Merge pull request #5636 from circleci/snyk-fix-3cc5be386c8af04cea84f…

…9618b761c27 [CIRCLE-37398] Fix for CVE-2020-8165 (activesupport)
circleci · Aug 31, 2021 · ca6f307 · ca6f307
2 parents dfa9dc7 + ebe1a51
commit ca6f307
Show file tree

Hide file tree

Showing 3 changed files with 639 additions and 956 deletions.
diff --git a/src-api/Gemfile b/src-api/Gemfile
@@ -2,11 +2,12 @@ ruby '>=2.3.1'
 source 'https://rubygems.org'
 
 # Middleman
-gem 'middleman', '~>4.2.1'
+gem 'middleman', '~> 4.3.7'
 gem 'middleman-syntax', '~> 3.0.0'
-gem 'middleman-autoprefixer', '~> 2.7.0'
+gem 'middleman-autoprefixer', '~> 2.7.1'
 gem 'middleman-sprockets', '~> 4.1.0'
 gem 'rouge', '~> 2.0.5'
 gem 'redcarpet', '~> 3.4.0'
 gem 'nokogiri', '~> 1.10.8'
-gem "therubyracer"
+gem 'sprockets', '~> 3.7'
+gem "sass", "~> 3.7"
diff --git a/src-api/Gemfile.lock b/src-api/Gemfile.lock
@@ -1,62 +1,58 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.0.1)
+    activesupport (5.2.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.5.0)
-      public_suffix (~> 2.0, >= 2.0.2)
-    autoprefixer-rails (6.6.1)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    autoprefixer-rails (6.7.7.2)
       execjs
-    backports (3.6.8)
+    backports (3.21.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    compass-import-once (1.0.5)
-      sass (>= 3.2, < 3.5)
-    concurrent-ruby (1.0.5)
+    concurrent-ruby (1.1.9)
     contracts (0.13.0)
-    dotenv (2.2.0)
+    dotenv (2.7.6)
     erubis (2.7.0)
-    execjs (2.7.0)
-    fast_blank (1.0.0)
-    fastimage (2.0.1)
-      addressable (~> 2)
-    ffi (1.9.17)
-    haml (5.1.2)
+    execjs (2.8.1)
+    fast_blank (1.0.1)
+    fastimage (2.2.5)
+    ffi (1.15.3)
+    haml (5.2.2)
       temple (>= 0.8.0)
       tilt
     hamster (3.0.0)
       concurrent-ruby (~> 1.0)
-    hashie (3.5.1)
-    i18n (0.7.0)
-    kramdown (1.13.2)
-    libv8 (3.16.14.19)
+    hashie (3.6.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    kramdown (2.3.1)
+      rexml
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    memoist (0.15.0)
-    middleman (4.2.1)
+    memoist (0.16.2)
+    middleman (4.3.11)
       coffee-script (~> 2.2)
-      compass-import-once (= 1.0.5)
       haml (>= 4.0.5)
-      kramdown (~> 1.2)
-      middleman-cli (= 4.2.1)
-      middleman-core (= 4.2.1)
-      sass (>= 3.4.0, < 4.0)
+      kramdown (>= 2.3.0)
+      middleman-cli (= 4.3.11)
+      middleman-core (= 4.3.11)
     middleman-autoprefixer (2.7.1)
       autoprefixer-rails (>= 6.5.2, < 7.0.0)
       middleman-core (>= 3.3.3)
-    middleman-cli (4.2.1)
+    middleman-cli (4.3.11)
       thor (>= 0.17.0, < 2.0)
-    middleman-core (4.2.1)
-      activesupport (>= 4.2, < 5.1)
+    middleman-core (4.3.11)
+      activesupport (>= 4.2, < 6.0)
       addressable (~> 2.3)
       backports (~> 3.6)
-      bundler (~> 1.1)
+      bundler
       contracts (~> 0.13.0)
       dotenv
       erubis
@@ -65,70 +61,74 @@ GEM
       fastimage (~> 2.0)
       hamster (~> 3.0)
       hashie (~> 3.4)
-      i18n (~> 0.7.0)
+      i18n (~> 0.9.0)
       listen (~> 3.0.0)
       memoist (~> 0.14)
       padrino-helpers (~> 0.13.0)
       parallel
       rack (>= 1.4.5, < 3)
-      sass (>= 3.4)
+      sassc (~> 2.0)
       servolux
-      tilt (~> 2.0)
+      tilt (~> 2.0.9)
       uglifier (~> 3.0)
-    middleman-sprockets (4.1.0)
+    middleman-sprockets (4.1.1)
       middleman-core (~> 4.0)
       sprockets (>= 3.0)
     middleman-syntax (3.0.0)
       middleman-core (>= 3.2)
       rouge (~> 2.0)
     mini_portile2 (2.4.0)
-    minitest (5.10.1)
-    nokogiri (1.10.8)
+    minitest (5.14.4)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    padrino-helpers (0.13.3.3)
+    padrino-helpers (0.13.3.4)
       i18n (~> 0.6, >= 0.6.7)
-      padrino-support (= 0.13.3.3)
+      padrino-support (= 0.13.3.4)
       tilt (>= 1.4.1, < 3)
-    padrino-support (0.13.3.3)
+    padrino-support (0.13.3.4)
       activesupport (>= 3.1)
-    parallel (1.10.0)
-    public_suffix (2.0.5)
-    rack (2.0.8)
-    rb-fsevent (0.9.8)
-    rb-inotify (0.9.8)
-      ffi (>= 0.5.0)
+    parallel (1.20.1)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rb-fsevent (0.11.0)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
     redcarpet (3.4.0)
-    ref (2.0.0)
+    rexml (3.2.5)
     rouge (2.0.7)
-    sass (3.4.23)
-    servolux (0.12.0)
+    sass (3.7.4)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sassc (2.4.0)
+      ffi (~> 1.9)
+    servolux (0.13.0)
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     temple (0.8.2)
-    therubyracer (0.12.3)
-      libv8 (~> 3.16.14.15)
-      ref
-    thor (0.19.4)
-    thread_safe (0.3.5)
+    thor (1.1.0)
+    thread_safe (0.3.6)
     tilt (2.0.10)
-    tzinfo (1.2.2)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
-    uglifier (3.0.4)
+    uglifier (3.2.0)
       execjs (>= 0.3.0, < 3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  middleman (~> 4.2.1)
-  middleman-autoprefixer (~> 2.7.0)
+  middleman (~> 4.3.7)
+  middleman-autoprefixer (~> 2.7.1)
   middleman-sprockets (~> 4.1.0)
   middleman-syntax (~> 3.0.0)
   nokogiri (~> 1.10.8)
   redcarpet (~> 3.4.0)
   rouge (~> 2.0.5)
-  therubyracer
+  sass (~> 3.7)
+  sprockets (~> 3.7)
 
 RUBY VERSION
    ruby 2.3.3p222