activesupport (= 5.2.4.4) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) arel (>= 9.0) - activestorage (5.2.4.4) - actionpack (= 5.2.4.4) - activerecord (= 5.2.4.4) - marcel (~> 0.3.1) - activesupport (5.2.4.4) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -68,8 +68,8 @@ GEM arel-to-sql (1.0.0) arel (>= 6.0) ast (2.4.1) - aws-eventstream (1.1.0) - aws-sigv4 (1.2.2) + aws-eventstream (1.3.0) + aws-sigv4 (1.8.0) aws-eventstream (~> 1, >= 1.0.2) base58 (0.2.3) better-faraday (1.0.8) @@ -90,7 +90,7 @@ GEM base58 (~> 0.2.2) clamp (1.3.2) coderay (1.1.3) - concurrent-ruby (1.1.7) + concurrent-ruby (1.3.1) connection_pool (2.2.3) cookiejar (0.3.3) crack (0.4.3) @@ -98,7 +98,8 @@ GEM crass (1.0.6) daemons (1.3.1) database_cleaner (1.8.5) - diff-lcs (1.4.4) + date (3.3.4) + diff-lcs (1.5.1) digest-sha3 (1.1.0) dry-configurable (0.11.6) concurrent-ruby (~> 1.0) @@ -141,13 +142,13 @@ GEM activesupport (>= 3.2) env-tweaks (1.0.0) activesupport (>= 3.0, < 6.0) - erubi (1.9.0) + erubi (1.12.0) eventmachine (1.2.7) - factory_bot (5.2.0) - activesupport (>= 4.2.0) - factory_bot_rails (5.2.0) - factory_bot (~> 5.2.0) - railties (>= 4.2.0) + factory_bot (6.4.5) + activesupport (>= 5.0.0) + factory_bot_rails (6.4.3) + factory_bot (~> 6.4) + railties (>= 5.0.0) faker (1.9.6) i18n (>= 0.7) faraday (0.17.3) @@ -168,8 +169,8 @@ GEM ffi (1.13.1) figaro (1.1.1) thor (~> 0.14) - globalid (0.4.2) - activesupport (>= 4.2.0) + globalid (1.1.0) + activesupport (>= 5.0) god (0.13.7) grape (1.3.3) activesupport @@ -197,7 +198,7 @@ GEM hashie (3.6.0) hiredis (0.6.3) http_parser.rb (0.6.0) - i18n (1.8.5) + i18n (1.14.5) concurrent-ruby (~> 1.0) influxdb (0.7.0) io-console (0.5.6) @@ -217,36 +218,37 @@ GEM jwt-rack (0.1.0) jwt (~> 2.1.0) rack - kaminari (1.2.1) + kaminari (1.2.2) activesupport (>= 4.1.0) - kaminari-actionview (= 1.2.1) - kaminari-activerecord (= 1.2.1) - kaminari-core (= 1.2.1) - kaminari-actionview (1.2.1) + kaminari-actionview (= 1.2.2) + kaminari-activerecord (= 1.2.2) + kaminari-core (= 1.2.2) + kaminari-actionview (1.2.2) actionview - kaminari-core (= 1.2.1) - kaminari-activerecord (1.2.1) + kaminari-core (= 1.2.2) + kaminari-activerecord (1.2.2) activerecord - kaminari-core (= 1.2.1) - kaminari-core (1.2.1) + kaminari-core (= 1.2.2) + kaminari-core (1.2.2) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.7.0) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) + nokogiri (>= 1.12.0) + mail (2.8.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) + net-imap + net-pop + net-smtp + marcel (1.0.4) memoist (0.16.2) method-not-implemented (1.0.1) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) + method_source (1.1.0) + mini_mime (1.1.5) + mini_portile2 (2.8.6) + minitest (5.23.1) mocha (1.11.2) msgpack (1.3.3) multi_json (1.15.0) @@ -258,9 +260,19 @@ GEM mysql2 (0.5.3) net-http-persistent (3.0.1) connection_pool (~> 2.2) - nio4r (2.5.3) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + net-imap (0.3.7) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.0) + net-protocol + nio4r (2.7.3) + nokogiri (1.13.10) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) parallel (1.19.2) parser (2.7.1.4) ast (~> 2.4.1) @@ -278,47 +290,6 @@ GEM mysql2 prometheus-client thin - peatio-bitcoincash (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - cash-addr (~> 0.2.0) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-bitgo (2.6.3) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-dash (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-electrum (2.6.2) - activesupport (~> 5.2.3) - faraday (~> 0.17) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-litecoin (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) - peatio-ripple (2.6.1) - activesupport (~> 5.2.3) - better-faraday (~> 1.0.5) - faraday (~> 0.17) - memoist (~> 0.16.0) - net-http-persistent (~> 3.0.1) - peatio (>= 0.6.3) polyamorous (2.3.2) activerecord (>= 5.2.1) prometheus-client (2.1.0) @@ -330,41 +301,43 @@ GEM pry (~> 0.13.0) public_suffix (4.0.6) puma (3.12.6) - rack (2.2.3) + racc (1.8.0) + rack (2.2.9) rack-accept (0.4.5) rack (>= 0.4) rack-attack (5.4.2) rack (>= 1.0, < 3) rack-cors (1.0.6) rack (>= 1.6.0) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.2.4.4) - actioncable (= 5.2.4.4) - actionmailer (= 5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) - activemodel (= 5.2.4.4) - activerecord (= 5.2.4.4) - activestorage (= 5.2.4.4) - activesupport (= 5.2.4.4) + rack-test (2.1.0) + rack (>= 1.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) bundler (>= 1.3.0) - railties (= 5.2.4.4) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.1) + rake (13.2.1) ransack (2.3.2) activerecord (>= 5.2.1) activesupport (>= 5.2.1) @@ -379,15 +352,15 @@ GEM reline (0.1.4) io-console (~> 0.5) rexml (3.2.4) - rspec-core (3.9.0) - rspec-support (~> 3.9.0) - rspec-expectations (3.9.0) + rspec-core (3.9.3) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-mocks (3.9.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.9.0) - rspec-rails (3.9.0) + rspec-rails (3.9.1) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) @@ -397,7 +370,7 @@ GEM rspec-support (~> 3.9.0) rspec-retry (0.6.2) rspec-core (> 3.3) - rspec-support (3.9.2) + rspec-support (3.9.4) rubocop (0.90.0) parallel (~> 1.10) parser (>= 2.7.1.1) @@ -420,12 +393,12 @@ GEM parser sentry-raven (2.9.0) faraday (>= 0.7.6, < 1.0) - sprockets (4.0.2) + sprockets (4.2.1) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) + rack (>= 2.2.4, < 4) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) thin (1.7.2) daemons (~> 1.0, >= 1.0.9) @@ -434,7 +407,8 @@ GEM thor (0.20.3) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.7) + timeout (0.4.1) + tzinfo (1.2.11) thread_safe (~> 0.1) unicode-display_width (1.7.0) uniform_notifier (1.13.0) @@ -443,13 +417,13 @@ GEM public_suffix validates_lengths_from_database (0.7.0) activerecord (>= 3) - vault (0.15.0) + vault (0.18.2) aws-sigv4 webmock (3.8.3) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - websocket-driver (0.7.3) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -474,7 +448,7 @@ DEPENDENCIES enumerize (~> 2.2.2) env-tweaks (~> 1.0.0) eventmachine (~> 1.2) - factory_bot_rails (~> 5.0, >= 5.0.2) + factory_bot_rails (~> 6.0, >= 6.0.0) faker (~> 1.8) faraday (~> 0.17) faraday_middleware (~> 0.13.1) @@ -496,7 +470,7 @@ DEPENDENCIES jwt (~> 2.1.0) jwt-multisig (~> 1.0.0) jwt-rack (~> 0.1.0) - kaminari (~> 1.2.1) + kaminari (~> 1.2.2) listen (>= 3.0.5, < 3.2) memoist (~> 0.16.0) method-not-implemented (~> 1.0.1) @@ -504,21 +478,15 @@ DEPENDENCIES mysql2 (~> 0.5.2) net-http-persistent (~> 3.0.1) peatio (~> 2.6.2) - peatio-bitcoincash (~> 2.6.1) - peatio-bitgo (~> 2.6.3) - peatio-dash (~> 2.6.1) - peatio-electrum (~> 2.6.2) - peatio-litecoin (~> 2.6.1) - peatio-ripple (~> 2.6.1) pry-byebug (~> 3.7) puma (~> 3.12.2) rack-attack (~> 5.4.2) rack-cors (~> 1.0.6) - rails (~> 5.2.4) + rails (~> 5.2.4, >= 5.2.4.5) ransack (~> 2.3.2) rbtree (~> 0.4.2) redis (~> 4.1.2) - rspec-rails (~> 3.8, >= 3.8.2) + rspec-rails (~> 3.9, >= 3.9.1) rspec-retry (~> 0.6) rubocop-rspec (~> 1.32) ruby-prof (~> 0.17.0) @@ -536,4 +504,4 @@ RUBY VERSION ruby 2.6.6p146 BUNDLED WITH - 2.1.4 + 1.17.3