Merge pull request #41 from bloom-solutions/fix-vulnerability

Fix: Security vulnerability
bloom-solutions · Nov 8, 2018 · a8141e1 · a8141e1
2 parents 2ed4ed0 + abe0243
commit a8141e1
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ Versioning](http://semver.org/spec/v2.0.0.html).
 ### Changed
 - `BloomTradeClient::ExchangeRates::Sync` now returns `expires_at` field
 - `BloomTradeClient::ExchangeRates::Convert` now returns `BloomTradeClient::ConversionResult` object
+- Upgrade `loofah` gem to 2.2.3
 
 ## [0.15.0] - 2018-09-15
 ### Changed

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -13,6 +13,7 @@ PATH
       addressable (~> 2.5)
       api_client_base (~> 1.0)
       light-service (= 0.11.0)
+      loofah (>= 2.2.3)
       message_bus_client_worker (>= 0.2.0)
       rails (~> 5.2)
       typhoeus (~> 1.3)
@@ -102,7 +103,7 @@ GEM
     globalid (0.4.1)
       activesupport (>= 4.2.0)
     hashdiff (0.3.7)
-    http (3.3.0)
+    http (4.0.0)
       addressable (~> 2.3)
       http-cookie (~> 1.0)
       http-form_data (~> 2.0)
@@ -116,35 +117,35 @@ GEM
     ice_nine (0.11.2)
     light-service (0.11.0)
       activesupport (>= 3.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.0)
+    mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
-    message_bus_client_worker (0.2.1)
+    message_bus_client_worker (0.3.1)
       activesupport
       addressable
       gem_config
       http
       light-service
-      sidekiq
+      sidekiq (>= 5.1)
       sidekiq-unique-jobs (>= 6.0.0)
     method_source (0.9.0)
     mimemagic (0.3.2)
     mini_mime (1.0.1)
     mini_portile2 (2.3.0)
     minitest (5.11.3)
     nio4r (2.3.1)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     public_suffix (3.0.2)
     rack (2.0.5)
-    rack-protection (2.0.3)
+    rack-protection (2.0.4)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -173,7 +174,7 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rake (12.3.1)
-    redis (4.0.2)
+    redis (4.0.3)
     rspec-core (3.8.0)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.1)
@@ -192,7 +193,7 @@ GEM
       rspec-support (~> 3.8.0)
     rspec-support (3.8.0)
     safe_yaml (1.0.4)
-    sidekiq (5.2.1)
+    sidekiq (5.2.3)
       connection_pool (~> 2.2, >= 2.2.2)
       rack-protection (>= 1.5.0)
       redis (>= 3.3.5, < 5)
@@ -210,7 +211,7 @@ GEM
     sqlite3 (1.3.13)
     thor (0.20.0)
     thread_safe (0.3.6)
-    typhoeus (1.3.0)
+    typhoeus (1.3.1)
       ethon (>= 0.9.0)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)

diff --git a/bloom_trade_client.gemspec b/bloom_trade_client.gemspec
@@ -29,6 +29,7 @@ Gem::Specification.new do |s|
   s.add_dependency "api_client_base", "~> 1.0"
   s.add_dependency "typhoeus", "~> 1.3"
   s.add_dependency "light-service", "0.11.0"
+  s.add_dependency "loofah", ">= 2.2.3"
   s.add_dependency "message_bus_client_worker", ">= 0.2.0"
   s.add_dependency "rails", "~> 5.2"
   s.add_dependency "virtus", "~> 1.0"