From 0e17b44bec519e0ed37084ff72838a8aa51f7655 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 15 Jun 2018 23:22:13 +0000 Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REDCARPET-20212 - https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-22002 --- Gemfile | 2 +- Gemfile.lock | 103 ++++++++++++++++++++++++++------------------------- 2 files changed, 53 insertions(+), 52 deletions(-) diff --git a/Gemfile b/Gemfile index 6bb8db6..84dd52c 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ source 'https://rubygems.org' gem 'rake' -gem 'jekyll' +gem 'jekyll', '>= 3.0.0' gem 'mini_magick' diff --git a/Gemfile.lock b/Gemfile.lock index 96080fc..b8dd25c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,68 +1,69 @@ GEM remote: https://rubygems.org/ specs: - blankslate (2.1.2.4) - celluloid (0.15.2) - timers (~> 1.1.0) - classifier (1.3.4) - fast-stemmer (>= 1.0.0) - coffee-script (2.2.0) - coffee-script-source - execjs - coffee-script-source (1.7.0) - colorator (0.1) - execjs (2.0.2) - fast-stemmer (1.0.2) - ffi (1.9.3) - jekyll (2.0.3) - classifier (~> 1.3) - colorator (~> 0.1) - jekyll-coffeescript (~> 1.0) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + colorator (1.1.0) + concurrent-ruby (1.0.5) + em-websocket (0.5.1) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0.6.0) + eventmachine (1.2.7) + ffi (1.9.25) + forwardable-extended (2.6.0) + http_parser.rb (0.6.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + jekyll (3.8.3) + addressable (~> 2.4) + colorator (~> 1.0) + em-websocket (~> 0.5) + i18n (~> 0.7) jekyll-sass-converter (~> 1.0) - kramdown (~> 1.3) - liquid (~> 2.5.5) - listen (~> 2.5) + jekyll-watch (~> 2.0) + kramdown (~> 1.14) + liquid (~> 4.0) mercenary (~> 0.3.3) - pygments.rb (~> 0.5.0) - redcarpet (~> 3.1) + pathutil (~> 0.9) + rouge (>= 1.7, < 4) safe_yaml (~> 1.0) - toml (~> 0.1.0) - jekyll-coffeescript (1.0.0) - coffee-script (~> 2.2) - jekyll-sass-converter (1.0.0) - sass (~> 3.2) - kramdown (1.4.0) - liquid (2.5.5) - listen (2.7.5) - celluloid (>= 0.15.2) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - mercenary (0.3.3) + jekyll-sass-converter (1.5.2) + sass (~> 3.4) + jekyll-watch (2.0.0) + listen (~> 3.0) + kramdown (1.17.0) + liquid (4.0.0) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) + mercenary (0.3.6) mini_magick (3.7.0) subexec (~> 0.2.1) - parslet (1.5.0) - blankslate (~> 2.0) - posix-spawn (0.3.8) - pygments.rb (0.5.4) - posix-spawn (~> 0.3.6) - yajl-ruby (~> 1.1.0) + pathutil (0.16.1) + forwardable-extended (~> 2.6) + public_suffix (3.0.2) rake (10.3.2) - rb-fsevent (0.9.4) - rb-inotify (0.9.4) - ffi (>= 0.5.0) - redcarpet (3.1.2) - safe_yaml (1.0.3) - sass (3.3.7) + rb-fsevent (0.10.3) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) + rouge (3.1.1) + ruby_dep (1.5.0) + safe_yaml (1.0.4) + sass (3.5.6) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) subexec (0.2.3) - timers (1.1.0) - toml (0.1.1) - parslet (~> 1.5.0) - yajl-ruby (1.1.0) PLATFORMS ruby DEPENDENCIES - jekyll + jekyll (>= 3.0.0) mini_magick rake + +BUNDLED WITH + 1.16.1