From 7d7124c9b30f7f811e96d68b3313faf0202757cc Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 15 Nov 2023 06:20:09 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555 --- Gemfile | 4 +- Gemfile.lock | 131 ++++++++++++++++++++++++++++----------------------- 2 files changed, 74 insertions(+), 61 deletions(-) diff --git a/Gemfile b/Gemfile index c8b0a3fb5b9..ec9a8146e47 100644 --- a/Gemfile +++ b/Gemfile @@ -1,8 +1,8 @@ source 'https://rubygems.org' -gem 'github-pages', '183' +gem 'github-pages', '184' gem 'wdm' if Gem.win_platform? -gem 'html-proofer' +gem 'html-proofer', '>= 3.10.0' gem 'launchy' gem 'devdocs', :git => 'https://github.com/magento-devdocs/devdocs-theme.git', :branch => 'devdocs-stable' diff --git a/Gemfile.lock b/Gemfile.lock index 59bdd7d3ab9..b9dd9bfd586 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,33 +14,37 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.8.5) + public_suffix (>= 2.0.2, < 6.0) + base64 (0.2.0) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.11.1) colorator (1.1.0) - colorize (0.8.1) - commonmarker (0.17.9) + commonmarker (0.17.13) ruby-enum (~> 0.5) - concurrent-ruby (1.0.5) - dnsruby (1.60.2) - em-websocket (0.5.1) + concurrent-ruby (1.2.2) + dnsruby (1.70.0) + simpleidn (~> 0.2.1) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) - ethon (0.11.0) - ffi (>= 1.3.0) - eventmachine (1.2.6) - execjs (2.7.0) - faraday (0.15.0) - multipart-post (>= 1.2, < 3) - ffi (1.9.23) + http_parser.rb (~> 0) + ethon (0.16.0) + ffi (>= 1.15.0) + eventmachine (1.2.7) + execjs (2.9.1) + faraday (2.7.11) + base64 + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.2) + ffi (1.16.3) forwardable-extended (2.6.0) - gemoji (3.0.0) - github-pages (183) + gemoji (3.0.1) + github-pages (184) activesupport (= 4.2.9) - github-pages-health-check (= 1.7.3) + github-pages-health-check (= 1.8.1) jekyll (= 3.7.3) jekyll-avatar (= 0.5.0) jekyll-coffeescript (= 1.1.1) @@ -55,7 +59,7 @@ GEM jekyll-readme-index (= 0.2.0) jekyll-redirect-from (= 0.13.0) jekyll-relative-links (= 0.5.3) - jekyll-remote-theme (= 0.2.3) + jekyll-remote-theme (= 0.3.0) jekyll-sass-converter (= 1.5.2) jekyll-seo-tag (= 2.4.0) jekyll-sitemap (= 1.2.0) @@ -83,25 +87,25 @@ GEM nokogiri (>= 1.8.1, < 2.0) rouge (= 2.2.1) terminal-table (~> 1.4) - github-pages-health-check (1.7.3) + github-pages-health-check (1.8.1) addressable (~> 2.3) dnsruby (~> 1.60) octokit (~> 4.0) public_suffix (~> 2.0) typhoeus (~> 1.3) - html-pipeline (2.8.0) + html-pipeline (2.14.3) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.8.0) - activesupport (>= 4.2, < 6.0) + html-proofer (4.4.3) addressable (~> 2.3) - colorize (~> 0.8) - mercenary (~> 0.3.2) - nokogiri (~> 1.8.1) - parallel (~> 1.3) + mercenary (~> 0.3) + nokogiri (~> 1.13) + parallel (~> 1.10) + rainbow (~> 3.0) typhoeus (~> 1.3) yell (~> 2.0) - http_parser.rb (0.6.0) + zeitwerk (~> 2.5) + http_parser.rb (0.8.0) i18n (0.9.5) concurrent-ruby (~> 1.0) jekyll (3.7.3) @@ -122,9 +126,9 @@ GEM jekyll-coffeescript (1.1.1) coffee-script (~> 2.2) coffee-script-source (~> 1.11.1) - jekyll-commonmark (1.2.0) + jekyll-commonmark (1.3.1) commonmarker (~> 0.14) - jekyll (>= 3.0, < 4.0) + jekyll (>= 3.7, < 5.0) jekyll-commonmark-ghpages (0.1.5) commonmarker (~> 0.17.6) jekyll-commonmark (~> 1) @@ -151,10 +155,9 @@ GEM jekyll (~> 3.3) jekyll-relative-links (0.5.3) jekyll (~> 3.3) - jekyll-remote-theme (0.2.3) + jekyll-remote-theme (0.3.0) jekyll (~> 3.5) rubyzip (>= 1.2.1, < 3.0) - typhoeus (>= 0.7, < 2.0) jekyll-sass-converter (1.5.2) sass (~> 3.4) jekyll-seo-tag (2.4.0) @@ -204,7 +207,7 @@ GEM jekyll-seo-tag (~> 2.0) jekyll-titles-from-headings (0.5.1) jekyll (~> 3.3) - jekyll-watch (2.0.0) + jekyll-watch (2.2.1) listen (~> 3.0) jemoji (0.9.0) activesupport (~> 4.0, >= 4.2.9) @@ -220,56 +223,66 @@ GEM rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) mercenary (0.3.6) - mini_portile2 (2.3.0) + mini_portile2 (2.8.5) minima (2.4.1) jekyll (~> 3.5) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.11.3) - multipart-post (2.0.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - octokit (4.8.0) - sawyer (~> 0.8.0, >= 0.5.3) - parallel (1.12.1) - pathutil (0.16.1) + minitest (5.20.0) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + octokit (4.25.1) + faraday (>= 1, < 3) + sawyer (~> 0.9) + parallel (1.23.0) + pathutil (0.16.2) forwardable-extended (~> 2.6) public_suffix (2.0.5) - rb-fsevent (0.10.3) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) + racc (1.7.3) + rainbow (3.1.1) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) rouge (2.2.1) - ruby-enum (0.7.2) + ruby-enum (0.9.0) i18n + ruby2_keywords (0.0.5) ruby_dep (1.5.0) - rubyzip (1.2.1) - safe_yaml (1.0.4) - sass (3.5.6) + rubyzip (2.3.2) + safe_yaml (1.0.5) + sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - sawyer (0.8.1) - addressable (>= 2.3.5, < 2.6) - faraday (~> 0.8, < 1.0) + sawyer (0.9.2) + addressable (>= 2.3.5) + faraday (>= 0.17.3, < 3) + simpleidn (0.2.1) + unf (~> 0.1.4) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) thread_safe (0.3.6) - typhoeus (1.3.0) + typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.5) + tzinfo (1.2.11) thread_safe (~> 0.1) - unicode-display_width (1.3.2) - yell (2.0.7) + unf (0.1.4) + unf_ext + unf_ext (0.0.9) + unicode-display_width (1.8.0) + yell (2.2.2) + zeitwerk (2.6.12) PLATFORMS ruby DEPENDENCIES devdocs! - github-pages (= 183) - html-proofer + github-pages (= 184) + html-proofer (>= 3.10.0) launchy BUNDLED WITH - 1.16.1 + 1.17.3