From 62223e3daa16dc3cb012e1d6fb68244b95cf9f1a Mon Sep 17 00:00:00 2001 From: Sir Fix-a-Bot <48234343+SirFixaBot@users.noreply.github.com> Date: Thu, 9 May 2019 14:45:04 +0800 Subject: [PATCH] SourceClear: fixes for vulnerable libraries --- Gemfile | 10 +- Gemfile.lock | 311 ++++++++++++++++++++++++++------------------------- 2 files changed, 162 insertions(+), 159 deletions(-) diff --git a/Gemfile b/Gemfile index 50057d8..4095577 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '4.2.5' +gem 'rails', '~> 4.2.7.1' # Use sqlite3 as the database for Active Record gem 'sqlite3' # Use Uglifier as compressor for JavaScript assets @@ -40,11 +40,11 @@ end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] -gem 'administrate', '0.1.4' +gem 'administrate', '~> 0.1.5' gem 'sinatra', '1.1.4' gem 'festivaltts4r', '0.2.0' gem 'spree', '3.0.7' -gem 'authlogic', '1.4.3' -gem 'devise_invitable', '1.3.4' -gem 'rack-ssl', '1.0.0' +gem 'authlogic', '~> 3.4.5' +gem 'devise_invitable', '~> 1.3.5' +gem 'rack-ssl', '~> 1.3.4' diff --git a/Gemfile.lock b/Gemfile.lock index ece6bbf..d7b80e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,50 +1,51 @@ GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.5) - actionpack (= 4.2.5) - actionview (= 4.2.5) - activejob (= 4.2.5) + actionmailer (4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.5) - actionview (= 4.2.5) - activesupport (= 4.2.5) + actionpack (4.2.7.1) + actionview (= 4.2.7.1) + activesupport (= 4.2.7.1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5) - activesupport (= 4.2.5) + actionview (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.5) - activesupport (= 4.2.5) + activejob (4.2.7.1) + activesupport (= 4.2.7.1) globalid (>= 0.3.0) activemerchant (1.47.0) activesupport (>= 3.2.14, < 5.0.0) builder (>= 2.1.2, < 4.0.0) i18n (>= 0.6.9) nokogiri (~> 1.4) - activemodel (4.2.5) - activesupport (= 4.2.5) + activemodel (4.2.7.1) + activesupport (= 4.2.7.1) builder (~> 3.1) - activerecord (4.2.5) - activemodel (= 4.2.5) - activesupport (= 4.2.5) + activerecord (4.2.7.1) + activemodel (= 4.2.7.1) + activesupport (= 4.2.7.1) arel (~> 6.0) - activesupport (4.2.5) + activesupport (4.2.7.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - acts_as_list (0.7.4) + acts_as_list (0.9.19) activerecord (>= 3.0) - addressable (2.4.0) - administrate (0.1.4) + addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) + administrate (0.1.5) autoprefixer-rails (~> 6.0) datetime_picker_rails (~> 0.0.7) jquery-rails (~> 4.0) @@ -55,127 +56,118 @@ GEM rails (~> 4.2) sass-rails (~> 5.0) selectize-rails (~> 0.6) - allison (2.0.3) - arel (6.0.3) - authlogic (1.4.3) - activesupport - echoe - autoprefixer-rails (6.3.6.1) + arel (6.0.4) + authlogic (3.4.6) + activerecord (>= 3.2) + activesupport (>= 3.2) + request_store (~> 1.0) + scrypt (>= 1.2, < 3.0) + autoprefixer-rails (6.7.7.2) execjs awesome_nested_set (3.0.3) activerecord (>= 4.0.0, < 5) - bcrypt (3.1.11) - bootstrap-sass (3.3.6) + bcrypt (3.1.12) + bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) - bourbon (4.2.7) - sass (~> 3.4) - thor (~> 0.19) - builder (3.2.2) - byebug (9.0.4) - camertron-eprun (1.1.0) + builder (3.2.3) + byebug (11.0.1) + camertron-eprun (1.1.1) cancancan (1.10.1) canonical-rails (0.0.11) rails (>= 3.1, < 5.0) carmen (1.0.2) activesupport (>= 3.0.0) cldr-plurals-runtime-rb (1.0.1) - climate_control (0.0.3) - activesupport (>= 3.0) + climate_control (0.2.0) cocaine (0.5.8) climate_control (>= 0.0.3, < 1.0) - coffee-rails (4.1.1) - coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.1.x) - coffee-script (2.4.1) - coffee-script-source - execjs - coffee-script-source (1.10.0) - colorize (0.7.7) - concurrent-ruby (1.0.2) - css_parser (1.4.1) + colorize (0.8.1) + concurrent-ruby (1.1.5) + crass (1.0.4) + css_parser (1.7.0) addressable datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) - debug_inspector (0.0.2) + debug_inspector (0.0.3) deface (1.0.2) colorize (>= 0.5.8) nokogiri (~> 1.6.0) polyglot rails (>= 3.1) - devise (4.1.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) - devise_invitable (1.3.4) + devise_invitable (1.3.6) actionmailer (>= 3.2.6, < 5) devise (>= 3.2.0) - echoe (4.6.6) - allison (>= 2.0.3) - rake (>= 0.9.2) - rdoc (>= 2.5.11) - rubyforge (>= 2.0.4) erubis (2.7.0) execjs (2.7.0) festivaltts4r (0.2.0) hoe (>= 1.3.0) ffaker (1.32.1) - font-awesome-rails (4.6.3.0) - railties (>= 3.2, < 5.1) + ffi (1.10.0) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake + font-awesome-rails (4.7.0.5) + railties (>= 3.2, < 6.1) friendly_id (5.1.0) activerecord (>= 4.0.0) - globalid (0.3.6) - activesupport (>= 4.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) highline (1.6.21) - hoe (3.15.0) - rake (>= 0.8, < 12.0) + hoe (3.17.2) + rake (>= 0.8, < 13.0) htmlentities (4.3.4) - httparty (0.13.7) - json (~> 1.8) + httparty (0.17.0) + mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (0.7.0) - jbuilder (2.4.1) - activesupport (>= 3.0.0, < 5.1) - multi_json (~> 1.2) - jquery-rails (4.1.1) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + jbuilder (2.8.0) + activesupport (>= 4.2.0) + multi_json (>= 1.2) + jquery-rails (4.3.3) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) jquery-ui-rails (5.0.5) railties (>= 3.2.16) - json (1.8.3) - json_pure (1.8.3) - kaminari (0.16.3) + json (1.8.6) + kaminari (0.17.0) actionpack (>= 3.0.0) activesupport (>= 3.0.0) lingq (0.3.1) bundler httparty - loofah (2.0.3) + loofah (2.2.3) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - mime-types (3.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.0.0) - minitest (5.9.0) - momentjs-rails (2.11.1) + mime-types-data (3.2019.0331) + mini_mime (1.0.1) + mini_portile2 (2.1.0) + minitest (5.11.3) + momentjs-rails (2.20.1) railties (>= 3.1) - monetize (1.4.0) - money (~> 6.7) - money (6.7.1) - i18n (>= 0.6.4, <= 0.7.0) - sixarm_ruby_unaccent (>= 1.1.1, < 2) - multi_json (1.12.1) - multi_xml (0.5.5) - neat (1.7.4) - bourbon (>= 4.0) + monetize (1.9.1) + money (~> 6.12) + money (6.13.3) + i18n (>= 0.6.4, <= 2) + multi_json (1.13.1) + multi_xml (0.6.0) + neat (1.9.1) sass (>= 3.3) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + thor (~> 0.19) + nokogiri (1.6.8.1) + mini_portile2 (~> 2.1.0) normalize-rails (3.0.3) orm_adapter (0.5.0) paperclip (4.2.4) @@ -185,74 +177,84 @@ GEM mime-types paranoia (2.1.5) activerecord (~> 4.0) - polyamorous (1.3.0) + polyamorous (1.3.3) activerecord (>= 3.0) polyglot (0.3.5) - premailer (1.8.6) - css_parser (>= 1.3.6) + premailer (1.11.1) + addressable + css_parser (>= 1.6.0) htmlentities (>= 4.0.0) - premailer-rails (1.9.2) + premailer-rails (1.10.2) actionmailer (>= 3, < 6) premailer (~> 1.7, >= 1.7.9) - puma (3.4.0) + public_suffix (3.0.3) + puma (3.12.1) rabl (0.11.8) activesupport (>= 2.3.14) - rack (1.6.4) - rack-ssl (1.0.0) + rack (1.6.11) + rack-ssl (1.3.4) rack rack-test (0.6.3) rack (>= 1.0) - rails (4.2.5) - actionmailer (= 4.2.5) - actionpack (= 4.2.5) - actionview (= 4.2.5) - activejob (= 4.2.5) - activemodel (= 4.2.5) - activerecord (= 4.2.5) - activesupport (= 4.2.5) + rails (4.2.7.1) + actionmailer (= 4.2.7.1) + actionpack (= 4.2.7.1) + actionview (= 4.2.7.1) + activejob (= 4.2.7.1) + activemodel (= 4.2.7.1) + activerecord (= 4.2.7.1) + activesupport (= 4.2.7.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.5) + railties (= 4.2.7.1) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (4.2.5) - actionpack (= 4.2.5) - activesupport (= 4.2.5) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (4.2.7.1) + actionpack (= 4.2.7.1) + activesupport (= 4.2.7.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.1.2) + rake (12.3.2) ransack (1.4.1) actionpack (>= 3.0) activerecord (>= 3.0) activesupport (>= 3.0) i18n polyamorous (~> 1.1) - rdoc (4.2.2) - json (~> 1.4) - responders (2.2.0) - railties (>= 4.2.0, < 5.1) - rubyforge (2.0.4) - json_pure (>= 1.1.7) - sass (3.4.22) - sass-rails (5.0.4) - railties (>= 4.0.0, < 5.0) + rb-fsevent (0.10.3) + rb-inotify (0.10.0) + ffi (~> 1.0) + request_store (1.4.1) + rack (>= 1.4) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) + railties (>= 4.0.0, < 6) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) + scrypt (2.1.1) + ffi-compiler (>= 0.0.2) + rake select2-rails (3.5.9.1) thor (~> 0.14) - selectize-rails (0.12.1) + selectize-rails (0.12.6) sinatra (1.1.4) rack (~> 1.1) tilt (>= 1.2.2, < 2.0) - sixarm_ruby_unaccent (1.1.1) spree (3.0.7) spree_api (= 3.0.7) spree_backend (= 3.0.7) @@ -306,46 +308,47 @@ GEM spree_core (= 3.0.7) spree_sample (3.0.7) spree_core (= 3.0.7) - spring (1.7.1) - sprockets (3.6.0) + spring (2.0.2) + activesupport (>= 4.2) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.11) - state_machines (0.4.0) - state_machines-activemodel (0.4.0) - activemodel (>= 4.1, < 5.1) - state_machines (>= 0.4.0) - state_machines-activerecord (0.4.0) - activerecord (>= 4.1, < 5.1) - state_machines-activemodel (>= 0.3.0) - stringex (2.6.0) - thor (0.19.1) - thread_safe (0.3.5) + sqlite3 (1.4.1) + state_machines (0.5.0) + state_machines-activemodel (0.6.0) + activemodel (>= 4.1, < 6.0) + state_machines (>= 0.5.0) + state_machines-activerecord (0.6.0) + activerecord (>= 4.1) + state_machines-activemodel (>= 0.5.0) + stringex (2.8.5) + thor (0.20.3) + thread_safe (0.3.6) tilt (1.4.1) truncate_html (0.9.2) - turbolinks (2.5.3) - coffee-rails - twitter_cldr (3.3.0) + turbolinks (5.2.0) + turbolinks-source (~> 5.2) + turbolinks-source (5.2.0) + twitter_cldr (3.6.0) camertron-eprun - cldr-plurals-runtime-rb (~> 1.0.0) - json + cldr-plurals-runtime-rb (~> 1.0) tzinfo - tzinfo (1.2.2) + tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (3.0.0) + uglifier (4.1.20) execjs (>= 0.3.0, < 3) versioncake (2.3.1) actionpack (>= 3.2) activesupport (>= 3.2) railties (>= 3.2) tzinfo - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) - web-console (3.1.1) + web-console (3.3.0) activemodel (>= 4.2) debug_inspector railties (>= 4.2) @@ -354,17 +357,17 @@ PLATFORMS ruby DEPENDENCIES - administrate (= 0.1.4) - authlogic (= 1.4.3) + administrate (~> 0.1.5) + authlogic (~> 3.4.5) byebug - devise_invitable (= 1.3.4) + devise_invitable (~> 1.3.5) festivaltts4r (= 0.2.0) jbuilder (~> 2.0) jquery-rails lingq puma - rack-ssl (= 1.0.0) - rails (= 4.2.5) + rack-ssl (~> 1.3.4) + rails (~> 4.2.7.1) sinatra (= 1.1.4) spree (= 3.0.7) spring @@ -375,4 +378,4 @@ DEPENDENCIES web-console BUNDLED WITH - 1.13.1 + 1.17.3