From cbd7a095117d4500fb9c0e1c9add65907313c240 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 21 Oct 2022 18:22:25 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 --- Gemfile | 2 +- Gemfile.lock | 406 +++++++++++++++++++++++++++------------------------ 2 files changed, 217 insertions(+), 191 deletions(-) diff --git a/Gemfile b/Gemfile index b38ee86..220cada 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ source 'https://rubygems.org' gem 'safemode', '<1.3.3' -gem 'spree_frontend', '<3.0.7' +gem 'spree_frontend', '~> 3.6' diff --git a/Gemfile.lock b/Gemfile.lock index 47f137b..a5e05b0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,177 +1,199 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.10) - actionpack (= 4.2.10) - actionview (= 4.2.10) - activejob (= 4.2.10) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.10) - actionview (= 4.2.10) - activesupport (= 4.2.10) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) + rails-dom-testing (~> 2.0) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.10) - activesupport (= 4.2.10) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.10) - activesupport (= 4.2.10) - globalid (>= 0.3.0) - activemerchant (1.47.0) - activesupport (>= 3.2.14, < 5.0.0) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) + globalid (>= 0.3.6) + activemerchant (1.126.0) + activesupport (>= 4.2) builder (>= 2.1.2, < 4.0.0) i18n (>= 0.6.9) nokogiri (~> 1.4) - activemodel (4.2.10) - activesupport (= 4.2.10) - builder (~> 3.1) - activerecord (4.2.10) - activemodel (= 4.2.10) - activesupport (= 4.2.10) - arel (~> 6.0) - activesupport (4.2.10) - i18n (~> 0.7) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) + arel (>= 9.0) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) + marcel (~> 1.0.0) + activesupport (5.2.8.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - acts_as_list (0.9.10) + acts-as-taggable-on (6.0.0) + activerecord (~> 5.0) + acts_as_list (0.9.19) activerecord (>= 3.0) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - arel (6.0.4) - autoprefixer-rails (7.2.5) - execjs - awesome_nested_set (3.0.3) - activerecord (>= 4.0.0, < 5) - bootstrap-sass (3.3.7) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + arel (9.0.0) + autoprefixer-rails (10.4.7.0) + execjs (~> 2) + awesome_nested_set (3.2.1) + activerecord (>= 4.0.0, < 7.0) + bootstrap-sass (3.4.1) autoprefixer-rails (>= 5.2.1) - sass (>= 3.3.4) - builder (3.2.3) + sassc (>= 2.0.0) + builder (3.2.4) camertron-eprun (1.1.1) - cancancan (1.10.1) - canonical-rails (0.0.11) - rails (>= 3.1, < 5.0) + cancancan (2.3.0) + canonical-rails (0.2.14) + rails (>= 4.1, <= 7.1) carmen (1.0.2) activesupport (>= 3.0.0) - cldr-plurals-runtime-rb (1.0.1) + cldr-plurals-runtime-rb (1.1.0) climate_control (0.2.0) - cocaine (0.5.8) - climate_control (>= 0.0.3, < 1.0) - colorize (0.8.1) - concurrent-ruby (1.0.5) - crass (1.0.3) - css_parser (1.6.0) + concurrent-ruby (1.1.10) + crass (1.0.6) + css_parser (1.12.0) addressable - deface (1.0.2) - colorize (>= 0.5.8) - nokogiri (~> 1.6.0) + deface (1.9.0) + actionview (>= 5.2) + nokogiri (>= 1.6) polyglot - rails (>= 3.1) - erubis (2.7.0) - execjs (2.7.0) - ffaker (1.32.1) - ffi (1.9.18) - font-awesome-rails (4.7.0.3) - railties (>= 3.2, < 5.2) - friendly_id (5.1.0) + railties (>= 5.2) + rainbow (>= 2.1.0) + doorkeeper (5.6.0) + railties (>= 5) + erubi (1.11.0) + execjs (2.8.1) + fast_jsonapi (1.5) + activesupport (>= 4.2) + ffaker (2.21.0) + ffi (1.15.5) + friendly_id (5.2.5) activerecord (>= 4.0.0) - globalid (0.4.1) - activesupport (>= 4.2.0) - highline (1.6.21) + globalid (1.0.0) + activesupport (>= 5.0) + highline (2.0.3) htmlentities (4.3.4) - i18n (0.9.3) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jquery-rails (4.3.1) + jquery-rails (4.5.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (1.8.6) - kaminari (0.17.0) - actionpack (>= 3.0.0) - activesupport (>= 3.0.0) - loofah (2.1.1) + kaminari (1.0.1) + activesupport (>= 4.1.0) + kaminari-actionview (= 1.0.1) + kaminari-activerecord (= 1.0.1) + kaminari-core (= 1.0.1) + kaminari-actionview (1.0.1) + actionview + kaminari-core (= 1.0.1) + kaminari-activerecord (1.0.1) + activerecord + kaminari-core (= 1.0.1) + kaminari-core (1.0.1) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) - mime-types (3.1) + marcel (1.0.2) + method_source (1.0.0) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_mime (1.0.0) - mini_portile2 (2.1.0) - minitest (5.11.3) - monetize (1.7.0) - money (~> 6.9) - money (6.10.1) - i18n (>= 0.6.4, < 1.0) - nokogiri (1.6.8.1) - mini_portile2 (~> 2.1.0) - paperclip (4.2.4) - activemodel (>= 3.2.0) - activesupport (>= 3.2.0) - cocaine (~> 0.5.5) + mime-types-data (3.2022.0105) + mimemagic (0.3.10) + nokogiri (~> 1) + rake + mini_magick (4.9.5) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.16.3) + monetize (1.12.0) + money (~> 6.12) + money (6.16.0) + i18n (>= 0.6.4, <= 2) + nio4r (2.5.8) + nokogiri (1.13.9) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + paperclip (6.1.0) + activemodel (>= 4.2.0) + activesupport (>= 4.2.0) mime-types - paranoia (2.1.5) - activerecord (~> 4.0) - polyamorous (1.3.3) - activerecord (>= 3.0) + mimemagic (~> 0.3.0) + terrapin (~> 0.6.0) + paranoia (2.4.3) + activerecord (>= 4.0, < 6.2) polyglot (0.3.5) - premailer (1.11.1) + premailer (1.18.0) addressable - css_parser (>= 1.6.0) + css_parser (>= 1.12.0) htmlentities (>= 4.0.0) - premailer-rails (1.10.1) - actionmailer (>= 3, < 6) + premailer-rails (1.11.1) + actionmailer (>= 3) premailer (~> 1.7, >= 1.7.9) - public_suffix (3.0.1) - rabl (0.11.8) + public_suffix (5.0.0) + rabl (0.13.1) activesupport (>= 2.3.14) - rack (1.6.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (4.2.10) - actionmailer (= 4.2.10) - actionpack (= 4.2.10) - actionview (= 4.2.10) - activejob (= 4.2.10) - activemodel (= 4.2.10) - activerecord (= 4.2.10) - activesupport (= 4.2.10) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.10) - sprockets-rails - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.9) - activesupport (>= 4.2.0, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (4.2.10) - actionpack (= 4.2.10) - activesupport (= 4.2.10) + racc (1.6.0) + rack (2.2.4) + rack-test (2.0.2) + rack (>= 1.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) + bundler (>= 1.3.0) + railties (= 5.2.8.1) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.4.3) + loofah (~> 2.3) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) + method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.0) - ransack (1.4.1) - actionpack (>= 3.0) - activerecord (>= 3.0) - activesupport (>= 3.0) + thor (>= 0.19.0, < 2.0) + rainbow (3.1.1) + rake (13.0.6) + ransack (2.1.1) + actionpack (>= 5.0) + activerecord (>= 5.0) + activesupport (>= 5.0) i18n - polyamorous (~> 1.1) - rb-fsevent (0.10.2) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) ruby2ruby (2.4.0) ruby_parser (~> 3.1) sexp_processor (~> 4.6) @@ -181,83 +203,87 @@ GEM ruby2ruby (>= 2.0.6) ruby_parser (>= 3.2.0) sexp_processor (>= 4.3.0) - sass (3.5.5) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) + sassc (2.4.0) + ffi (~> 1.9) sexp_processor (4.10.0) - spree_api (3.0.6.1) - rabl (~> 0.11.6) - spree_core (= 3.0.6.1) - versioncake (~> 2.3.1) - spree_core (3.0.6.1) - activemerchant (~> 1.47.0) - acts_as_list (~> 0.6) - awesome_nested_set (~> 3.0.1) - cancancan (~> 1.10.1) + spree_api (3.7.14.1) + doorkeeper (~> 5.0) + fast_jsonapi (~> 1.5) + rabl (~> 0.13.1) + spree_core (= 3.7.14.1) + versioncake (~> 3.4.0) + spree_core (3.7.14.1) + activemerchant (~> 1.67) + acts-as-taggable-on (~> 6.0.0) + acts_as_list (~> 0.8) + awesome_nested_set (~> 3.2.0) + cancancan (~> 2.0) carmen (~> 1.0.0) - deface (~> 1.0.0) - ffaker (~> 1.16) - font-awesome-rails (~> 4.0) - friendly_id (~> 5.1.0) - highline (~> 1.6.18) - json (~> 1.7) - kaminari (~> 0.15, >= 0.15.1) - monetize (~> 1.1) - paperclip (~> 4.2.0) - paranoia (~> 2.1.0) + deface (~> 1.0) + ffaker (~> 2.9) + friendly_id (~> 5.2.1) + highline (~> 2.0.0) + kaminari (~> 1.0.1) + mini_magick (~> 4.9.4) + monetize (~> 1.9) + money (~> 6.13) + paperclip (~> 6.1.0) + paranoia (~> 2.4.1) premailer-rails - rails (~> 4.2.2) - ransack (~> 1.4.1) + rails (~> 5.2.4, >= 5.2.4) + ransack (~> 2.1.1) responders - sprockets-rails (~> 2.0) - state_machines-activerecord (~> 0.2) + sprockets (~> 3.7) + sprockets-rails + state_machines-activerecord (~> 0.5) stringex - truncate_html (= 0.9.2) - twitter_cldr (~> 3.0) - spree_frontend (3.0.6.1) - bootstrap-sass (>= 3.3.5.1, < 3.4) - canonical-rails (~> 0.0.4) - jquery-rails (~> 4.1) - spree_api (= 3.0.6.1) - spree_core (= 3.0.6.1) - sprockets (3.7.1) + twitter_cldr (~> 4.3) + spree_frontend (3.7.14.1) + bootstrap-sass (~> 3.4) + canonical-rails (~> 0.2.3) + jquery-rails (~> 4.3) + spree_api (= 3.7.14.1) + spree_core (= 3.7.14.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + sprockets (>= 3.0.0) state_machines (0.5.0) - state_machines-activemodel (0.5.0) - activemodel (>= 4.1, < 5.2) + state_machines-activemodel (0.8.0) + activemodel (>= 5.1) state_machines (>= 0.5.0) - state_machines-activerecord (0.5.0) - activerecord (>= 4.1, < 5.2) - state_machines-activemodel (>= 0.5.0) - stringex (2.8.2) - thor (0.20.0) + state_machines-activerecord (0.8.0) + activerecord (>= 5.1) + state_machines-activemodel (>= 0.8.0) + stringex (2.8.5) + terrapin (0.6.0) + climate_control (>= 0.0.3, < 1.0) + thor (1.2.1) thread_safe (0.3.6) - truncate_html (0.9.2) - twitter_cldr (3.6.0) + twitter_cldr (4.4.5) camertron-eprun cldr-plurals-runtime-rb (~> 1.0) tzinfo - tzinfo (1.2.4) + tzinfo (1.2.10) thread_safe (~> 0.1) - versioncake (2.3.1) + versioncake (3.4.0) actionpack (>= 3.2) activesupport (>= 3.2) railties (>= 3.2) tzinfo + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) PLATFORMS ruby DEPENDENCIES safemode (< 1.3.3) - spree_frontend (< 3.0.7) + spree_frontend (~> 3.6) BUNDLED WITH - 1.15.4 + 1.17.3